CySA Practice Exam #6 | Questions with 100%
Correct Answers | Verified | Latest Update 2026
Save
Terms in this set (74)
Which of the following will an A, B, C, F.
adversary do during the final phase
of the Lockheed Martin kill chain? The last phase is the actions on objectives phase.
(SELECT FOUR) During this phase, the targeted network is now
adequately controlled by the attacker. If the system
A. Exfiltrate data or network owner does not detect the attacker, the
B. Privilege escalation adversary may persist for months while gaining
C. Lateral movement through the progressively deeper footholds into the network.
environment This is done through privilege escalation and
D. Release of malicious email lateral movement. Additionally, the attacker can
E. Wait for a user to click on a now exfiltrate data from the network or modify
malicious link data that will remain in the network.
F. Modify data
,A cybersecurity analyst is working at D.
a college that wants to increase its
network's security by implementing Since the college wants to ensure a centrally-
vulnerability scans of centrally managed enterprise console, using an active
managed workstations, student scanning engine installed on the enterprise
laptops, and faculty laptops. Any console would best meet these requirements.
proposed solution must scale up and Then, the college's cybersecurity analysts could
down as new students and faculty perform scans on any devices connected to the
use the network. Additionally, the network using the active scanning engine at the
analyst wants to minimize the desired intervals.
number of false positives to ensure
accuracy in their results. The chosen
solution must also be centrally-
managed through an enterprise
console. Which of the following
scanning topologies would be BEST
able to meet these requirements?
A. Passive scanning engine located
at the core of the network
infrastructure
B. Combination of cloud-based and
server-based scanning engines
C. Combination of server-based and
agent-based scanning engines
D. Active scanning engine installed
on the enterprise console
,Ryan needs to verify the installation D.
of a critical Windows patch on his
organization's workstations. Which The Microsoft System Center Configuration
method would be the most efficient Manager (SCCM) provides remote control, patch
to validate the current patch status management, software distribution, operating
for all of the organization's system deployment, network access protection,
Windows 10 workstations? and hardware and software inventory.
A. Check the Update History
manually
B. Conduct a registry scan of each
workstation to validate the patch was
installed
C. Create and run a PowerShell
script to search for the specific patch
in question
D. Use SCCM to validate patch status
for each machine on the domain
, You are developing your D.
vulnerability scanning plan and
attempting to scope your scans To best understand a system's criticality, you should
properly. You have decided to focus review the asset inventory and the BCP. Most
on the criticality of a system to the organizations classify each asset in its inventory
organization's operations when based on its criticality to the organization's
prioritizing the system in the scope operations. This helps to determine how many
of your scans. Which of the following spare parts to have, the warranty requirements,
would be the best place to gather service agreements, and other key factors to help
the criticality of a system? keep these assets online and running at all times.
Additionally, you can review the business continuity
A. Ask the CEO for a list of the plan (BCP) since this will provide the organization's
critical systems plan for continuing business operations in the
B. Conduct a nmap scan of the event of a disaster or other outage. Generally, the
network to determine the OS of each systems or operations listed in a BCP are the most
system critical ones to support business operations.
C. Scope the scan based on IP
subnets
D. Review the asset inventory and
BCP
Which analysis framework is D.
essentially a repository of known
IOCs with ties to known specific OpenIOC is essentially just a flat database of
threats? known indicators of compromise.
A. MITRE ATT&CK framework
B. Diamond Model of Intrusion
Analysis
C. Lockheed Martin cyber kill chain
D. OpenIOC
Correct Answers | Verified | Latest Update 2026
Save
Terms in this set (74)
Which of the following will an A, B, C, F.
adversary do during the final phase
of the Lockheed Martin kill chain? The last phase is the actions on objectives phase.
(SELECT FOUR) During this phase, the targeted network is now
adequately controlled by the attacker. If the system
A. Exfiltrate data or network owner does not detect the attacker, the
B. Privilege escalation adversary may persist for months while gaining
C. Lateral movement through the progressively deeper footholds into the network.
environment This is done through privilege escalation and
D. Release of malicious email lateral movement. Additionally, the attacker can
E. Wait for a user to click on a now exfiltrate data from the network or modify
malicious link data that will remain in the network.
F. Modify data
,A cybersecurity analyst is working at D.
a college that wants to increase its
network's security by implementing Since the college wants to ensure a centrally-
vulnerability scans of centrally managed enterprise console, using an active
managed workstations, student scanning engine installed on the enterprise
laptops, and faculty laptops. Any console would best meet these requirements.
proposed solution must scale up and Then, the college's cybersecurity analysts could
down as new students and faculty perform scans on any devices connected to the
use the network. Additionally, the network using the active scanning engine at the
analyst wants to minimize the desired intervals.
number of false positives to ensure
accuracy in their results. The chosen
solution must also be centrally-
managed through an enterprise
console. Which of the following
scanning topologies would be BEST
able to meet these requirements?
A. Passive scanning engine located
at the core of the network
infrastructure
B. Combination of cloud-based and
server-based scanning engines
C. Combination of server-based and
agent-based scanning engines
D. Active scanning engine installed
on the enterprise console
,Ryan needs to verify the installation D.
of a critical Windows patch on his
organization's workstations. Which The Microsoft System Center Configuration
method would be the most efficient Manager (SCCM) provides remote control, patch
to validate the current patch status management, software distribution, operating
for all of the organization's system deployment, network access protection,
Windows 10 workstations? and hardware and software inventory.
A. Check the Update History
manually
B. Conduct a registry scan of each
workstation to validate the patch was
installed
C. Create and run a PowerShell
script to search for the specific patch
in question
D. Use SCCM to validate patch status
for each machine on the domain
, You are developing your D.
vulnerability scanning plan and
attempting to scope your scans To best understand a system's criticality, you should
properly. You have decided to focus review the asset inventory and the BCP. Most
on the criticality of a system to the organizations classify each asset in its inventory
organization's operations when based on its criticality to the organization's
prioritizing the system in the scope operations. This helps to determine how many
of your scans. Which of the following spare parts to have, the warranty requirements,
would be the best place to gather service agreements, and other key factors to help
the criticality of a system? keep these assets online and running at all times.
Additionally, you can review the business continuity
A. Ask the CEO for a list of the plan (BCP) since this will provide the organization's
critical systems plan for continuing business operations in the
B. Conduct a nmap scan of the event of a disaster or other outage. Generally, the
network to determine the OS of each systems or operations listed in a BCP are the most
system critical ones to support business operations.
C. Scope the scan based on IP
subnets
D. Review the asset inventory and
BCP
Which analysis framework is D.
essentially a repository of known
IOCs with ties to known specific OpenIOC is essentially just a flat database of
threats? known indicators of compromise.
A. MITRE ATT&CK framework
B. Diamond Model of Intrusion
Analysis
C. Lockheed Martin cyber kill chain
D. OpenIOC
