CysA+ Round 2 Exam | Questions with 100%
Correct Answers | Verified | Latest Update 2026
Save
Terms in this set (84)
You are currently attempting to Step 1: Choose a representative period for data
establish a baseline of regular collection. This period should capture the
network traffic to detect potential network's standard activity during normal business
DDoS attacks. hours, weekends, and other regular events that
At the moment, you are choosing a influence network load.
representative period for data
collection.
Which step in establishing a baseline
are you currently working on?
answer
Step 3
Step 1
Step 4
Step 2
Using a fictitious scenario to Pretexting is using a fictitious scenario to persuade
persuade someone to perform an someone to perform an action or give information
action or give information they aren't they aren't authorized to share
authorized to share is called which
of the following?
answer
Impersonation
Footprinting
Preloading
Pretexting
,A company's compliance team has The governance team creates and maintains
identified a security vulnerability in organizational policies that direct the work of
the organization's network. The team technical teams. The policy documents must
has presented this finding to the risk approve and codify the response plan to ensure
management team, who, in turn, compliance and enforcement.
creates a response plan to address
the vulnerability.
What is the next best step in the
process based on this scenario?
answer
The compliance team creates
policies to prevent future
vulnerabilities.
Incorrect answer:
The technical team immediately
implements the response plan.
The risk management team presents
the response plan to the board of
directors.
The governance team approves and
codifies the response plan in policy
documents.
Which of the following is the MOST Organizations should first identify the specific
effective first step that an benchmarks that are most relevant to them and
organization can do when using the then incorporate them into their cybersecurity
CIS Benchmarks? program. Once organizations have selected the
answer specific CIS Benchmarks they want to follow, they
Monitor the network based on the should determine the best way to implement them.
benchmarks.
Determine the best way to
implement the benchmarks.
Identify the specific benchmarks
most relevant to them.
Incorporate the benchmarks into
their cybersecurity program.
,Several well-known specialty Used to download information from a web server,
PowerShell commands are used for such as a malicious script or payload.
administrative and troubleshooting DownloadString
purposes. Attackers also frequently Correct Answer:
use these commands as part of an Starts a new process, often to load malware or a
attack. Several of these commands rogue process.
are listed below. Start-Process
Drag each PowerShell command on Correct Answer:
the left to its correct definition on Used to remotely issue commands to a Windows
the right. system.
DownloadString Invoke-Request
Start-Process: Correct Answer:
Invoke-Request Used to collect information from a host using
Get-WMIObject Windows Management Instrumentation (WMI).
Invoke-WebRequest Get-WMIObject
Used to download information from Correct Answer:
a web server, such as a malicious Used to interact with a system using HTTP or
script or payload. HTTPS.
Starts a new process, often to load Invoke-WebRequest
malware or a rogue process. Correct
Used to remotely issue commands to
a Windows system.
Used to collect information from a
host using Windows Management
Instrumentation (WMI).
Correct Answer:
Used to interact with a system using
HTTP or HTTPS.
, You suspect that an attacker has Capturing metadata about all the sessions
been using beaconing intrusion in established or attempted and analyzing it for
your network, and you want to patterns that constitute suspicious activity.
detect that type of activity.
Which of the following is a common
method for detecting beaconing
activity in a network?
Capturing metadata about all the
sessions established or attempted
and analyzing it for patterns that
constitute suspicious activity.
Looking for queries that are
repeated multiple times as the bot
checks in with the control server for
new commands.
Adding encrypted commands in
HTML code to make analysis and
detection difficult.
Incorrect answer:
Intercepting and decrypting traffic at
the edge of a network and
forwarding only legitimate traffic.
Correct Answers | Verified | Latest Update 2026
Save
Terms in this set (84)
You are currently attempting to Step 1: Choose a representative period for data
establish a baseline of regular collection. This period should capture the
network traffic to detect potential network's standard activity during normal business
DDoS attacks. hours, weekends, and other regular events that
At the moment, you are choosing a influence network load.
representative period for data
collection.
Which step in establishing a baseline
are you currently working on?
answer
Step 3
Step 1
Step 4
Step 2
Using a fictitious scenario to Pretexting is using a fictitious scenario to persuade
persuade someone to perform an someone to perform an action or give information
action or give information they aren't they aren't authorized to share
authorized to share is called which
of the following?
answer
Impersonation
Footprinting
Preloading
Pretexting
,A company's compliance team has The governance team creates and maintains
identified a security vulnerability in organizational policies that direct the work of
the organization's network. The team technical teams. The policy documents must
has presented this finding to the risk approve and codify the response plan to ensure
management team, who, in turn, compliance and enforcement.
creates a response plan to address
the vulnerability.
What is the next best step in the
process based on this scenario?
answer
The compliance team creates
policies to prevent future
vulnerabilities.
Incorrect answer:
The technical team immediately
implements the response plan.
The risk management team presents
the response plan to the board of
directors.
The governance team approves and
codifies the response plan in policy
documents.
Which of the following is the MOST Organizations should first identify the specific
effective first step that an benchmarks that are most relevant to them and
organization can do when using the then incorporate them into their cybersecurity
CIS Benchmarks? program. Once organizations have selected the
answer specific CIS Benchmarks they want to follow, they
Monitor the network based on the should determine the best way to implement them.
benchmarks.
Determine the best way to
implement the benchmarks.
Identify the specific benchmarks
most relevant to them.
Incorporate the benchmarks into
their cybersecurity program.
,Several well-known specialty Used to download information from a web server,
PowerShell commands are used for such as a malicious script or payload.
administrative and troubleshooting DownloadString
purposes. Attackers also frequently Correct Answer:
use these commands as part of an Starts a new process, often to load malware or a
attack. Several of these commands rogue process.
are listed below. Start-Process
Drag each PowerShell command on Correct Answer:
the left to its correct definition on Used to remotely issue commands to a Windows
the right. system.
DownloadString Invoke-Request
Start-Process: Correct Answer:
Invoke-Request Used to collect information from a host using
Get-WMIObject Windows Management Instrumentation (WMI).
Invoke-WebRequest Get-WMIObject
Used to download information from Correct Answer:
a web server, such as a malicious Used to interact with a system using HTTP or
script or payload. HTTPS.
Starts a new process, often to load Invoke-WebRequest
malware or a rogue process. Correct
Used to remotely issue commands to
a Windows system.
Used to collect information from a
host using Windows Management
Instrumentation (WMI).
Correct Answer:
Used to interact with a system using
HTTP or HTTPS.
, You suspect that an attacker has Capturing metadata about all the sessions
been using beaconing intrusion in established or attempted and analyzing it for
your network, and you want to patterns that constitute suspicious activity.
detect that type of activity.
Which of the following is a common
method for detecting beaconing
activity in a network?
Capturing metadata about all the
sessions established or attempted
and analyzing it for patterns that
constitute suspicious activity.
Looking for queries that are
repeated multiple times as the bot
checks in with the control server for
new commands.
Adding encrypted commands in
HTML code to make analysis and
detection difficult.
Incorrect answer:
Intercepting and decrypting traffic at
the edge of a network and
forwarding only legitimate traffic.
