CYSA COMPTIA Verified Multiple Choice and Conceptual
Actual Exam Questions With Reviewed 100% Correct
Detailed Answers Questions 1-100
Guaranteed Pass!!Current Update
1. Which of the following BEST describes HSM? (Hardware Security Model)
A. A computing device that manages cryptography, decrypts traffic, and
maintains library calls
B. A computing device that manages digital keys, performs
encryption/decryption functions, and maintains other cryptographic
features
C. A computing device that manages digital keys, encrypts devices, and
creates strong cryptographic functions
D. A computing device that manages algorithms, performs entropy
functions, and maintains digital signatures
- ANSWER A computing device that manages digital keys, performs
encryption/decryption functions, and maintains other cryptographic functions
2. A threat hunting team received a new IoC (indicator of compromise) from
an ISAC (information sharing and analysis centers) that follows a threat
actor's profile and activities. Which of the following should be updated
NEXT?
A. The Whitelist
B. The DNS (domain name system)
C. The blocklist
D. The IDS Signature
- ANSWER The IDS Signature
3. Which of the following BEST describes what an organizations incident
response plan should cover regarding how the organization handles public
or private disclosures of an incident?
, A. The disclosure section should focus on how to reduce the likelihood
customers will leave due to the incident
B. The disclosure section should contain the organization's legal and
regulatory requirements regarding disclosures
C. The disclosure section should contain the names and contact information
of key employees who are needed for incident resolution
D. The disclosure section should contain language explaining how the
organization will reduce the likelihood of the incident happening in the
future
- ANSWER The disclosure section should contain the organization's legal
and regulatory requirements regarding disclosures
4. An IT security analyst has received an email alert regarding a vulnerability
within the new fleet of vehicles the company recently purchased. Which of
the following attack vectors is the vulnerability MOST likely targeting?
A. SCADA (Supervisory Control and Data Acquisition)
B. CAN bus (Controller Area Network)
C. Modbus
D. IoT (Internet of Things)
- ANSWER CAN bus (Controller Area Network)
5. After examining a header and footer file, a security analyst begins
reconstructing files by scanning the raw bytes of a hard disk and rebuilding
them. Which of the following techniques is the analyst using?
A. Header analysis
B. File Carving
C. Metadata analysis
D. Data recovery
- ANSWER File carving
6. An organization is experiencing security incidents in which a systems
administrator is creating unauthorized user accounts. A security analyst has
created a script to snapshot the system configuration each day. Following is
, one of the scripts:
cat/etc/passwd > daily_$(date +"%m_%d_%Y")
This script has been running successfully every day. Which of the following
commands would provide the analysis with additional useful information
relevant to the above script?
A. diff daily_11_03_2019 daily_11_04_2019
B. ps -ef | grep admin > daily_process_$(date +%m_%d_%Y")
C. more /etc/passwd > daily_$(date +%m_%d_%Y_%H:%M:%S")
D. la -lai/usr/sbin > daily_applications
- ANSWER diff daily_11_03_2019 daily_11_04_2019
7. A company's domain has been spooled in numerous phishing campaigns.
An analyst needs to determine if the company is a victim of domain
spoofing, despite having a DMARC record that should tell mailbox providers
to ignore any email that fails DMARC upon review of the record, the analyst
finds the following:
v=DMARC1; p=none; fo=0; rua=mailto:;
ruf=mailto:; adkim=r; rf=afrf; ri=86400;
Which of the following BEST explains the reason why the company's
requirements are not being processed correctly by mailbox providers?
A. The DMARC record's DKIM alignment tag is incorrectly configured
B. The DMARC record's policy tag is incorrectly configured
C. The DMARC record does not have an SPF alignment tag
D. The DMARC record's version tag is set to DMARC1 instead of the current
version, which is DMARC3
- ANSWER The DMARC record's policy tag is incorrectly configured
p=none - Take no action on the message and deliver it to the incident recipient.
It should be p=reject or p=quarantine
8. Which of the following BEST explains the function of trusted firmware
updates as they relate to hardware assurance?
A. Trusted firmware updates provide organizations with development,
compilation, remote access, and customization for embedded devices
, B. Trusted firmware updates provide organizations with security
specifications, open-source libraries, and custom tools for embedded
devices
C. Trusted firmware updates provide organizations with remote code
execution, distribution, maintenance, and extended warranties for
embedded devices
D. Trusted firmware updates provide organizations with secure code
signing, distribution, installation, and attestation for embedded devices
- ANSWER Trusted firmware updates provide organizations with secure
code signing, distribution, installation, and attestation for embedded devices
9. A help desk technician inadvertently set the credentials of the company's
CRM n clear text to an employee's personal email account. The technician
then reset the employer's account using the appropriate process and the
employee's corporate email, and notified the security team of the incident.
According to the incident response procedure, which of the following
should the security team do NEXT?
A. Contact the CRM vendor
B. Prepare an incident summary report
C. Perform postmortem data correlation
D. Update the incident response plan
- ANSWER Prepare an incident summary report
10.A developer downloaded and attempted to install a file transfer application
in which the installation package is bundled with adware. The next-
generation antivirus software prevented the file from executing, but it did
not remove the file from the device. Over the next few days, more
developers tried to download and execute the offending file. Which of the
following changes should be made to the security tools to BEST remedy the
issue?
