SkillTestPro | CompTIA CySA+ Practice Test 3

CompTIA CySA+ Practice Test 3

CompTIA CySA+ Practice Test

1 / 10

After mitigating a supply chain attack, you’re updating the IT team. Which detail best supports future prevention?

Total bytes of data transferred

Unprocessed firewall logs

Employee login schedules

SIEM alert thresholds

Attack indicators of compromise (IoCs)

2 / 10

A web app scan flags a cross-site scripting (XSS) vulnerability. Which tool validates this manually?

burp suite

nmap -p 80

hydra

metasploit

nc -zv

3 / 10

An IDS alerts on suspicious ICMP traffic. Which command captures it for analysis?

netstat -an

ping -c 100 192.168.1.1

ip addr

tcpdump -i eth0 icmp -w icmp.pcap

traceroute 192.168.1.1

4 / 10

A malware infection is spreading via USB drives. Which command identifies recently connected devices on Linux?

lsblk

dmesg | grep usb

ps aux

who

netstat -i

5 / 10

A scan identifies a server with exposed SMBv1 (CVE-2017-0144, EternalBlue). Which mitigation should you apply?

Block port 445 with a firewall

Update the OS to remove SMB

Switch to NFS

Reinstall the server

Disable SMBv1 via registry or powershell Set-SmbServerConfiguration -EnableSMB1Protocol $false

6 / 10

A SIEM flags unusual outbound connections to a known C2 domain. Which command confirms the connection on Windows?

ipconfig /all

tasklist

route print

netstat -anb | findstr "ESTABLISHED"

systeminfo

7 / 10

A board meeting requires a briefing on a recent insider threat. Which detail ensures stakeholder understanding?

Raw memory dump analysis

Unfiltered SIEM logs

Mean time to detection and containment

Packet-level traffic statistics

IDS signature details

8 / 10

A system is compromised, and you need to preserve evidence. Which command creates a forensic disk image on Linux?

cp /dev/sda /mnt/evidence

tar -czf /mnt/evidence.tar.gz /dev/sda

mkfs.ext4 /mnt/evidence.img

cat /dev/sda > /mnt/evidence

dd if=/dev/sda of=/mnt/evidence.img bs=4M

9 / 10

A scan flags a server with an outdated PHP version prone to RCE (CVE-2023-1234). What’s the immediate action?

Disable the web server

Block port 80 with a firewall

Run nmap -sV to verify

Update PHP to the latest stable release

Switch to a different scripting language

10 / 10

A SOC analyst sees encrypted traffic spikes from a host. Which tool analyzes this to detect potential exfiltration?

wireshark

ping

tracert

netcat

arp

Your score is

The average score is 0%