CySA Domain 1.0 Exam | Questions with 100%
Correct Answers | Verified | Latest Update 2026
Save
Terms in this set (90)
Kaiden's organization uses the AWS B.
public cloud environment. He uses
the CloudFormation tool to write Cloud formation allows engineers to write code
scripts that create the cloud that creates infrastructure. This is an example of
resources used by his organization. infrastructure as code (IAC) computing.
What type of service is
CloudFormation?
A. SaaS
B. IAC
C. FaaS
D. API
Isaac wants to grab the banner from D.
a remote web server using
commonly available tools. Which of Netcat, telnet, and wget can all be used to
the following tools cannot be used conduct banner-grabbing. FTP will not connect
to grab the banner from the remote properly to get the banner he wants to see.
host?
A. Netcat
B. Telnet
C. Wget
D. FTP
,Alex wants to scan a protected B.
network and has gained access to a
system that is behind the network nmap supports the use of both HTTP and SOCKS4
firewall which can communicate to proxies, allowing Alex to configure the remote host
both his scanning system and the as an HTTP proxy and bounce his scans through it.
internal network. What type of nmap This can allow nmap users to leverage their
scan should Alex conduct to scanning tools without installing them on a
leverage this host if he cannot install protected host or network.
nmap on system A?
A. A reflection scan
B. A proxy scan
C. A randomized host scan
D. a ping-through scan
Maddox is conducting an inventory C.
of access permissions on cloud-
based object buckets, such as those Maddox's actions could identify improperly
provided by the AWS S3 service. secured storage buckets that require remediation.
What threat is he seeking to While the other vulnerabilities may exist, they are
mitigate? not likely to be discovered during a permissions
inventory.
A. Insecure APIs
B. Improper key management
C. Unprotected storage
D. Insufficient logging and
monitoring
,Lucy recently detected a cross-site A.
scripting vulnerability in her
organization's web server. The This type of XSS vulnerability, where the attack is
organization operates a support stored on a server for later users, is a persistent
forum where users can enter HTML vulnerability. The scenario does not tell us that the
tags and the resulting code is code is immediately displayed to the user
displayed to other site visitors. What submitting it, so there is no indication of a reflected
type of cross-site scripting attack. The attack is stored on the server, rather
vulnerability did Lucy discover? than in the browser, so it is not a DOM-based
attack. There is no such thing as blind XSS attacks.
A. Persistent
B. Reflected
C. DOM-based
D. Blind
Florian discovered a vulnerability in a D.
proprietary application developed
by his organization. The application The malloc() function allocates memory from the
performs memory management heap, not the stack, and therefore this is a heap
using the malloc() function and one overflow attack. We do not have enough
area of memory allocated in this information to determine the type of information
manner has an overflow vulnerability. stored in this area of memory, so we cannot
What term best describes this determine whether it is an integer overflow. The
overflow? vulnerability may also be described as a buffer
overflow, but this is more generic and less
A. Buffer overflow descriptive.
B. Stack overflow
C. Integer overflow
D. Heap overflow
, Helen is using the Lockheed Martin B.
Cyber Kill Chain to analyze an attack
that took place against her Delivery occurs when the adversary either deploys
organization. During the attack, the their tool directly against targets or via release that
perpetrator attached a malicious tool relies on staff at the target interacting with it such
to an email message that was sent to as in an email payload, on a USB stick, or via
the victim. What phase of the Cyber websites that they visit.
Kill Chain includes this type of
activity?
A. Weaponization
B. Delivery
C. Exploitation
D. Actions on objectives
While reviewing Apache logs, Janet B.
sees the following entries as well as
hundreds of others from the same Testing for common sample and default files is a
source IP. What should Janet report common tactic for vulnerability scanners. Janet can
has occurred? reasonably assume that her Apache web server
was scanned using a vulnerability scanner.
