WGU D483 CompTia SysA+ Study Questions and
answers Newest RATED A+ 2025/2026 WITH COMPLETE
SOLUTION NEW!!
An organization recently had an attack that resulted in system data loss. The system
administrator must now restore the system with a data backup. What functional security control
was the system administrator able to implement?
A.Preventative
B.Responsive
C.Corrective
D.Compensating
C.Corrective
The system administrator used a corrective control after the attack. A good example of a
corrective control is a backup system that can restore data that an attacker damages during an
intrusion.
Preventative controls act to eliminate or reduce the likelihood that an attack can succeed. A
preventative control operates before an attack can take place.
Responsive controls serve to direct corrective actions enacted after the organization confirms
the incident. They often document these actions in a playbook.
The compensating control is a substitute for a principal control, as recommended by a security
standard, and affords the same (or better) level of protection but uses a different methodology
or technology.
A security engineer installs a next-generation firewall on the perimeter of a network. This
installation is an example of what type of security control class?
A.Managerial
B.Operational
C.Detective
D.Technical
D.Technical
Firewalls, antivirus software, and operating system (OS) access control models are examples of
,technical controls. The engineer would implement technical control as a system (hardware,
software, or firmware).
The managerial control gives oversight of the information system. Examples could include risk
identification or a tool allowing the evaluation and selection of other security controls.
People primarily implement operational control rather than systems. For example, security
guards and training programs are operational controls rather than technical controls.
The detective control is a functional control that is not a security control class.
An engineer is considering appropriate risk responses using threat modeling. They are trying to
understand which threat actors are in scope for their organization. How does threat modeling
identify the principal risks and tactics, techniques, and procedures (TTPs) for which their system
may be susceptible? (Select the three best options.)
A.By evaluating the system from an attacker's point of view
B.By evaluating a system from a neutral perspective
C.Through using tools such as diagrams
D.By analyzing the system from the defender's perspective
ACD
Evaluating systems from a neutral perspective is not a method used in threat modeling.
A mission-critical system is ofline at an organization due to a zero-day attack. The associated
software vendor plans to release a patch to remediate the vulnerability. Which of the following
are important patch management considerations for this scenario? (Select the three best
options.)
A.A patch test environment
B.Immediate push delivery of critical security patches
C.A specific team responsible for reviewing vendor-supplied newsletters and security patch
bulletins
D.A routine schedule for the rollout of noncritical patches
ABC
D. While creating a routine schedule for the rollout of noncritical patches has merit, it does not
illustrate important patch management considerations in this example. A security analyst would
address noncritical patches at a later time.
,A security analyst is reviewing an announcement from the Cybersecurity and Infrastructure
Security Agency. Which source of defensive open-source intelligence (OSINT) does the agency
represent?
A.CERT
B.Internal sources
C.Government bulletins
D.CSIRT
C. Government bulletins
The government is responsible for protecting the country's constituents and the national
infrastructure and publishing various information and advice regarding observed threats. For
example, the Department of Homeland Security and the Cybersecurity and Infrastructure
Agency publishes several types of cybersecurity guidance, including basic informational content
and binding operational directives that federal agencies must implement.
A computer emergency response team (CERT) aims to mitigate cybercrime and minimize
damage by responding to incidents quickly.
It is important to consider that evidence regarding active threats, reconnaissance activities, and
suspicious behavior exists within the protected environment.
A computer security incident response team (CSIRT) is a group responsible for responding to
security incidents involving computer systems.
Hacktivist
such as Anonymous, WikiLeaks, or LulzSec, use cyber weapons to promote a political agenda.
Hacktivists might attempt to obtain and release confidential information to the public domain,
perform denial of service (DoS) attacks, or deface websites.
Nation-state
actors have participated in many attacks, particularly on energy and electoral systems. The goals
of nation-state actors are primarily espionage and strategic advantage.
A computer emergency response team (CERT) is quickly reacting to an attack on the network
infrastructure of a semiconductor manufacturer. What is true about a CERT? (Select the three
best options.)
A.CERTS mitigate cybercrime.
B.CERTS work with local law enforcement.
, C.CERTS provide knowledge of trending attacks.
D.CERTS publish a wide variety of information concerning threats.
ABC
D. The government is responsible for protecting the country's constituents and the national
infrastructure and publishing various information and advice regarding observed threats. For
example, the Department of Homeland Security and the Cybersecurity and Infrastructure
Agency publishes several types of cybersecurity guidance.
A systems administrator is searching for potential vulnerabilities in the network. Which threat-
hunting focus area should the administrator examine, as attackers often exploit it through
connected systems or physical access?
A.Isolated networks
B.Misconfigured systems
C.Business-critical assets
D.Lateral movements
Isolated networks, such as air-gapped networks or networks with limited connectivity to the
internet, are often thought to be more secure. However, attackers can still target these
networks by exploiting vulnerabilities in connected systems or through physical access.
CSIRT
computer security incident response team (CSIRT) is a group responsible for responding to
security incidents involving computer systems.
A system technician reviews system logs from various devices and notices discrepancies
between recorded events. The events between the systems are not synchronizing in the correct
order. Which configuration should the technician analyze and adjust to ensure proper and
accurate logging? (Select the two best options.)
A.NTP
B.GPS
C.PKI
D.SSL
A.NTP
B.GPS
Time drift or time discrepancies can cause the system to create logs with incorrect time stamps.
