COMPTIA CYSA+ CERTIFICATION TEST
BANK 2026 COMPREHENSIVE QUESTIONS
AND SOLUTIONS GRADED A+
● What is the primary focus of a cybersecurity analyst in Domain 1?
Answer: Identifying, analyzing, and responding to threats.
● What does anomalous traffic patterns indicate? Answer: Potential
malicious activity on the network.
● What is beaconing in the context of cybersecurity? Answer: Regular
connections from an internal host to an external IP address, indicating a
Command and Control (C2) channel.
● What could a sudden spike in outbound traffic suggest? Answer: Data
exfiltration or a DDoS attack.
● What does traffic on non-standard ports indicate? Answer: Suspicious
activity, such as DNS tunneling or unauthorized access.
● What is a rogue device? Answer: An unauthorized device appearing on
the network.
, ● What are unauthorized processes and services a sign of? Answer:
Potential malware activity, such as cryptojacking.
● What is a major indicator of privilege escalation? Answer: A user
account being added to the local Administrators group.
● What does anomalous system behavior include? Answer: Unexpected
server reboots, application crashes, or disabled antivirus software.
● What is the primary tool for log analysis in cybersecurity? Answer:
SIEM (Security Information and Event Management) system.
● What are key log sources to ingest for analysis? Answer:
Firewall/Proxy, Authentication logs, Endpoint logs, and DNS logs.
● What is the difference between SIEM and SOAR? Answer: SIEM
aggregates data for analysis, while SOAR automates responses to alerts.
● What tools are commonly used for packet capture? Answer: tcpdump
for capturing traffic and Wireshark for analyzing it.
● What is Endpoint Detection and Response (EDR)? Answer: A tool that
provides deep visibility and the ability to remotely investigate and
contain threats.
BANK 2026 COMPREHENSIVE QUESTIONS
AND SOLUTIONS GRADED A+
● What is the primary focus of a cybersecurity analyst in Domain 1?
Answer: Identifying, analyzing, and responding to threats.
● What does anomalous traffic patterns indicate? Answer: Potential
malicious activity on the network.
● What is beaconing in the context of cybersecurity? Answer: Regular
connections from an internal host to an external IP address, indicating a
Command and Control (C2) channel.
● What could a sudden spike in outbound traffic suggest? Answer: Data
exfiltration or a DDoS attack.
● What does traffic on non-standard ports indicate? Answer: Suspicious
activity, such as DNS tunneling or unauthorized access.
● What is a rogue device? Answer: An unauthorized device appearing on
the network.
, ● What are unauthorized processes and services a sign of? Answer:
Potential malware activity, such as cryptojacking.
● What is a major indicator of privilege escalation? Answer: A user
account being added to the local Administrators group.
● What does anomalous system behavior include? Answer: Unexpected
server reboots, application crashes, or disabled antivirus software.
● What is the primary tool for log analysis in cybersecurity? Answer:
SIEM (Security Information and Event Management) system.
● What are key log sources to ingest for analysis? Answer:
Firewall/Proxy, Authentication logs, Endpoint logs, and DNS logs.
● What is the difference between SIEM and SOAR? Answer: SIEM
aggregates data for analysis, while SOAR automates responses to alerts.
● What tools are commonly used for packet capture? Answer: tcpdump
for capturing traffic and Wireshark for analyzing it.
● What is Endpoint Detection and Response (EDR)? Answer: A tool that
provides deep visibility and the ability to remotely investigate and
contain threats.
