CYSA EXAM TEST QUESTIONS WITH 100% VERIFIED
SOLUTIONS
An analyst is participating in the solution analysis process for a cloud-hosted SIEM
platform to centralize log monitoring and alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when
selecting a vendor? - ANSWER Identify SLA requirements for monitoring and logging
A security technician is testing a solution that will prevent outside entities from spoofing
the company's email domain, which is comptia.org. The testing is successful, and the
security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task? -
ANSWER Add TXT @ "v=spf1 mx include:_spf.comptia.org −all" to the DNS record.
A security analyst on the threat-hunting team has developed a list of unneeded, benign
services that are currently running as part of the standard OS deployment for
workstations.
The analyst will provide this list to the operations team to create a policy that will
automatically disable the services for all workstations in the organization.
Which of the following BEST describes the security analyst's goal? - ANSWER To
reduce the attack surface
An information security analyst observes anomalous behavior on the SCADA devices in
a power plant. This behavior results in the industrial generators overheating and
destabilizing the power supply - ANSWER Use Wireshark to capture packets between
SCADA devices and the management system
Which of the following roles is ultimately responsible for determining the classification
levels assigned to specific datasets - ANSWER Data owner
A security analyst suspects a malware infection was caused by a user who downloaded
malware after clicking Error! Hyperlink reference not valid. in a phishing email. To
prevent other computers from being infected by the same malware variation, the analyst
should create a rule on the - ANSWER proxy to block all connections to
<malwaresource>.
An information security analyst is reviewing backup data sets as part of a project
focused on eliminating archival datasets
, Which of the following should be considered FIRST prior to disposing of the electronic
data? - ANSWER Retention standards
A security analyst is evaluating two vulnerability management tools for possible use in
an organization. The analyst set up each of the tools according to the respective
vendor's instructions and generated a report of vulnerabilities that ran against the same
target server.
Tool A reported the following
Tool B reported the following
Which of the following BEST describes the method used by each tool? (Choose two.) -
ANSWER Tool A is unauthenticated.
Tool B is agent based.
Which of the following would MOST likely be included in the incident response
procedure after a security breach of customer PII? - ANSWER Public relations
A security analyst received an alert from the SIEM indicating numerous login attempts
from users outside their usual geographic zones, all of which were initiated through the
web-based mail server. The logs indicate all domain accounts experienced two login
attempts during the same time frame.
Which of the following is the MOST likely cause of this issue? - ANSWER A
passwordspraying attack was performed against the organization.
During an investigation, a security analyst identified machines that are infected with
malware the antivirus was unable to detect.
Which of the following is the BEST place to acquire evidence to perform data carving? -
ANSWER The hard drive & The system memory
A cybersecurity analyst has access to several threat feeds and wants to organize them
while simultaneously comparing intelligence against network traffic. Which of the
following would BEST accomplish this goal - ANSWER Automation and orchestration
An analyst is performing penetration testing and vulnerability assessment activities
against a new vehicle automation platform. Which of the following is MOST likely an
attack vector that is being utilized as part of the testing and assessment? - ANSWER
CAN Bus
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on
a company's server. Which of the following is the FIRST step the analyst should take? -
ANSWER Start packet capturing to look for traffic that could be indicative of command
and control from the miner.
A security analyst is investigating a malware infection that occurred on a Windows
system. The system was not connected to a network and had no wireless capability
SOLUTIONS
An analyst is participating in the solution analysis process for a cloud-hosted SIEM
platform to centralize log monitoring and alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when
selecting a vendor? - ANSWER Identify SLA requirements for monitoring and logging
A security technician is testing a solution that will prevent outside entities from spoofing
the company's email domain, which is comptia.org. The testing is successful, and the
security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task? -
ANSWER Add TXT @ "v=spf1 mx include:_spf.comptia.org −all" to the DNS record.
A security analyst on the threat-hunting team has developed a list of unneeded, benign
services that are currently running as part of the standard OS deployment for
workstations.
The analyst will provide this list to the operations team to create a policy that will
automatically disable the services for all workstations in the organization.
Which of the following BEST describes the security analyst's goal? - ANSWER To
reduce the attack surface
An information security analyst observes anomalous behavior on the SCADA devices in
a power plant. This behavior results in the industrial generators overheating and
destabilizing the power supply - ANSWER Use Wireshark to capture packets between
SCADA devices and the management system
Which of the following roles is ultimately responsible for determining the classification
levels assigned to specific datasets - ANSWER Data owner
A security analyst suspects a malware infection was caused by a user who downloaded
malware after clicking Error! Hyperlink reference not valid. in a phishing email. To
prevent other computers from being infected by the same malware variation, the analyst
should create a rule on the - ANSWER proxy to block all connections to
<malwaresource>.
An information security analyst is reviewing backup data sets as part of a project
focused on eliminating archival datasets
, Which of the following should be considered FIRST prior to disposing of the electronic
data? - ANSWER Retention standards
A security analyst is evaluating two vulnerability management tools for possible use in
an organization. The analyst set up each of the tools according to the respective
vendor's instructions and generated a report of vulnerabilities that ran against the same
target server.
Tool A reported the following
Tool B reported the following
Which of the following BEST describes the method used by each tool? (Choose two.) -
ANSWER Tool A is unauthenticated.
Tool B is agent based.
Which of the following would MOST likely be included in the incident response
procedure after a security breach of customer PII? - ANSWER Public relations
A security analyst received an alert from the SIEM indicating numerous login attempts
from users outside their usual geographic zones, all of which were initiated through the
web-based mail server. The logs indicate all domain accounts experienced two login
attempts during the same time frame.
Which of the following is the MOST likely cause of this issue? - ANSWER A
passwordspraying attack was performed against the organization.
During an investigation, a security analyst identified machines that are infected with
malware the antivirus was unable to detect.
Which of the following is the BEST place to acquire evidence to perform data carving? -
ANSWER The hard drive & The system memory
A cybersecurity analyst has access to several threat feeds and wants to organize them
while simultaneously comparing intelligence against network traffic. Which of the
following would BEST accomplish this goal - ANSWER Automation and orchestration
An analyst is performing penetration testing and vulnerability assessment activities
against a new vehicle automation platform. Which of the following is MOST likely an
attack vector that is being utilized as part of the testing and assessment? - ANSWER
CAN Bus
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on
a company's server. Which of the following is the FIRST step the analyst should take? -
ANSWER Start packet capturing to look for traffic that could be indicative of command
and control from the miner.
A security analyst is investigating a malware infection that occurred on a Windows
system. The system was not connected to a network and had no wireless capability
