CompTIA CYSA Exam Questions and Answer s Evaluate the methods and determine which the engineer uses to push updates via the syslog protocol. - Answer -Listener/collector An IT analyst utilizes software to visualize the incidence of types of events and show how the number or frequency of those events changes over time. For reporting purposes, the analyst focuses on statistical deviation. Review the possibilities and conclud e which approach the analyst employs? - Answer -Acquire the sum of all values, divided by the number of samples An IT firm provides security services for many business clients. As part of an overall security monitoring package, the firm provides trend analysis as it relates to systems behavior. Which area does staff use to create a baseline and regular measurements? - Answer -Host metrics An IT engineer looks to deploy a Security Information and Event Management (SIEM) program. The effective deployment of a SIEM program involves which of the following considerations when it comes to tracking flagged events? - Answer -Ticketing process a chief information security officer wants to upgrade an organization security posture by improving proactive activities associated with attacks from internal and external threats.which of the following is the most proactive tool or technique that feeds in cident response capabilities? - Answer -development of a hypothesis as part of threat hunting Management at a financial firm assigns a cybersecurity task force to investigate a compromised server. The task force focuses on searching for account -based Indicators of Compromise (IoC). Which areas do members of the task force focus on? Select all that apply. - Answer -Unauthorized sessions Off hours usage Failed logons A small business has experienced a security breach. A forensics investigation team follows documented procedures during a review of the breach. Currently, the team is in the first phase. Which process is characteristic of this phase? - Answer -Secure the scene to prevent contamination of evidence. A cybersecurity specialist needs to acquire the contents of memory from a compromised Windows server. Live acquisition of the contents is the goal; however, the specialist discovers this approach is not possible. Evaluate the given reasons and conclude why live acquisition is not possible. - Answer -This approach requires a kernel mode driver to function. An attacker compromises an Active Directory domain by using an attack that grants administrative access to domain controllers for all members of the domain. Which attack type does the attacker utilize to accomplish this specific action? - Answer -golden tic ket A technology specialist attempts the recovery of a maliciously deleted folder of important data. The specialist uses file carving to try to retrieve the missing data. How does carving handle the data retrieval process? - Answer -By analyzing the disk at sector page/level An attacker compromises a user's online website account for a large retailer. What method details the process of harvesting an account's cached credentials when the user logs in to a single sign -on (SSO) system? - Answer -Pass the hash An IT administrator identifies a service interruption on a server through system and application log files and alerts. Which issues may be causing the problem? Select all that apply. - Answer -An attack may have disabled a service.An adversary is preventing services from running.Malware may have compromised an authorized service. Engineers at a company feel that a rogue server system exists on a corporate network. Through investigating, the engineers determine that one of two types of a malicious server exist. Compare the device types and conclude which two types might be the probl em. Select all that apply. - Answer -Honeypot Virtual Machine A cybersecurity specialist determines that there is a breach in a system at a large financial firm. Using an order of volatility approach, the specialist carefully performs data acquisition procedures to capture evidence. Evaluate the components and determ ine what component the specialist should be the most careful of when capturing evidence. - Answer -GPU cache An attack has compromised a virtualized server. Security experts perform forensic activity as part of a recovery effort. The experts conclude that the attack deleted a virtual machine image as part of the malicious activity. Experts now face a difficult recovery. Evaluate the given challenges and determine which one is likely. - Answer -
The attack widely fragmented the image across the host file system. A security specialist creates incident response procedures for a company. The company has the plan divided into phases, as defined by NIST. The specialist creates an acceptable use policy. Which phase does the specialist contribute to? - Answer -
Preparation When considering cybersecurity, system process criticality relates to which statement? - Answer -The documentation of all systems within an organization
The attack widely fragmented the image across the host file system. A security specialist creates incident response procedures for a company. The company has the plan divided into phases, as defined by NIST. The specialist creates an acceptable use policy. Which phase does the specialist contribute to? - Answer -
Preparation When considering cybersecurity, system process criticality relates to which statement? - Answer -The documentation of all systems within an organization
