Here are 20 practice questions in a quiz format to help prepare for the CompTIA CySA+ exam:
1- Which framework allows for risk prioritization based on potential threat impact?
a) NIST Cybersecurity Framework
b) OWASP Top 10
c) CIS Top 20 Critical Security Controls
d) ISO 31000
2- What is the MOST crucial strategy for managing and mitigating multiple known vulnerabilities?
a) The number of vulnerabilities
b) Prioritizing risk level of each vulnerability
c) The type of vulnerabilities
d) The location of vulnerabilities
3- How can a company's reluctance to interrupt business processes impact vulnerability management?
a) Increase market share
b) Enhance marketing strategies
c) Lead to postponed or overlooked patches
d) Boost employee productivity
4-Why is regular vulnerability management reporting crucial for an organization?
a) Boosts stock price
b) Improves employee morale
c) Helps identify and prioritize vulnerabilities
d) Increases customers
5- Which nmap syntax is used for operating system identification?
a) nmap -os
b) nmap -O
c) nmap -id
d) nmap -osscan
6- If a company patches identified vulnerabilities within 24 hours of weekly scans, what risk response strategy does this represent?
a) Avoidance
b) Acceptance
c) Mitigation
d) Transference
7- How can you identify affected hosts for a vulnerability?
a) Use BitLocker
b) Vulnerability scan for known issues
c) Packet sniff for exploitation signs
d) Network scan for vulnerable software
8- Why do legacy systems pose patching/remediation challenges?
a) Often lack support for newer patches
b) More secure against vulnerabilities
c) Simplified architecture eases patching
d) Built-in security prevents patching needs
9- After removing a BIOS rootkit, what should be done to prevent reinfection?
a) Install anti-malware
b) Utilize secure boot
c) Install host-based IDS
d) Use file integrity monitoring
10- What is the first step in the incident response process?
a) Recovery
b) Preparation
c) Identification
d) Containment
11- Which technique aims to deceive attackers by presenting fake vulnerabilities?
a) Honeypot
b) Vulnerability scanning
c) Penetration testing
d) Sandboxing
12- What is the purpose of data normalization in a SIEM?
a) Reduce data redundancy
b) Encrypt sensitive data
c) Compress log data
d) Filter out irrelevant logs
13- Which protocol is used by Snort for intrusion detection?
a) SMTP
b) FTP
c) TCP/IP
d) UDP
14- What is the MITRE ATT&CK framework used for?
a) Penetration testing methodology
b) Describing cyber adversary behaviors
c) Vulnerability management
d) Incident response planning
15- Which type of malware aims to disrupt operations or destroy data?
a) Ransomware
b) Rootkit
c) Worm
d) Wiper
16- What is the purpose of network baselining?
a) Establish normal traffic patterns
b) Perform vulnerability scans
c) Detect policy violations
d) Block unauthorized access
17- Which technique involves setting up fake assets to gather threat intelligence?
a) Sandboxing
b) Honeypot
c) Air-gapping
d) Penetration testing
18- What is the goal of data masking in security testing?
a) Encrypt sensitive production data
b) Compress log files
c) Normalize event data
d) Filter out false positives
19- Which type of firewall filters traffic based on application-layer data?
a) Packet filter
b) Stateful inspection
c) Application-layer gateway
d) Circuit-level gateway
20- What is the purpose of the triage process in incident response?
a) Evidence collection
b) Determine incident scope and priority
c) Apply patches and updates
d) Restore systems to operation
Here are the answers with explanations for the 20 CySA+ practice questions:
a) NIST Cybersecurity Framework
The NIST Cybersecurity Framework provides guidance on managing cybersecurity risk based on potential impact.
b) Prioritizing risk level of each vulnerability
Prioritizing vulnerabilities based on their risk level is crucial for effective vulnerability management when dealing with multiple issues.
c) Lead to postponed or overlooked patches
A company's reluctance to interrupt operations can lead to postponing or overlooking critical patches, leaving systems vulnerable.
c) Helps identify and prioritize vulnerabilities
Regular vulnerability reporting allows organizations to identify, assess, and prioritize vulnerabilities for remediation.
b) nmap -O
The nmap -O syntax is used for remote operating system detection and identification.
c) Mitigation
Patching identified vulnerabilities within a set timeframe represents a risk mitigation strategy.
b) Vulnerability scan for known issues
Vulnerability scanning tools can identify affected hosts by checking for the presence of known vulnerabilities.
a) Often lack support for newer patches
Legacy systems may lack vendor support, making it challenging to apply newer security patches and updates.
b) Utilize secure boot
Enabling secure boot can help prevent rootkit reinfection by ensuring only trusted code runs during the boot process.
c) Identification
The first step in the incident response process is identifying and confirming that an incident has occurred.
a) Honeypot
A honeypot is a decoy system designed to attract and deceive attackers by presenting fake vulnerabilities.
a) Reduce data redundancy
Data normalization in a SIEM aims to reduce redundancy by consolidating and restructuring log data from various sources.
c) TCP/IP
Snort uses the TCP/IP protocol suite for network-based intrusion detection and analysis.
b) Describing cyber adversary behaviors
The MITRE ATT&CK framework is used to describe and categorize the tactics, techniques, and procedures used by cyber adversaries.
d) Wiper
Wiper malware is designed to disrupt operations or destroy data on infected systems.
a) Establish normal traffic patterns
Network baselining involves monitoring and establishing normal network traffic patterns to detect anomalies.
b) Honeypot
Honeypots are fake assets set up to gather intelligence on potential threats and attacker behaviors.
a) Encrypt sensitive production data
Data masking involves encrypting or obfuscating sensitive production data for use in security testing environments.
c) Application-layer gateway
An application-layer gateway firewall filters traffic based on application-layer data, such as HTTP headers and content.
b) Determine incident scope and priority
The triage process in incident response aims to determine the scope and priority of an incident for appropriate response actions.
