WGU D483 CompTIA Cysa Practice Test | Actual study
Questions and detailed Answers | 2026 Updates | A+
Graded | 100% correct
1. A paintbrush bristle supply company has a business-critical web server running old
software on the internal network. Despite available updates, the new software versions
would not communicate with the rest of the company's IT ecosystem. What type of
controls should the company consider implementing to address this issue?
a. Compensating
2. The CIO (Chief Information Officer) for a modular dog furniture startup receives a report
that an advanced persistent threat (APT) has compromised the startup's mail servers.
What should be the CIO's top priority for preventing future incidents?
a. Reviewing the company's SLOs and incident response plan to ensure they are in
keeping with industry best practices
3. A major retail corporation has outsourced a significant portion of its IT infrastructure to
a third-party vendor. While the vendor's services have been effective, the corporation
discovered that the vendor suffered a data breach. Which type of cybersecurity threat
should the corporation prepare to possibly face?
a. Supply chain
4. A large home supply corporation experienced a major cyber attack that compromised its
systems and data. Which cybersecurity process should the corporation follow to quickly
contain the event, minimize damage, and eventually restore operations?
a. Incident response
5. A malicious actor hacked a company's web application and stole sensitive data. The
security team uses the Diamond Model of Intrusion Analysis and the Open Web
Application Security Project (OWASP) Testing Guide to analyze the attack and identify
any vulnerabilities in the application that the attacker may have exploited. What is the
primary purpose of using both the Diamond Model of Intrusion Analysis and the OWASP
Testing Guide in response to a security incident?
a. To identify the root cause of the attack and prevent similar incidents in the future
6. A small company has just experienced a cyberattack, which resulted in the unauthorized
access of sensitive company data and significant damage to the network. Although the
company has developed an incident response plan and a business continuity/disaster
recovery plan, they have not tested either in a real-world scenario. Which options
differentiate an incident response plan from a business continuity/disaster recovery
plan?
, a. An incident response plan minimizes the impact of security incidents on the
organization, while a BC/DR plan maintains essential business functions during a
disruption.
7. Which of the following is true about the relationship between Open Web Application
Security Project (OWASP) and MITRE Attacks? (Select the two best options.)
a. OWASP and MITRE Attacks share similar objectives and complement each other in
terms of identifying and mitigating cybersecurity risks.
b. Both OWASP and MITRE Attacks are frameworks that provide guidelines and best
practices for improving cybersecurity.
8. A security team is analyzing their system and network architecture to improve their
security posture. In the context of a potential security incident, which aspect should the
team prioritize to effectively detect and respond to various types of unauthorized access
to critical systems?
a. Analyzing anomalies in network traffic
9. An exercise equipment marketing company is experiencing a data breach in which the
company's website is displaying customers' payment information. The information
disclosure is disastrous; customers are canceling their subscriptions in droves.
Unfortunately, the company has no SOAR or plans on what to do during a compromise.
What functional type of controls should the company implement to mitigate the
damages?
a. Corrective
10. An incident response team is analyzing a recent security incident involving potential
unauthorized system modifications. Which of the following aspects should be the
primary focus of the team's investigation?
a. File system changes and anomalies
11. An organization is reviewing its incident response plan and wants to improve its overall
security posture by streamlining the authentication process for its employees during a
security incident. Which of the following approaches can help achieve this goal without
compromising security?
a. Federation
12. A company has experienced a series of cyber attacks over the past few months,
including phishing emails, malware infections, and ransomware attacks. The security
team wants to implement a new system to monitor and identify potential vulnerabilities.
What type of metric can help the company process and prioritize remediation efforts?
a. Top 10 lists
13. A security analyst at a large financial institution has recently received a report from the
security operations center (SOC) team that indicates that there has been an increase in
the number of incidents related to malware. The analyst is concerned about these
incidents' impact on the organization. How does an indicator of compromise (IoC)
primarily impact the organization's security operations?
a. It indicates that a security breach or malicious activity may have occurred
14. A large company has just undergone a series of layoffs, and several employees have lost
their jobs. One of the disgruntled laid-off employees feels the company treated them
Questions and detailed Answers | 2026 Updates | A+
Graded | 100% correct
1. A paintbrush bristle supply company has a business-critical web server running old
software on the internal network. Despite available updates, the new software versions
would not communicate with the rest of the company's IT ecosystem. What type of
controls should the company consider implementing to address this issue?
a. Compensating
2. The CIO (Chief Information Officer) for a modular dog furniture startup receives a report
that an advanced persistent threat (APT) has compromised the startup's mail servers.
