Free CySA+ Practice Exam - CyberSecurity

Have a go at our free CompTIA CySA+ cybersecurity practice test. It’s for the new 003 version of the exam.

Don’t worry if you don’t do too well. Practice makes perfect.

1. Which standard framework is used to communicate threat data using a standardized lexicon, consisting of key domain and relationship objects, aiming for flexibility, extensibility, and both human- and machine-readable data?

Structured Threat Intelligence Exchange (STIE)

Standard Threat Event Protocol (STEP)

Structured Threat Information Expression (STIX)

Secure Threat Communication Protocol (STCP)

Question 1 of 50

2. During which phase of the Cyber Kill Chain does the attacker focus on gaining an understanding of the target network's topology and key individuals with specific data access?

Exploitation

Reconnaissance

Delivery

Command and Control (C2)

Question 2 of 50

3. What cybersecurity framework, designed by Mandiant (now part of FireEye), aims to facilitate the sharing and automated analysis of an attacker's Tactics, Techniques, and Procedures (TTPs) and other indicators of compromise through a machine-readable format?

STIX

OpenIOC

TAXII

Encryption

Question 3 of 50

4. A security analyst is investigating a software vulnerability or exploit that is previously unknown to the vendor, for which no patch or advisory has been issued, and is often used by attackers to compromise systems. What type of vulnerability is the analyst observing?

Legacy vulnerability

Day One vulnerability

Inherent vulnerability

Zero day vulnerability

Question 4 of 50

5. What is the primary purpose of the 'Feedback' phase within the intelligence cycle, which is used by government and business intelligence teams?

To evaluate the effectiveness of data collection methods

To refine requirements and improve the overall intelligence process

To distribute actionable intelligence to decision-makers

To execute technical collection methods and gather raw data

Question 5 of 50

6. A cybersecurity expert is concerned about the potential threats posed by incoming files and links. To bolster the organization's defense, the expert is considering implementing a service that consolidates outcomes from various antivirus scanners and URL/domain blacklisting services. What is the name of the service that aligns with this description?

Google Safe Browsing

Cisco Talos

VirusTotal

Reputation Center

Question 6 of 50

7. What term describes the phenomenon in which malware is created, developed, and sold to customers based on their specific requirements, often including customer support, updates, and cloud-based delivery?

Malware-as-a-Service

Malware-as-a-Product

Malware-for-Hire

Software-as-a-Service

Question 7 of 50

8. What formal mechanism is designed to enhance the sharing of threat information and best practices among organizations by providing a standardized platform for industry-specific communities to exchange information about their common infrastructure?

Cybersecurity Forums

Information Security Organizations

Information Sharing and Analysis Centers (ISACs)

Industry Threat Networks

Question 8 of 50

9. Cybersecurity experts are working on classifying indicators of compromise (IOCs) based on the level of difficulty it would take for attackers to alter their methods and strategies. This categorization model aims to provide insights into the effort required by attackers to adapt their tactics. What is the name of this model that is used for such classification purposes?

Pyramid of Pain

Pyramid of Protection

Defense in Depth Model

Threat Intelligence Framework

Question 9 of 50

10. A detection analyst in a Security Operations Center (SOC) receives an alert about a suspicious activity. The analyst has access to limited information, including a headline of the activity and a few supporting artifacts. To enable the analyst to quickly assess and respond to the alert, which of the following practices is recommended?

Immediately perform manual steps to assimilate and correlate all available data related to the alert

Rely solely on the provided artifacts and headline to make a decision about the alert

Leverage automated threat intelligence to enrich the alert with relevant external context

Escalate the alert to higher-level management for decision-making

Question 10 of 50

11. An alert identifies users logging in from foreign countries who don't usually travel. What kind of analysis is Olivia employing?

Behavior

Trend

Heuristic

Availability

Question 11 of 50

12. Nathan realizes a user has executed a command on a Windows console. What has transpired?
psexec \10.0.11.1 -u Administrator -p examplepw cmd.exe

The user opened a command prompt as administrator on their workstation.

The user opened an interactive command prompt as administrator on a remote workstation.

The user opened a command prompt on the desktop of a remote workstation.

The user opened a command prompt on their workstation.

Question 12 of 50

13. Angelina's malware analysis tool uses a disassembler and binary differentiation. What is the goal of this tool?

Binary fingerprinting to identify the malware author

Calculating minimum viable signature length

Heuristic code analysis of development techniques

Building a similarity graph of similar functions across binaries

Question 13 of 50

14. To understand standard behavior metrics like CPU, memory, and disk utilization on a Windows machine, which built-in tool can Amir employ?

sysgraph

resmon

resgraph

sysmon

Question 14 of 50

15. By executing the command: ps -aux | grep apache2 | grep root, what is Emily attempting?

Checking running processes with both apache2 and root in the ps output.

