Comptia Cybersecurity Analyst (cysa+) Questions

By Author: infosec train
Total Articles: 33
Comment this article

What is CySA+?
CompTIA Cybersecurity Analyst (CySA+) is a certification for IT professionals who use new solutions on devices and networks to prevent, identify, and defeat cybersecurity threats.
CompTIA CySA+ is the only intermediate Cybersecurity Analyst certification that includes both performance-based and multiple-choice questions.
The most common CySA+ questions and answers are listed below. These questions aim to give you details about the CompTIA Cybersecurity Analyst examination.

1. Olivia is thinking about where she could get threat intelligence information that she can use in her protection software. Which of the following outlets is most likely to be free of charge?
A. Vulnerability feeds
B. Open source
C. Closed source
D. Proprietary

Answer B. Open source intelligence is content that is publicly accessible that does not require a membership fee. The terms "closed source" and "proprietary intelligence" are similar, and all require fees to the providers. While vulnerability inputs are classified as threat information, they usually require a membership.

2. Cynthia ...
... wants to collect information about the target organization's network assets during the reconnaissance stage of a penetration test without triggering an IPS to alert the target to her information gathering. Which of the following options is better for her?
A. Perform a DNS brute-force attack
B. Use a Nmap ping sweep
C. Perform a DNS zone transfer
D. Use a Nmap stealth scan

Answer A. A DNS brute-force attack that queries a list of IPs, standard subdomains, or other lists of targets can always circumvent intrusion detection and prevention mechanisms that don't pay attention to DNS queries, although it might seem strange. Cynthia may also be able to locate a DNS server that isn't secured by the IPS of the company! Cynthia should anticipate Nmap scans to be identified because they are more difficult to mask during reconnaissance. Cynthia shouldn't expect to do a zone switch, and if she does, a properly configured IPS should alert.

3. Charles creates and exchanges threat assessments with specific technologists and leaders as part of his threat intelligence program. What stage of the intelligence cycle are we in right now?
A. Dissemination
B. Feedback
C. Collection
D. Requirements

Answer A. During the dissemination process of the intelligence cycle, intelligence information is shared with consumers.

4. Fred thinks the malware he's looking at is using a swift flux DNS network, which associates several IP addresses with a single completely eligible domain name and uses multiple download hosts. Based on the NetFlow seen here, how many distinct hosts could he investigate?
Date flow, start, Duration, Proto, Src, IP Addr: Port- Dst IPAddr: Port Packets, Bytes, Flows
2020-07-11 14:39:30.606 0.448 TCP 192.168.2.1:1451- >10.2.3.1:443 10 1510 1
2020-07-11 14:39:30.826 0.448 TCP 10.2.3.1:443- >192.168.2.1:1451 7 360 1
2020-07-11 14:45:32.495 18.492 TCP 10.6.2.4:443->192.168.2.1:1496 5 1107 1
2020-07-11 14:45:32.255 18.888 TCP 192.168.2.1:1496- >10.6.2.4:443 11 1840 1
2020-07-11 14:46:54.983 0.000 TCP 192.168.2.1:1496- >10.6.2.4:443 1 49 1
2020-07-11 16:45:34.764 0.362 TCP 10.6.2.4:443- >192.168.2.1:4292 4 1392 1
2020-07-11 16:45:37.516 0.676 TCP 192.168.2.1:4292- >10.6.2.4:443 4 462 1
2020-07-11 16:46:38.028 0.000 TCP 192.168.2.1:4292- >10.6.2.4:443 2 89 1
2020-07-11 14:45:23.811 0.454 TCP 192.168.2.1:1515- >10.6.2.5:443 4 263 1
2020-07-11 14:45:28.879 1.638 TCP 192.168.2.1:1505- >10.6.2.5:443 18 2932 1
2020-07-11 14:45:29.087 2.288 TCP 10.6.2.5:443- >192.168.2.1:1505 37 48125 1
2020-07-11 14:45:54.027 0.224 TCP 10.6.2.5:443- >192.168.2.1:1515 2 1256 1
2020-07-11 14:45:58.551 4.328 TCP 192.168.2.1:1525- >10.6.2.5:443 10 648 1
2020-07-11 14:45:58.759 0.920 TCP 10.6.2.5:443- >192.168.2.1:1525 12 15792 1
2020-07-11 14:46:32.227 14.796 TCP 192.168.2.1:1525- >10.8.2.5:443 31 1700 1
2020-07-11 14:46:52.983 0.000 TCP 192.168.2.1:1505- >10.8.2.5:443 1 40 1
A. 1
B. 3
C. 4
D. 5

Answer C. From 192.168.2.1, four different hosts are accessed in this flow review. 10.2.3.1, 10.6.2.4, 10.6.2.5, and 10.8.2.5 are the addresses.

5. Mia wants to be sure that the architecture of a new ERP program in progress is reviewed by her company's cybersecurity department. Mia should consider the security architecture to be completed during which phase of the SDLC?
A. Analysis and Requirements Definition
B. Design
C. Development
D. Testing and Integration
Answer B. Security architecture and data flow diagram completed during the Design phase.

6. Mika needs to use service discovery and run a Nmap scan that covers all TCP ports. Which of the Nmap commands would she need to run?
A. nmap -p0 -all -SC
B. nmap -p 1-32768 -sVS
C. nmap -p 1-65535 -sV -sS
D. nmap -all -sVS

Answer C. Using an SYN scan (-sS) you will scan the entire TCP port range (1-65535) and declare the maximum list of potential ports. The -sV flag is used to allow service version recognition.

7. The following are the results of a port scan performed during a security review. What kind of device has been scanned most probably?
Example of a Nmap scan report (192.168.1.79)
Host is up (1.00s latency)
Not shown: 992 closed ports
PORT STATE
21/tcp open
23/tcp open
80/tcp open
280/tcp open
443/tcp open
515/tcp open
631/tcp open
9100/tcp open
Nmap done: 1 IP address (1 host up) scanned in 124.20 seconds
A. A wireless access point
B. A server
C. A printer
D. A switch

Answer C. In the fact that TCP ports 21, 23, 80, and 443 are both commonly used, 515 and 9100 are often associated with printers.

8. Brooke wants to find a technology platform that automates workflows through a range of security technologies, including automatic security incident response. Which tool category best fits this requirement?
A. SIEM
B. NIPS
C. SOAR
D. DLP

Answer C. While all of these tools can have some security automation, the aim of a SOAR (security orchestration, automation, and response) platform is to automate security through multiple solutions.

9. What team participates in offensive activities intended to breach security controls during a security exercise?
A. Black team
B. Red team
C. Blue team
D. White team

Answer B. The red team is in charge of offensive operations during a security exercise. The blue unit is in charge of defensive activities. The white team was assigned as a referee. There is no such thing as a black team.

10. Which of the following ISO standards advices about how to build and implement information security management systems?
A. ISO 27001
B. ISO 9000
C. ISO 11120
D. ISO 23270
Answer A. Information security management systems are covered by ISO 27001. Quality management is covered by ISO 9000. Gas cylinders are covered by ISO 11120. Programming languages are provided by ISO 23270.
Conclusion
InfosecTrain is a leading provider of IT security training. We provide a complete CompTIA CySA+ certification training program. If you need the help of professionals to pass the CompTIA CySA+ certification exam, check out our CySA+ Certification Training Course. Our course will help you learn how to cover complex persistent threats and how to configure and use threat-detection tools quickly and effectively.

CySA+, Cybersecurity Analyst certification, CompTIA Cybersecurity Analyst examination, CySA+ Certification Training Cou