CompTIA Cybersecurity Analyst (CySA+) Questions

1
www.infosectrain.com
CompTIA Cybersecurity Analyst (CySA) Questions
2
InfosecTrain
About Us
InfosecTrain is one of the finest Security and
Technology Training and Consulting organization,
focusing on a range of IT Security Trainings and
Information Security Services. InfosecTrain was
established in the year 2016 by a team of
experienced and enthusiastic professionals, who
have more than 15 years of industry experience.
We provide professional training, certification
consulting services related to all areas of
Information Technology and Cyber Security.
3
(No Transcript)
4
What is CySA?

• CompTIA Cybersecurity Analyst (CySA) is a
  certification for IT professionals who use new
  solutions on devices and networks to prevent,
  identify, and defeat cybersecurity threats.
• CompTIA CySA is the only intermediate
  Cybersecurity Analyst certification that includes
  both performance-based and multiple-choice
  questions.
• The most common CySA questions and answers are
  listed below. These questions aim to give you
  details about the CompTIA Cybersecurity Analyst
  examination.
• Olivia is thinking about where she could get
  threat intelligence information that she can use
  in her protection software. Which of the
  following outlets is most likely to be free of
  charge?
• A. Vulnerability feeds
• B. Open source
• C. Closed source
• D. Proprietary

• CCISO Certification

5

• Answer B. Open source intelligence is content
  that is publicly accessible that does not require
  a membership fee. The terms "closed source" and
  "proprietary intelligence" are similar, and all
  require fees to the providers. While
  vulnerability inputs are classified as threat
  information, they usually require a membership.
• 2. Cynthia wants to collect information about the
  target organization's network assets during the
  reconnaissance stage of a penetration test
  without triggering an IPS to alert the target to
  her information gathering. Which of the following
  options is better for her?
• Perform a DNS brute-force attack
• B. Use a Nmap ping sweep
• C. Perform a DNS zone transfer
• D. Use a Nmap stealth scan
• Answer A. A DNS brute-force attack that queries a
  list of IPs, standard subdomains, or other lists
  of targets can always circumvent intrusion
  detection and prevention mechanisms that don't
  pay attention to DNS queries, although it might
  seem strange. Cynthia may also be able to locate
  a DNS server that isn't secured by the IPS of the
  company! Cynthia should anticipate Nmap scans to
  be identified because they are more difficult to
  mask during reconnaissance. Cynthia shouldn't
  expect to do a zone switch, and if she does, a
  properly configured IPS should alert.

6

• 3. Charles creates and exchanges threat
  assessments with specific technologists and
  leaders as part of his threat intelligence
  program. What stage of the intelligence cycle are
  we in right now?
• A. Dissemination
• B. Feedback
• C. Collection
• D. Requirements
• Answer A. During the dissemination process of the
  intelligence cycle, intelligence information is
  shared with consumers.
• 4. Fred thinks the malware he's looking at is
  using a swift flux DNS network, which associates
  several IP addresses with a single completely
  eligible domain name and uses multiple download
  hosts. Based on the NetFlow seen here, how many
  distinct hosts could he investigate?
• Date flow, start, Duration, Proto, Src, IP Addr
  Port- Dst IPAddr Port Packets, Bytes, Flows
• 2020-07-11 143930.606 0.448 TCP
  192.168.2.11451- gt10.2.3.1443 10 1510 1
• 2020-07-11 143930.826 0.448 TCP 10.2.3.1443-
  gt192.168.2.11451 7 360 1

7

• 2020-07-11 144532.495 18.492 TCP
  10.6.2.4443-gt192.168.2.11496 5 1107 1
• 2020-07-11 144532.255 18.888 TCP
  192.168.2.11496- gt10.6.2.4443 11 1840 1
• 2020-07-11 144654.983 0.000 TCP
  192.168.2.11496- gt10.6.2.4443 1 49 1
• 2020-07-11 164534.764 0.362 TCP 10.6.2.4443-
  gt192.168.2.14292 4 1392 1
• 2020-07-11 164537.516 0.676 TCP
  192.168.2.14292- gt10.6.2.4443 4 462 1
• 2020-07-11 164638.028 0.000 TCP
  192.168.2.14292- gt10.6.2.4443 2 89 1
• 2020-07-11 144523.811 0.454 TCP
  192.168.2.11515- gt10.6.2.5443 4 263 1
• 2020-07-11 144528.879 1.638 TCP
  192.168.2.11505- gt10.6.2.5443 18 2932 1
• 2020-07-11 144529.087 2.288 TCP 10.6.2.5443-
  gt192.168.2.11505 37 48125 1
• 2020-07-11 144554.027 0.224 TCP 10.6.2.5443-
  gt192.168.2.11515 2 1256 1
• 2020-07-11 144558.551 4.328 TCP
  192.168.2.11525- gt10.6.2.5443 10 648 1
• 2020-07-11 144558.759 0.920 TCP 10.6.2.5443-
  gt192.168.2.11525 12 15792 1
• 2020-07-11 144632.227 14.796 TCP
  192.168.2.11525- gt10.8.2.5443 31 1700 1
• 2020-07-11 144652.983 0.000 TCP
  192.168.2.11505- gt10.8.2.5443 1 40 1