Searching for all files owned by root named apache2.

There isn't enough data to answer.

Shutting down all apache2 processes run by root.

Question 15 of 50

16. While preparing for her CySA+ exam, Taylor is learning about vulnerability scanning. Which principle should she be wary of to prevent causing disruptions within her organization?

Avoid performing scans discreetly without informing the IT team.

Only perform non-intrusive scans on live systems to prevent service disruption.

Scan outside of crucial business times to prevent interruptions.

Limit scan bandwidth to prevent overloading active network links.

Question 16 of 50

17. Upon evaluating a vulnerability report, Gwen finds a critical flaw in an internal system. However, after discussing with superiors, they decide not to take action. What risk management approach are they adopting?

Risk transference.

Risk acceptance.

Risk mitigation.

Risk avoidance.

Question 17 of 50

18. After a vulnerability scan, Sophia found an issue in an internal web application that could lead to cross-site scripting attacks. When discussing the findings with the application team lead, she was informed that this vulnerability is already known and the team has decided the risk is manageable without remediation. What action should Sophia take next?

Demand that the vulnerability be remediated immediately.

Label the vulnerability as a false positive.

Plan to remediate the vulnerability in six months.

Record the vulnerability as an exception.

Question 18 of 50

19. Amanda has conducted a vulnerability scan on a VPN server used by contractors and employees. An external review of the server identified an SSL certificate vulnerability related to weak hashing algorithms. Which hash algorithm listed would likely not cause this vulnerability?

MD5

SHA-256

SHA-1

MD4

Question 19 of 50

20. During a forensic inquiry, Jamal meticulously notes details about each storage device, such as its acquisition place, who took the forensic duplicate, its MD5 hash, and more. What is this procedure termed as?

Chain of custody

Direct evidence

Circumstantial evidence

Incident logging

Question 20 of 50

21. NIST describes unauthorized access as a security incident.
Tom wants to find digital proof that can pinpoint a person's location at certain moments. Which digital forensic data type is typically not used to verify specific locations at specific times?

Microsoft Office document metadata

Cell phone GPS logs

Cell phone tower logs

Photograph metadata

Question 21 of 50

22. Being the CISO, Eva is creating an incident classification method and wishes to ground her model on NIST's terms. Among the options below, which best describes an unauthorized file access by a user?

A security incident

An adverse event

An event

An incident

Question 22 of 50

23. In improving her organization's security stance, Emma seeks to mitigate potential threats using awareness. Which threat benefits most from awareness training?

Inadequate usage protocols.

Denial of service attacks.

Deceptive identity tactics.

Web-based attacks.

Question 23 of 50

24. In forming his insider threat strategy, Adam seeks assistance on disciplinary measures. Which department is best suited for this task?

Legal team.

HR department.

Executive board.

IT security team.

Question 24 of 50

25. What part of an incident report offers a concise overview of the incident, the taken actions, and its current status?

A documentation of evidence.

A brief executive rundown.

A chronological breakdown.

A statement of scope.

Question 25 of 50

26. In his network's authentication logs, Ethan identifies multiple logins for a consistent userID but with different passwords. What kind of attack is this indicative of?

A password spraying attack

A session hijacking attack

An on-path (man-in-the-middle) attack

A credential stuffing attack

Question 26 of 50

27. Owing to the use of outdated software that's unsupported by the vendor, your firm has experienced multiple vulnerabilities. If the software is indispensable for another six months, what's the best action plan?

Changing business requirements

Awareness, training, and education

Patch management

Compensating controls

Question 27 of 50

28. Benjamin is drafting a management report on the outcomes of a recent vulnerability scan. To rank the results, which tool would be the most exhaustive in gauging the risk each vulnerability poses?

Likelihood rating

Impact rating

CVSS score

Confidentiality rating

Question 28 of 50

29. With a sharp rise in successful phishing attacks at Amanda's firm leading to account breaches, which technical control is optimal for her to introduce, considering ease and cost-effectiveness?

Biometric-based multifactor authentication

OAuth-based single sign-on

Increased password complexity requirements

Application or token-based multifactor authentication

Question 29 of 50

30. For a discreet Nmap scan of a distant network, which command would Dave use for the most unobtrusive method?

nmap -P0 -sT 10.0.10.0/24

nmap -sT -T0 10.0.10.0/24

nmap -P0 -sS 10.0.10.0/24

nmap -P0 -sS -T0 10.0.10.0/24

Question 30 of 50

31. As the company's ISO, Emily learns about a zero-day exploit affecting Windows domain services. She aims to reduce the risk without cutting off internet access. Which strategy is optimal?

