CYSA Exam Test Questions And Answers Verified 100%
Correct
A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities. The
type of vulnerability that should be disseminated FIRST is one that:
A. enables remote code execution that is being exploited in the wild.
B. enables data leakage but is not known to be in the environment.
C. enables lateral movement and was reportesd as a proof of concept.
D. affected the organization in the past but was probably contained and eradicated. -
ANSWER A
A cybersecurity analyst is supporting an incident response effort via threat intelligence.
Which of the following is the analyst MOST likely executing?
A. Requirements analysis and collection planning
B. Containment and eradication
C. Recovery and post-incident review
D. Indicator enrichment and research pivoting - ANSWER A
A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN
server to achieve the highest level of security. To BEST complete this task, the analyst
should place the:
A. firewall behind the VPN server.
B. VPN server parallel to the firewall.
C. VPN server behind the firewall.
D. VPN on the firewall - ANSWER C
A developer wrote a script to make names and other PII data unidentifiable before
loading a database export into the testing system. Which of the following describes the
type of control that is being used?
A. Data encoding
B. Data masking
C. Data loss prevention
D. Data classification - ANSWER B
,A development team is testing a new application release. The team needs to import
existing client PHI datar records from the production environment to the test
environment to test accuracy and functionality. Which of the following would BEST
protect the sensitivity of this
A. Deidentification
B. Encoding C. Encryption
cn coi li k
D. Watermarking - ANSWER A
A development team signed a contract that requires access to an on-premises physical
server. Access must be restricted to authorized users only and cannot be connected to
the Internet. Which of the following solutions would meet this requirements? 2
A. Establish a hosted SSO.
B. Implement a CASB.
C. Virtualize the server.
D. Air gap the server. - ANSWER D
A development team uses open-source software and follows an Agile methodology with
two- week sprints. Last month, the security team filed a bug for an insecure version of a
common library. The DevOps team updated the library on the server, and then the
security team rescanned the server to verify it was no longer vulnerable. This month,
the security team found the same vulnerability on the server. Which of the following
should be done to correct the cause of the vulnerability? 2
A. Deploy a WAF in front of the application.
B. Implement a software repository management tool.
C. Install a HIPS on the server.
D. Instruct the developers to use input validation in the code. - ANSWER B
A finance department employee has received a message that appears to have been
sent from the Chief Financial Officer (CFO), asking the employee to perform a wire
transfer. Analysis of the email shows the message came from an external source and is
fraudulent. Which of the following would work BEST to improve the likelihood of
employees quickly recognizing fraudulent emails?
A. Implementing a sandboxing solution for viewing emails and attachments
B. Limiting email from the finance department to recipients on a pre-approved whitelist
C. Configuring email client settings to display all messages in plaintext when read
,D. Adding a banner to incoming messages that identifies the messages as external -
ANSWER D
A large amount of confidential data was leaked during a recent security breach. As part
of a forensic investigation, the security team needs to identify the various types of traffic
that were captured between two compromised devices. Which of the following should
be used to identify the traffic? 2
A. Carving
B. Disk imaging
C. Packet analysis
D. Memory dump
E. Hashing - ANSWER C
A large organization wants to move account registration services to the cloud to benefit
from faster processing and elasticity. Which of the following should be done FIRST to
determine the potential risk to the organization?
A. Establish a recovery time objective and a recovery point objective for the systems
being moved.
B. Calculate the resource requirements for moving the systems to the cloud.
C. Determine recovery priorities for the assets being moved to the cloud-based
systems.
D. Identify the business processes that will be migrated and the critically of each
one. E. Perform an inventory of the servers that will be moving and assign priority to
each one. - ANSWER D
A large software company wants to move its source control and deployment pipelines
into a cloud-computing environment. Due to the nature of the business, management
determines the recovery time objective needs to be within one hour. Which of the
following strategies would put the company in the BEST position to achieve the desired
recovery time?
A. Establish an alternate site with active replication to other regions
B. Configure a duplicate environment in the same region and load balance between
both instances.
C. Set up every cloud component with duplicated copies and auto-scaling turned on.
D. Set up every cloud component with duplicated copies and auto-scaling turned off E.
Create a duplicate copy on premises that can be used for failover in a disaster
situation - ANSWER A
, A monthly job to install approved vendor software updates and hot fixes recently
stopped working. The security team performed a vulnerability scan, which identified
several hosts as having some critical OS vulnerabilities, as referenced in the common
vulnerabilities and exposures (CVE) database. Which of the following should the
security team do NEXT to resolve the critical findings in the most effective manner? 2
(Select TWO).
A. Patch the required hosts with the correct updates and hot fixes, and rescan them for
vulnerabilities.
B. Remove the servers reported to have high and medium vulnerabilities.
C. Tag the computers with critical findings as a business risk acceptance.
D. Manually patch the computers on the network, as recommended on the CVE
website.
E. Harden the hosts on the network, as recommended by the NIST framework.
F. Resolve the monthly job issues and test them before applying them to the production
network. - ANSWER A F
29
A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the
following should the cybersecurity analyst do FIRST? 2
A. Apply the required patches to remediate the vulnerability.
B. Escalate the incident to senior management for guidance.
C. Disable all privileged user accounts on the network.
D. Temporarily block the attacking IP address. - ANSWER D
30
A new on-premises application server was recently installed on the network. Remote
access to the server was enabled for vendor support on required ports, but recent
security reports show large amounts of data are being sent to various unauthorized
networks through those ports. Which of the following configuration changes must be
implemented to resolve this security issue while still allowing remote vendor access?
