Free CySA+ Practice Exam - CyberSecurity


Free CySA+ Practice Exam – CyberSecurity

Have a go at our free CompTIA CySA+ cybersecurity practice test. It’s for the new 003 version of the exam.

Don’t worry if you don’t do too well. Practice makes perfect.

1. Which standard framework is used to communicate threat data using a standardized lexicon, consisting of key domain and relationship objects, aiming for flexibility, extensibility, and both human- and machine-readable data?

Question 1 of 50

2. During which phase of the Cyber Kill Chain does the attacker focus on gaining an understanding of the target network's topology and key individuals with specific data access?

Question 2 of 50

3. What cybersecurity framework, designed by Mandiant (now part of FireEye), aims to facilitate the sharing and automated analysis of an attacker's Tactics, Techniques, and Procedures (TTPs) and other indicators of compromise through a machine-readable format?

Question 3 of 50

4. A security analyst is investigating a software vulnerability or exploit that is previously unknown to the vendor, for which no patch or advisory has been issued, and is often used by attackers to compromise systems. What type of vulnerability is the analyst observing?

Question 4 of 50

5. What is the primary purpose of the 'Feedback' phase within the intelligence cycle, which is used by government and business intelligence teams?

Question 5 of 50

6. A cybersecurity expert is concerned about the potential threats posed by incoming files and links. To bolster the organization's defense, the expert is considering implementing a service that consolidates outcomes from various antivirus scanners and URL/domain blacklisting services. What is the name of the service that aligns with this description?

Question 6 of 50

7. What term describes the phenomenon in which malware is created, developed, and sold to customers based on their specific requirements, often including customer support, updates, and cloud-based delivery?

Question 7 of 50

8. What formal mechanism is designed to enhance the sharing of threat information and best practices among organizations by providing a standardized platform for industry-specific communities to exchange information about their common infrastructure?

Question 8 of 50

9. Cybersecurity experts are working on classifying indicators of compromise (IOCs) based on the level of difficulty it would take for attackers to alter their methods and strategies. This categorization model aims to provide insights into the effort required by attackers to adapt their tactics. What is the name of this model that is used for such classification purposes?

Question 9 of 50

10. A detection analyst in a Security Operations Center (SOC) receives an alert about a suspicious activity. The analyst has access to limited information, including a headline of the activity and a few supporting artifacts. To enable the analyst to quickly assess and respond to the alert, which of the following practices is recommended?

Question 10 of 50

11. An alert identifies users logging in from foreign countries who don't usually travel. What kind of analysis is Olivia employing?

Question 11 of 50

12. Nathan realizes a user has executed a command on a Windows console. What has transpired?
psexec \ -u Administrator -p examplepw cmd.exe

Question 12 of 50

13. Angelina's malware analysis tool uses a disassembler and binary differentiation. What is the goal of this tool?

Question 13 of 50

14. To understand standard behavior metrics like CPU, memory, and disk utilization on a Windows machine, which built-in tool can Amir employ?

Question 14 of 50

15. By executing the command: ps -aux | grep apache2 | grep root, what is Emily attempting?

Question 15 of 50

16. While preparing for her CySA+ exam, Taylor is learning about vulnerability scanning. Which principle should she be wary of to prevent causing disruptions within her organization?

Question 16 of 50

17. Upon evaluating a vulnerability report, Gwen finds a critical flaw in an internal system. However, after discussing with superiors, they decide not to take action. What risk management approach are they adopting?

Question 17 of 50

18. After a vulnerability scan, Sophia found an issue in an internal web application that could lead to cross-site scripting attacks. When discussing the findings with the application team lead, she was informed that this vulnerability is already known and the team has decided the risk is manageable without remediation. What action should Sophia take next?

Question 18 of 50

19. Amanda has conducted a vulnerability scan on a VPN server used by contractors and employees. An external review of the server identified an SSL certificate vulnerability related to weak hashing algorithms. Which hash algorithm listed would likely not cause this vulnerability?

Question 19 of 50

20. During a forensic inquiry, Jamal meticulously notes details about each storage device, such as its acquisition place, who took the forensic duplicate, its MD5 hash, and more. What is this procedure termed as?

Question 20 of 50

21. NIST describes unauthorized access as a security incident.
Tom wants to find digital proof that can pinpoint a person's location at certain moments. Which digital forensic data type is typically not used to verify specific locations at specific times?