What should be the CIO's top priority for preventing future incidents?
a. Reviewing the company's SLOs and incident response plan to ensure they are in
keeping with industry best practices
3. A major retail corporation has outsourced a significant portion of its IT infrastructure to
a third-party vendor. While the vendor's services have been effective, the corporation
discovered that the vendor suffered a data breach. Which type of cybersecurity threat
should the corporation prepare to possibly face?
a. Supply chain
4. A large home supply corporation experienced a major cyber attack that compromised its
systems and data. Which cybersecurity process should the corporation follow to quickly
contain the event, minimize damage, and eventually restore operations?
a. Incident response
5. A malicious actor hacked a company's web application and stole sensitive data. The
security team uses the Diamond Model of Intrusion Analysis and the Open Web
Application Security Project (OWASP) Testing Guide to analyze the attack and identify
any vulnerabilities in the application that the attacker may have exploited. What is the
primary purpose of using both the Diamond Model of Intrusion Analysis and the OWASP
Testing Guide in response to a security incident?
a. To identify the root cause of the attack and prevent similar incidents in the future
6. A small company has just experienced a cyberattack, which resulted in the unauthorized
access of sensitive company data and significant damage to the network. Although the
company has developed an incident response plan and a business continuity/disaster
recovery plan, they have not tested either in a real-world scenario. Which options
differentiate an incident response plan from a business continuity/disaster recovery
plan?
, a. An incident response plan minimizes the impact of security incidents on the
organization, while a BC/DR plan maintains essential business functions during a
disruption.
7. Which of the following is true about the relationship between Open Web Application
Security Project (OWASP) and MITRE Attacks? (Select the two best options.)
a. OWASP and MITRE Attacks share similar objectives and complement each other in
terms of identifying and mitigating cybersecurity risks.
b. Both OWASP and MITRE Attacks are frameworks that provide guidelines and best
practices for improving cybersecurity.
8. A security team is analyzing their system and network architecture to improve their
security posture. In the context of a potential security incident, which aspect should the
team prioritize to effectively detect and respond to various types of unauthorized access
to critical systems?
a. Analyzing anomalies in network traffic
9. An exercise equipment marketing company is experiencing a data breach in which the
company's website is displaying customers' payment information. The information
disclosure is disastrous; customers are canceling their subscriptions in droves.
Unfortunately, the company has no SOAR or plans on what to do during a compromise.
What functional type of controls should the company implement to mitigate the
damages?
a. Corrective
10. An incident response team is analyzing a recent security incident involving potential
unauthorized system modifications. Which of the following aspects should be the
primary focus of the team's investigation?
a. File system changes and anomalies
11. An organization is reviewing its incident response plan and wants to improve its overall
security posture by streamlining the authentication process for its employees during a
security incident. Which of the following approaches can help achieve this goal without
compromising security?
a. Federation
12. A company has experienced a series of cyber attacks over the past few months,
including phishing emails, malware infections, and ransomware attacks. The security
team wants to implement a new system to monitor and identify potential vulnerabilities.
What type of metric can help the company process and prioritize remediation efforts?
a. Top 10 lists
13. A security analyst at a large financial institution has recently received a report from the
security operations center (SOC) team that indicates that there has been an increase in
the number of incidents related to malware. The analyst is concerned about these
incidents' impact on the organization. How does an indicator of compromise (IoC)
primarily impact the organization's security operations?
a. It indicates that a security breach or malicious activity may have occurred
14. A large company has just undergone a series of layoffs, and several employees have lost
their jobs. One of the disgruntled laid-off employees feels the company treated them