8

• A. 1
• B. 3
• C. 4
• D. 5
• Answer C. From 192.168.2.1, four different hosts
  are accessed in this flow review. 10.2.3.1,
  10.6.2.4, 10.6.2.5, and 10.8.2.5 are the
  addresses.
• 5. Mia wants to be sure that the architecture of
  a new ERP program in progress is reviewed by her
  company's cybersecurity department. Mia should
  consider the security architecture to be
  completed during which phase of the SDLC?
• A. Analysis and Requirements Definition
• B. Design
• C. Development
• D. Testing and Integration
• Answer B. Security architecture and data flow
  diagram completed during the Design phase.

9

• 6. Mika needs to use service discovery and run a
  Nmap scan that covers all TCP ports. Which of the
  Nmap commands would she need to run?
• A. nmap -p0 -all -SC
• B. nmap -p 1-32768 -sVS
• C. nmap -p 1-65535 -sV -sS
• D. nmap -all sVS
• Answer C. Using an SYN scan (-sS) you will scan
  the entire TCP port range (1-65535) and declare
  the maximum list of potential ports. The -sV flag
  is used to allow service version recognition.
• 7. The following are the results of a port scan
  performed during a security review. What kind of
  device has been scanned most probably?
• Example of a Nmap scan report (192.168.1.79)
• Host is up (1.00s latency)
• Not shown 992 closed ports

10

• PORT STATE
• 21/tcp open
• 23/tcp open
• 80/tcp open
• 280/tcp open
• 443/tcp open
• 515/tcp open
• 631/tcp open
• 9100/tcp open
• Nmap done 1 IP address (1 host up) scanned in
  124.20 seconds
• A. A wireless access point
• B. A server
• C. A printer
• D. A switch
• Answer C. In the fact that TCP ports 21, 23, 80,
  and 443 are both commonly used, 515 and 9100 are
  often associated with printers.

11

• 8. Brooke wants to find a technology platform
  that automates workflows through a range of
  security technologies, including automatic
  security incident response. Which tool category
  best fits this requirement?
• A. SIEM
• B. NIPS
• C. SOAR
• D. DLP
• Answer C. While all of these tools can have some
  security automation, the aim of a SOAR (security
  orchestration, automation, and response) platform
  is to automate security through multiple
  solutions.
• 9. What team participates in offensive activities
  intended to breach security controls during a
  security exercise?
• A. Black team
• B. Red team
• C. Blue team
• D. White team

12

• Answer B. The red team is in charge of offensive
  operations during a security exercise. The blue
  unit is in charge of defensive activities. The
  white team was assigned as a referee. There is no
  such thing as a black team.
• 10. Which of the following ISO standards advices
  about how to build and implement information
  security management systems?
• A. ISO 27001
• B. ISO 9000
• C. ISO 11120
• D. ISO 23270
• Answer A. Information security management systems
  are covered by ISO 27001. Quality management is
  covered by ISO 9000. Gas cylinders are covered by
  ISO 11120. Programming languages are provided by
  ISO 23270.
• Conclusion
• InfosecTrain is a leading provider of IT security
  training. We provide a complete CompTIA CySA
  certification training program. If you need the
  help of professionals to pass the CompTIA CySA
  certification exam, check out our CySA
  Certification Training Course. Our course will
  help you learn how to cover complex persistent
  threats and how to configure and use
  threat-detection tools quickly and effectively.

13
(No Transcript)
14
ABOUT OUR COMPANY
OUR CONTACT
InfosecTrain welcomes overseas customers to come
and attend training sessions in destination
cities across the globe and enjoy their learning
experience at the same time.
1800-843-7890
https//www.facebook.com/Infosectrain/
sales_at_infosectrain.com
https//www.linkedin.com/company/infosec-train/
www.infosectrain.com
https//www.youtube.com/c/InfosecTrain