CYSA+ Review Questions with solutions
100% solved
Which one of the following objectives is not one of the three main objectives that information
security professionals must achieve to protect their organizations against cybersecurity threats?
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality B
Tommy is assessing the security of several database servers in his datacenter and realizes that
one of them is missing a critical Oracle security patch. What type of situation has Tommy
detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat B
Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to
follow the standard process proposed by NIST, which one of the following steps would come
first?
, CYSA+ Review Questions with solutions
100% solved
A. Determine likelihood
B. Determine impact
C. Identify threats
D. Identify vulnerabilities C
Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure
of her city's power grid might have on the organization. What type of threat is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmenta D
Which one of the following categories of threat requires that cybersecurity analysts consider the
capability, intent, and targeting of the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental A
, CYSA+ Review Questions with solutions
100% solved
Vincent is responding to a security incident that compromised one of his organization's web
servers. He does not believe that the attackers modified or stole any information, but they did
disrupt access to the organization's website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability D
Which one of the following is an example of an operational security control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests D
Paul recently completed a risk assessment and determined that his network was vulnerable to
hackers connecting to open ports on servers. He implemented a network firewall to reduce the
likelihood of a successful attack. What risk management strategy did Paul choose to pursue?
, CYSA+ Review Questions with solutions
100% solved
A. Risk mitigation
B. Risk avoidance
C. Risk transference
D. Risk acceptance A
Robert's organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure
that devices connected to the network under this policy have current antivirus software. What
technology can best assist him with this goal?
A. Network firewall
B. Network access control (NAC)
C. Network segmentation
D. Virtual private network B
When performing 802.1x authentication, what protocol does the authenticator use to
communicate with the authentication server?
A. 802.11g
B. EAP
C. PEAP
100% solved
Which one of the following objectives is not one of the three main objectives that information
security professionals must achieve to protect their organizations against cybersecurity threats?
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality B
Tommy is assessing the security of several database servers in his datacenter and realizes that
one of them is missing a critical Oracle security patch. What type of situation has Tommy
detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat B
Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to
follow the standard process proposed by NIST, which one of the following steps would come
first?
, CYSA+ Review Questions with solutions
100% solved
A. Determine likelihood
B. Determine impact
C. Identify threats
D. Identify vulnerabilities C
Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure
of her city's power grid might have on the organization. What type of threat is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmenta D
Which one of the following categories of threat requires that cybersecurity analysts consider the
capability, intent, and targeting of the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental A
, CYSA+ Review Questions with solutions
100% solved
Vincent is responding to a security incident that compromised one of his organization's web
servers. He does not believe that the attackers modified or stole any information, but they did
disrupt access to the organization's website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability D
Which one of the following is an example of an operational security control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests D
Paul recently completed a risk assessment and determined that his network was vulnerable to
hackers connecting to open ports on servers. He implemented a network firewall to reduce the
likelihood of a successful attack. What risk management strategy did Paul choose to pursue?
, CYSA+ Review Questions with solutions
100% solved
A. Risk mitigation
B. Risk avoidance
C. Risk transference
D. Risk acceptance A
Robert's organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure
that devices connected to the network under this policy have current antivirus software. What
technology can best assist him with this goal?
A. Network firewall
B. Network access control (NAC)
C. Network segmentation
D. Virtual private network B
When performing 802.1x authentication, what protocol does the authenticator use to
communicate with the authentication server?
A. 802.11g
B. EAP
C. PEAP