A time source can provide accuracy by using the Network Time Protocol (NTP) on the systems.
answers Newest RATED A+ 2025/2026 WITH COMPLETE
SOLUTION NEW!!
An organization recently had an attack that resulted in system data loss. The system
administrator must now restore the system with a data backup. What functional security control
was the system administrator able to implement?
A.Preventative
B.Responsive
C.Corrective
D.Compensating
C.Corrective
The system administrator used a corrective control after the attack. A good example of a
corrective control is a backup system that can restore data that an attacker damages during an
intrusion.
Preventative controls act to eliminate or reduce the likelihood that an attack can succeed. A
preventative control operates before an attack can take place.
Responsive controls serve to direct corrective actions enacted after the organization confirms
the incident. They often document these actions in a playbook.
The compensating control is a substitute for a principal control, as recommended by a security
standard, and affords the same (or better) level of protection but uses a different methodology
or technology.
A security engineer installs a next-generation firewall on the perimeter of a network. This
installation is an example of what type of security control class?
A.Managerial
B.Operational
C.Detective
D.Technical
D.Technical
Firewalls, antivirus software, and operating system (OS) access control models are examples of
,technical controls. The engineer would implement technical control as a system (hardware,
software, or firmware).
The managerial control gives oversight of the information system. Examples could include risk
identification or a tool allowing the evaluation and selection of other security controls.
People primarily implement operational control rather than systems. For example, security
guards and training programs are operational controls rather than technical controls.
The detective control is a functional control that is not a security control class.
An engineer is considering appropriate risk responses using threat modeling. They are trying to
understand which threat actors are in scope for their organization. How does threat modeling
identify the principal risks and tactics, techniques, and procedures (TTPs) for which their system
may be susceptible? (Select the three best options.)
A.By evaluating the system from an attacker's point of view
B.By evaluating a system from a neutral perspective
C.Through using tools such as diagrams
D.By analyzing the system from the defender's perspective
ACD
Evaluating systems from a neutral perspective is not a method used in threat modeling.
A mission-critical system is ofline at an organization due to a zero-day attack. The associated
software vendor plans to release a patch to remediate the vulnerability. Which of the following
are important patch management considerations for this scenario? (Select the three best
options.)
A.A patch test environment
B.Immediate push delivery of critical security patches
C.A specific team responsible for reviewing vendor-supplied newsletters and security patch
bulletins
D.A routine schedule for the rollout of noncritical patches
ABC
D. While creating a routine schedule for the rollout of noncritical patches has merit, it does not
illustrate important patch management considerations in this example. A security analyst would
address noncritical patches at a later time.
,A security analyst is reviewing an announcement from the Cybersecurity and Infrastructure
Security Agency. Which source of defensive open-source intelligence (OSINT) does the agency
represent?
A.CERT
B.Internal sources
C.Government bulletins
D.CSIRT
C. Government bulletins
The government is responsible for protecting the country's constituents and the national
infrastructure and publishing various information and advice regarding observed threats. For
example, the Department of Homeland Security and the Cybersecurity and Infrastructure
Agency publishes several types of cybersecurity guidance, including basic informational content
and binding operational directives that federal agencies must implement.
A computer emergency response team (CERT) aims to mitigate cybercrime and minimize
damage by responding to incidents quickly.
It is important to consider that evidence regarding active threats, reconnaissance activities, and
suspicious behavior exists within the protected environment.
A computer security incident response team (CSIRT) is a group responsible for responding to
security incidents involving computer systems.
Hacktivist
such as Anonymous, WikiLeaks, or LulzSec, use cyber weapons to promote a political agenda.
Hacktivists might attempt to obtain and release confidential information to the public domain,
perform denial of service (DoS) attacks, or deface websites.
Nation-state
actors have participated in many attacks, particularly on energy and electoral systems. The goals
of nation-state actors are primarily espionage and strategic advantage.
A computer emergency response team (CERT) is quickly reacting to an attack on the network
infrastructure of a semiconductor manufacturer. What is true about a CERT? (Select the three
best options.)
A.CERTS mitigate cybercrime.
B.CERTS work with local law enforcement.
, C.CERTS provide knowledge of trending attacks.
D.CERTS publish a wide variety of information concerning threats.
ABC
D. The government is responsible for protecting the country's constituents and the national
infrastructure and publishing various information and advice regarding observed threats. For
example, the Department of Homeland Security and the Cybersecurity and Infrastructure
Agency publishes several types of cybersecurity guidance.
A systems administrator is searching for potential vulnerabilities in the network. Which threat-
hunting focus area should the administrator examine, as attackers often exploit it through
connected systems or physical access?
A.Isolated networks
B.Misconfigured systems
C.Business-critical assets
D.Lateral movements
Isolated networks, such as air-gapped networks or networks with limited connectivity to the
internet, are often thought to be more secure. However, attackers can still target these
networks by exploiting vulnerabilities in connected systems or through physical access.
CSIRT
computer security incident response team (CSIRT) is a group responsible for responding to
security incidents involving computer systems.
A system technician reviews system logs from various devices and notices discrepancies
between recorded events. The events between the systems are not synchronizing in the correct
order. Which configuration should the technician analyze and adjust to ensure proper and
accurate logging? (Select the two best options.)
A.NTP
B.GPS
C.PKI
D.SSL
A.NTP
B.GPS
Time drift or time discrepancies can cause the system to create logs with incorrect time stamps.
A time source can provide accuracy by using the Network Time Protocol (NTP) on the systems.