A. Blacklist the hash in the next-generation antivirus system
B. Manually delete the file from each of the workstations
Actual Exam Questions With Reviewed 100% Correct
Detailed Answers Questions 1-100
Guaranteed Pass!!Current Update
1. Which of the following BEST describes HSM? (Hardware Security Model)
A. A computing device that manages cryptography, decrypts traffic, and
maintains library calls
B. A computing device that manages digital keys, performs
encryption/decryption functions, and maintains other cryptographic
features
C. A computing device that manages digital keys, encrypts devices, and
creates strong cryptographic functions
D. A computing device that manages algorithms, performs entropy
functions, and maintains digital signatures
- ANSWER A computing device that manages digital keys, performs
encryption/decryption functions, and maintains other cryptographic functions
2. A threat hunting team received a new IoC (indicator of compromise) from
an ISAC (information sharing and analysis centers) that follows a threat
actor's profile and activities. Which of the following should be updated
NEXT?
A. The Whitelist
B. The DNS (domain name system)
C. The blocklist
D. The IDS Signature
- ANSWER The IDS Signature
3. Which of the following BEST describes what an organizations incident
response plan should cover regarding how the organization handles public
or private disclosures of an incident?
, A. The disclosure section should focus on how to reduce the likelihood
customers will leave due to the incident
B. The disclosure section should contain the organization's legal and
regulatory requirements regarding disclosures
C. The disclosure section should contain the names and contact information
of key employees who are needed for incident resolution
D. The disclosure section should contain language explaining how the
organization will reduce the likelihood of the incident happening in the
future
- ANSWER The disclosure section should contain the organization's legal
and regulatory requirements regarding disclosures
4. An IT security analyst has received an email alert regarding a vulnerability
within the new fleet of vehicles the company recently purchased. Which of
the following attack vectors is the vulnerability MOST likely targeting?
A. SCADA (Supervisory Control and Data Acquisition)
B. CAN bus (Controller Area Network)
C. Modbus
D. IoT (Internet of Things)
- ANSWER CAN bus (Controller Area Network)
5. After examining a header and footer file, a security analyst begins
reconstructing files by scanning the raw bytes of a hard disk and rebuilding
them. Which of the following techniques is the analyst using?
A. Header analysis
B. File Carving
C. Metadata analysis
D. Data recovery
- ANSWER File carving
6. An organization is experiencing security incidents in which a systems
administrator is creating unauthorized user accounts. A security analyst has
created a script to snapshot the system configuration each day. Following is
, one of the scripts:
cat/etc/passwd > daily_$(date +"%m_%d_%Y")
This script has been running successfully every day. Which of the following
commands would provide the analysis with additional useful information
relevant to the above script?
A. diff daily_11_03_2019 daily_11_04_2019
B. ps -ef | grep admin > daily_process_$(date +%m_%d_%Y")
C. more /etc/passwd > daily_$(date +%m_%d_%Y_%H:%M:%S")
D. la -lai/usr/sbin > daily_applications
- ANSWER diff daily_11_03_2019 daily_11_04_2019
7. A company's domain has been spooled in numerous phishing campaigns.
An analyst needs to determine if the company is a victim of domain
spoofing, despite having a DMARC record that should tell mailbox providers
to ignore any email that fails DMARC upon review of the record, the analyst
finds the following:
v=DMARC1; p=none; fo=0; rua=mailto:;
ruf=mailto:; adkim=r; rf=afrf; ri=86400;
Which of the following BEST explains the reason why the company's
requirements are not being processed correctly by mailbox providers?
A. The DMARC record's DKIM alignment tag is incorrectly configured
B. The DMARC record's policy tag is incorrectly configured
C. The DMARC record does not have an SPF alignment tag
D. The DMARC record's version tag is set to DMARC1 instead of the current
version, which is DMARC3
- ANSWER The DMARC record's policy tag is incorrectly configured
p=none - Take no action on the message and deliver it to the incident recipient.
It should be p=reject or p=quarantine
8. Which of the following BEST explains the function of trusted firmware
updates as they relate to hardware assurance?
A. Trusted firmware updates provide organizations with development,
compilation, remote access, and customization for embedded devices
, B. Trusted firmware updates provide organizations with security
specifications, open-source libraries, and custom tools for embedded
devices
C. Trusted firmware updates provide organizations with remote code
execution, distribution, maintenance, and extended warranties for
embedded devices
D. Trusted firmware updates provide organizations with secure code
signing, distribution, installation, and attestation for embedded devices
- ANSWER Trusted firmware updates provide organizations with secure
code signing, distribution, installation, and attestation for embedded devices
9. A help desk technician inadvertently set the credentials of the company's
CRM n clear text to an employee's personal email account. The technician
then reset the employer's account using the appropriate process and the
employee's corporate email, and notified the security team of the incident.
According to the incident response procedure, which of the following
should the security team do NEXT?
A. Contact the CRM vendor
B. Prepare an incident summary report
C. Perform postmortem data correlation
D. Update the incident response plan
- ANSWER Prepare an incident summary report
10.A developer downloaded and attempted to install a file transfer application
in which the installation package is bundled with adware. The next-
generation antivirus software prevented the file from executing, but it did
not remove the file from the device. Over the next few days, more
developers tried to download and execute the offending file. Which of the
following changes should be made to the security tools to BEST remedy the
issue?
A. Blacklist the hash in the next-generation antivirus system
B. Manually delete the file from each of the workstations