Question 21 of 50

22. Being the CISO, Eva is creating an incident classification method and wishes to ground her model on NIST's terms. Among the options below, which best describes an unauthorized file access by a user?

Question 22 of 50

23. In improving her organization's security stance, Emma seeks to mitigate potential threats using awareness. Which threat benefits most from awareness training?

Question 23 of 50

24. In forming his insider threat strategy, Adam seeks assistance on disciplinary measures. Which department is best suited for this task?

Question 24 of 50

25. What part of an incident report offers a concise overview of the incident, the taken actions, and its current status?

Question 25 of 50

26. In his network's authentication logs, Ethan identifies multiple logins for a consistent userID but with different passwords. What kind of attack is this indicative of?

Question 26 of 50

27. Owing to the use of outdated software that's unsupported by the vendor, your firm has experienced multiple vulnerabilities. If the software is indispensable for another six months, what's the best action plan?

Question 27 of 50

28. Benjamin is drafting a management report on the outcomes of a recent vulnerability scan. To rank the results, which tool would be the most exhaustive in gauging the risk each vulnerability poses?

Question 28 of 50

29. With a sharp rise in successful phishing attacks at Amanda's firm leading to account breaches, which technical control is optimal for her to introduce, considering ease and cost-effectiveness?

Question 29 of 50

30. For a discreet Nmap scan of a distant network, which command would Dave use for the most unobtrusive method?

Question 30 of 50

31. As the company's ISO, Emily learns about a zero-day exploit affecting Windows domain services. She aims to reduce the risk without cutting off internet access. Which strategy is optimal?

Question 31 of 50

32. Identify the unique system engineered for rapid, delay-free processing of real-time information.

Question 32 of 50

33. Data from the initial survey hinted at an accessible security apparatus known for factory-set passcodes in its earlier firmware versions. It was discerned that the system's firmware was untouched and attackers leveraged these default credentials. Which weak point was likely manipulated?

Question 33 of 50

34. Why is a hash value generated for a drive during forensic imaging?

Question 34 of 50

35. In her network incident analysis, Maria notes that a web application breach occurred due to a stolen cookie. What kind of attack does this suggest?

Question 35 of 50

36. Post-risk assessment, Tom decides on new firewall rules to filter traffic from dubious IP addresses. Which risk management action is this?

Question 36 of 50

37. While forensically examining a Windows system, Philip wishes to identify any auto-start programs. Which location holds this information?

Question 37 of 50

38. After Nathan scans a new web application, the report suggests a potential issue. But the developers dispute it. What's the probable explanation?

Question 38 of 50

39. After an analysis for potential threats, Harish decides it's best to turn off a few services on company's database servers. What step is he taking?

Question 39 of 50

40. What is the main purpose of fuzzing as a technique to discover flaws and vulnerabilities in software?

Question 40 of 50

41. Given the challenge of coordinating multiple manufacturers and carriers for patching, which mobile operating system typically has longer vulnerability windows?

Question 41 of 50

42. Which of the following best describes a concern regarding drones in the realm of cybersecurity?

Question 42 of 50

43. Which of the following SCADA vulnerabilities is specifically induced by its reliance on isolated and unattended facilities?

Question 43 of 50

44. What form of attack leverages backward-compatibility features in an application or protocol to manipulate users into a vulnerable mode?

Question 44 of 50

45. After realizing that log sources from her company's LA branch ceased reporting for a day, what type of alert should Olivia set up for earlier detection next time?

Question 45 of 50

46. Spotting inbound traffic on TCP port 3389, what is Vanessa likely observing?

Question 46 of 50

47. Ella is setting up a new system to scan a network containing numerous unmanaged hosts. Which technique would be the most effective to identify configuration issues in this scenario?

Question 47 of 50

48. Upon analyzing the results of a vulnerability scan, Carlos noticed several servers in his network were prone to brute-force SSH attacks. To identify which external entities tried to establish SSH connections, he's going through the firewall logs. Which TCP port is generally associated with SSH traffic?

Question 48 of 50

49. While investigating a suspected misuse of company assets on an employee's computer, Mike finds a software named Eraser. What might Mike conclude during his analysis?

Question 49 of 50

50. In case of a breach impacting credit card data, Matthew must inform his payment processing provider. What kind of notification is this?

Question 50 of 50


Check out our taught CySA+ course here.

Check out our CySA+ labs course here.

101 Labs Newsletter