Free CySA+ Practice Test

Correct Answer: All potentially relevant data must be preserved and not altered or destroyed Explanation: A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is pending or reasonably anticipated. This means no data destruction or alteration, ensuring its integrity for potential legal proceedings.

Correct Answer: To detect deviations from a secure, predefined configuration standard Explanation: A security baseline scan compares the current configuration of a system against a known secure and approved configuration baseline to identify configuration drift or non-compliance.

Correct Answer: Denial of Service / DDoS Explanation: An unusually large volume of requests from a single source (DoS) or multiple sources (DDoS) designed to overwhelm a server and make it unavailable to legitimate users is a classic sign of a denial-of-service attack.

Correct Answer: Full Disk Encryption Explanation: Full Disk Encryption encrypts all data on a storage device, providing comprehensive protection for data at rest, making it unreadable without the correct decryption key.

Correct Answer: Cyber Kill Chain Explanation: The Cyber Kill Chain is a framework developed by Lockheed Martin that describes the stages an attacker typically goes through to achieve an objective on a target network, including reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.

Correct Answer: Exploitability / Weaponization Explanation: Exploitability refers to how easily a vulnerability can be exploited, often considering factors like the availability of public exploit code, the complexity of the attack, and the privileges required. This is a key factor in prioritizing vulnerabilities.

Correct Answer: Re-imaging the system from a known good baseline Explanation: Re-imaging (or wiping and restoring from a clean backup) is the most thorough method to ensure complete eradication of malware, as it removes the entire compromised operating system and replaces it with a trusted state.

Correct Answer: Log parsing and filtering Explanation: Parsing extracts relevant fields from raw logs, and filtering discards irrelevant events based on predefined criteria, significantly reducing the volume of data that needs to be analyzed and improving the signal-to-noise ratio in a SIEM.

Correct Answer: Penetration Test Explanation: A penetration test is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. It actively tries to breach security controls, mimicking a real attacker.

Correct Answer: UEBA Explanation: UEBA systems collect and analyze data about user and entity behavior (login times, location, data access patterns) to establish baselines and detect anomalous activities that could indicate insider threats, account compromise, or data exfiltration.