A. Apply a firewall application server rule.
B. Whitelist the application server.
C. Sandbox the application server.
D. Enable port security.
E. Block the unauthorized networks. - ANSWER A
31
Correct
A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities. The
type of vulnerability that should be disseminated FIRST is one that:
A. enables remote code execution that is being exploited in the wild.
B. enables data leakage but is not known to be in the environment.
C. enables lateral movement and was reportesd as a proof of concept.
D. affected the organization in the past but was probably contained and eradicated. -
ANSWER A
A cybersecurity analyst is supporting an incident response effort via threat intelligence.
Which of the following is the analyst MOST likely executing?
A. Requirements analysis and collection planning
B. Containment and eradication
C. Recovery and post-incident review
D. Indicator enrichment and research pivoting - ANSWER A
A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN
server to achieve the highest level of security. To BEST complete this task, the analyst
should place the:
A. firewall behind the VPN server.
B. VPN server parallel to the firewall.
C. VPN server behind the firewall.
D. VPN on the firewall - ANSWER C
A developer wrote a script to make names and other PII data unidentifiable before
loading a database export into the testing system. Which of the following describes the
type of control that is being used?
A. Data encoding
B. Data masking
C. Data loss prevention
D. Data classification - ANSWER B
,A development team is testing a new application release. The team needs to import
existing client PHI datar records from the production environment to the test
environment to test accuracy and functionality. Which of the following would BEST
protect the sensitivity of this
A. Deidentification
B. Encoding C. Encryption
cn coi li k
D. Watermarking - ANSWER A
A development team signed a contract that requires access to an on-premises physical
server. Access must be restricted to authorized users only and cannot be connected to
the Internet. Which of the following solutions would meet this requirements? 2
A. Establish a hosted SSO.
B. Implement a CASB.
C. Virtualize the server.
D. Air gap the server. - ANSWER D
A development team uses open-source software and follows an Agile methodology with
two- week sprints. Last month, the security team filed a bug for an insecure version of a
common library. The DevOps team updated the library on the server, and then the
security team rescanned the server to verify it was no longer vulnerable. This month,
the security team found the same vulnerability on the server. Which of the following
should be done to correct the cause of the vulnerability? 2
A. Deploy a WAF in front of the application.
B. Implement a software repository management tool.
C. Install a HIPS on the server.
D. Instruct the developers to use input validation in the code. - ANSWER B
A finance department employee has received a message that appears to have been
sent from the Chief Financial Officer (CFO), asking the employee to perform a wire
transfer. Analysis of the email shows the message came from an external source and is
fraudulent. Which of the following would work BEST to improve the likelihood of
employees quickly recognizing fraudulent emails?
A. Implementing a sandboxing solution for viewing emails and attachments
B. Limiting email from the finance department to recipients on a pre-approved whitelist
C. Configuring email client settings to display all messages in plaintext when read
,D. Adding a banner to incoming messages that identifies the messages as external -
ANSWER D
A large amount of confidential data was leaked during a recent security breach. As part
of a forensic investigation, the security team needs to identify the various types of traffic
that were captured between two compromised devices. Which of the following should
be used to identify the traffic? 2
A. Carving
B. Disk imaging
C. Packet analysis
D. Memory dump
E. Hashing - ANSWER C
A large organization wants to move account registration services to the cloud to benefit
from faster processing and elasticity. Which of the following should be done FIRST to
determine the potential risk to the organization?
A. Establish a recovery time objective and a recovery point objective for the systems
being moved.
B. Calculate the resource requirements for moving the systems to the cloud.
C. Determine recovery priorities for the assets being moved to the cloud-based
systems.
D. Identify the business processes that will be migrated and the critically of each
one. E. Perform an inventory of the servers that will be moving and assign priority to
each one. - ANSWER D
A large software company wants to move its source control and deployment pipelines
into a cloud-computing environment. Due to the nature of the business, management
determines the recovery time objective needs to be within one hour. Which of the
following strategies would put the company in the BEST position to achieve the desired
recovery time?
A. Establish an alternate site with active replication to other regions
B. Configure a duplicate environment in the same region and load balance between
both instances.
C. Set up every cloud component with duplicated copies and auto-scaling turned on.
D. Set up every cloud component with duplicated copies and auto-scaling turned off E.
Create a duplicate copy on premises that can be used for failover in a disaster
situation - ANSWER A
, A monthly job to install approved vendor software updates and hot fixes recently
stopped working. The security team performed a vulnerability scan, which identified
several hosts as having some critical OS vulnerabilities, as referenced in the common
vulnerabilities and exposures (CVE) database. Which of the following should the
security team do NEXT to resolve the critical findings in the most effective manner? 2
(Select TWO).
A. Patch the required hosts with the correct updates and hot fixes, and rescan them for
vulnerabilities.
B. Remove the servers reported to have high and medium vulnerabilities.
C. Tag the computers with critical findings as a business risk acceptance.
D. Manually patch the computers on the network, as recommended on the CVE
website.
E. Harden the hosts on the network, as recommended by the NIST framework.
F. Resolve the monthly job issues and test them before applying them to the production
network. - ANSWER A F
29
A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the
following should the cybersecurity analyst do FIRST? 2
A. Apply the required patches to remediate the vulnerability.
B. Escalate the incident to senior management for guidance.
C. Disable all privileged user accounts on the network.
D. Temporarily block the attacking IP address. - ANSWER D
30
A new on-premises application server was recently installed on the network. Remote
access to the server was enabled for vendor support on required ports, but recent
security reports show large amounts of data are being sent to various unauthorized
networks through those ports. Which of the following configuration changes must be
implemented to resolve this security issue while still allowing remote vendor access?
A. Apply a firewall application server rule.
B. Whitelist the application server.
C. Sandbox the application server.
D. Enable port security.
E. Block the unauthorized networks. - ANSWER A
31