GET /scripts/sample.php
GET /scripts/test.php
GET /scripts/manage.php
GET /scripts/download.php
A. A denial-of-service attack
B. A vulnerability scan
C. A port scan
D. A directory traversal attack
Correct Answers | Verified | Latest Update 2026
Save
Terms in this set (90)
Kaiden's organization uses the AWS B.
public cloud environment. He uses
the CloudFormation tool to write Cloud formation allows engineers to write code
scripts that create the cloud that creates infrastructure. This is an example of
resources used by his organization. infrastructure as code (IAC) computing.
What type of service is
CloudFormation?
A. SaaS
B. IAC
C. FaaS
D. API
Isaac wants to grab the banner from D.
a remote web server using
commonly available tools. Which of Netcat, telnet, and wget can all be used to
the following tools cannot be used conduct banner-grabbing. FTP will not connect
to grab the banner from the remote properly to get the banner he wants to see.
host?
A. Netcat
B. Telnet
C. Wget
D. FTP
,Alex wants to scan a protected B.
network and has gained access to a
system that is behind the network nmap supports the use of both HTTP and SOCKS4
firewall which can communicate to proxies, allowing Alex to configure the remote host
both his scanning system and the as an HTTP proxy and bounce his scans through it.
internal network. What type of nmap This can allow nmap users to leverage their
scan should Alex conduct to scanning tools without installing them on a
leverage this host if he cannot install protected host or network.
nmap on system A?
A. A reflection scan
B. A proxy scan
C. A randomized host scan
D. a ping-through scan
Maddox is conducting an inventory C.
of access permissions on cloud-
based object buckets, such as those Maddox's actions could identify improperly
provided by the AWS S3 service. secured storage buckets that require remediation.
What threat is he seeking to While the other vulnerabilities may exist, they are
mitigate? not likely to be discovered during a permissions
inventory.
A. Insecure APIs
B. Improper key management
C. Unprotected storage
D. Insufficient logging and
monitoring
,Lucy recently detected a cross-site A.
scripting vulnerability in her
organization's web server. The This type of XSS vulnerability, where the attack is
organization operates a support stored on a server for later users, is a persistent
forum where users can enter HTML vulnerability. The scenario does not tell us that the
tags and the resulting code is code is immediately displayed to the user
displayed to other site visitors. What submitting it, so there is no indication of a reflected
type of cross-site scripting attack. The attack is stored on the server, rather
vulnerability did Lucy discover? than in the browser, so it is not a DOM-based
attack. There is no such thing as blind XSS attacks.
A. Persistent
B. Reflected
C. DOM-based
D. Blind
Florian discovered a vulnerability in a D.
proprietary application developed
by his organization. The application The malloc() function allocates memory from the
performs memory management heap, not the stack, and therefore this is a heap
using the malloc() function and one overflow attack. We do not have enough
area of memory allocated in this information to determine the type of information
manner has an overflow vulnerability. stored in this area of memory, so we cannot
What term best describes this determine whether it is an integer overflow. The
overflow? vulnerability may also be described as a buffer
overflow, but this is more generic and less
A. Buffer overflow descriptive.
B. Stack overflow
C. Integer overflow
D. Heap overflow
, Helen is using the Lockheed Martin B.
Cyber Kill Chain to analyze an attack
that took place against her Delivery occurs when the adversary either deploys
organization. During the attack, the their tool directly against targets or via release that
perpetrator attached a malicious tool relies on staff at the target interacting with it such
to an email message that was sent to as in an email payload, on a USB stick, or via
the victim. What phase of the Cyber websites that they visit.
Kill Chain includes this type of
activity?
A. Weaponization
B. Delivery
C. Exploitation
D. Actions on objectives
While reviewing Apache logs, Janet B.
sees the following entries as well as
hundreds of others from the same Testing for common sample and default files is a
source IP. What should Janet report common tactic for vulnerability scanners. Janet can
has occurred? reasonably assume that her Apache web server
was scanned using a vulnerability scanner.
GET /scripts/sample.php
GET /scripts/test.php
GET /scripts/manage.php
GET /scripts/download.php
A. A denial-of-service attack
B. A vulnerability scan
C. A port scan
D. A directory traversal attack