Patching

Isolation

Segmentation

Firewalling

Question 31 of 50

32. Identify the unique system engineered for rapid, delay-free processing of real-time information.

RFID

RTOS

SoC

FPGA

Question 32 of 50

33. Data from the initial survey hinted at an accessible security apparatus known for factory-set passcodes in its earlier firmware versions. It was discerned that the system's firmware was untouched and attackers leveraged these default credentials. Which weak point was likely manipulated?

Error mismanagement

Reference to insecure objects

Employment of unsecured protocols

Reliance on factory presets

Question 33 of 50

34. Why is a hash value generated for a drive during forensic imaging?

To prove that the drive's contents remained unchanged

To confirm that no data was removed from the drive

To ensure that no new files were added to the drive

All of the above

Question 34 of 50

35. In her network incident analysis, Maria notes that a web application breach occurred due to a stolen cookie. What kind of attack does this suggest?

Privilege escalation

On-path (man-in-the-middle)

Cross-site scripting

Session hijacking

Question 35 of 50

36. Post-risk assessment, Tom decides on new firewall rules to filter traffic from dubious IP addresses. Which risk management action is this?

Risk transference

Risk acceptance

Risk mitigation

Risk avoidance

Question 36 of 50

37. While forensically examining a Windows system, Philip wishes to identify any auto-start programs. Which location holds this information?

Event logs

NTFS INDX files

The registry

Prefetch files

Question 37 of 50

38. After Nathan scans a new web application, the report suggests a potential issue. But the developers dispute it. What's the probable explanation?

The result is a false positive.

The code is deficient and requires correction

The vulnerability is in a different web application running on the same server.

Nathan misconfigured the scan.

Question 38 of 50

39. After an analysis for potential threats, Harish decides it's best to turn off a few services on company's database servers. What step is he taking?

Establishing a hypothesis

Gathering evidence

Reducing the attack surface

Executable process analysis

Question 39 of 50

40. What is the main purpose of fuzzing as a technique to discover flaws and vulnerabilities in software?

To send large amounts of malformed, unexpected, or random data to the target program in order to trigger failures.

To send large amounts of valid, expected, or normal data to the target program in order to trigger failures.

To send large amounts of encrypted, compressed, or obfuscated data to the target program in order to trigger failures.

To send large amounts of user input, network traffic, or system calls to the target program in order to trigger failures.

Question 40 of 50

41. Given the challenge of coordinating multiple manufacturers and carriers for patching, which mobile operating system typically has longer vulnerability windows?

iOS

Android

Windows Mobile

Blackberry

Question 41 of 50

42. Which of the following best describes a concern regarding drones in the realm of cybersecurity?

Drones are primarily used by hobbyists and pose no real threat.

Drones can be used for high-quality audio and video surveillance at a fraction of the cost of traditional methods.

The cost of drones has risen significantly, leading to decreased usage.

Drones are primarily a concern for the photography community.

Question 42 of 50

43. Which of the following SCADA vulnerabilities is specifically induced by its reliance on isolated and unattended facilities?

The relative obscurity of the communications protocols.

Vulnerabilities in its long-distance communications links.

Physical access to system components.

Malware infections from rogue devices.

Question 43 of 50

44. What form of attack leverages backward-compatibility features in an application or protocol to manipulate users into a vulnerable mode?

Hijacking

Downgrade tactic

Lateral movement

Side-line assault

Question 44 of 50

45. After realizing that log sources from her company's LA branch ceased reporting for a day, what type of alert should Olivia set up for earlier detection next time?

Availability

Anomaly

Behavior

Heuristic

Question 45 of 50

46. Spotting inbound traffic on TCP port 3389, what is Vanessa likely observing?

A RADIUS connection

An RDP connection

A Kerberos connection

A NetBIOS file share

Question 46 of 50

47. Ella is setting up a new system to scan a network containing numerous unmanaged hosts. Which technique would be the most effective to identify configuration issues in this scenario?

Passive network monitoring.

Server-based scanning.

Credentialed scanning.

Agent-based scanning.

Question 47 of 50

48. Upon analyzing the results of a vulnerability scan, Carlos noticed several servers in his network were prone to brute-force SSH attacks. To identify which external entities tried to establish SSH connections, he's going through the firewall logs. Which TCP port is generally associated with SSH traffic?

1521.

636.

1433.

22.

Question 48 of 50

49. While investigating a suspected misuse of company assets on an employee's computer, Mike finds a software named Eraser. What might Mike conclude during his analysis?

Antiforensic activities

All slack space cleared

Temporary files and Internet history wiped

A wiped C: drive

Question 49 of 50

50. In case of a breach impacting credit card data, Matthew must inform his payment processing provider. What kind of notification is this?

Reporting to regulators.

Engaging with law enforcement.

Communicating with customers.

None of the options.

Question 50 of 50

Check out our taught CySA+ course here.