Cybersecurity Analyst Certification Exam Q&A (CYSA+ Style), Exams of Cybercrime, Cybersecurity and Data Privacy

A comprehensive set of questions and verified answers related to the cybersecurity analyst (cysa+) certification exam. It covers key cybersecurity concepts, tools, and practices, including network security, incident response, vulnerability management, and risk management. Each question is accompanied by a rationale, offering insights into the correct answer and reinforcing understanding of the underlying principles. This q&a resource is designed to help cybersecurity professionals prepare for the cysa+ exam and enhance their knowledge of cybersecurity fundamentals, making it a valuable tool for both exam preparation and continuous learning in the field of cybersecurity.

Typology: Exams

2025/2026

Available from 12/22/2025

masterystudyhub
masterystudyhub 🇺🇸

4.7

(3)

4.4K documents

1 / 21

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CYBERSECURITY ANALYST
CERTIFICATION EXAM (CYSA+–STYLE
COMPREHENSIVE COVERAGE)
QUESTION AND CORRECT ANSWERS
(VERIFIED ANSWERS) PLUS RATIONALES
2026 Q&A INSTANT DOWNLOAD PDF
1. Which activity best represents the primary role of a cybersecurity analyst?
A. Developing software applications
B. Installing hardware components
C. Monitoring systems for security threats
D. Managing user payroll
Rationale: Cybersecurity analysts focus on detecting, analyzing, and
responding to security incidents.
2. What does CIA stand for in information security?
A. Confidentiality, Integrity, Authentication
B. Control, Integrity, Availability
C. Confidentiality, Integrity, Availability
D. Control, Inspection, Access
Rationale: The CIA triad is the foundation of information security
principles.
3. Which tool is commonly used for network packet analysis?
A. Nmap
B. Wireshark
C. Nessus
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15

Partial preview of the text

Download Cybersecurity Analyst Certification Exam Q&A (CYSA+ Style) and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CYBERSECURITY ANALYST

CERTIFICATION EXAM (CYSA+–STYLE

COMPREHENSIVE COVERAGE)

QUESTION AND CORRECT ANSWERS

(VERIFIED ANSWERS) PLUS RATIONALES

2026 Q&A INSTANT DOWNLOAD PDF

  1. Which activity best represents the primary role of a cybersecurity analyst? A. Developing software applications B. Installing hardware components C. Monitoring systems for security threats D. Managing user payroll Rationale: Cybersecurity analysts focus on detecting, analyzing, and responding to security incidents.
  2. What does CIA stand for in information security? A. Confidentiality, Integrity, Authentication B. Control, Integrity, Availability C. Confidentiality, Integrity, Availability D. Control, Inspection, Access Rationale: The CIA triad is the foundation of information security principles.
  3. Which tool is commonly used for network packet analysis? A. Nmap B. Wireshark C. Nessus

D. Metasploit Rationale: Wireshark captures and analyzes network packets in detail.

  1. What type of malware disguises itself as legitimate software? A. Worm B. Ransomware C. Trojan D. Rootkit Rationale: Trojans appear legitimate but perform malicious actions.
  2. Which attack floods a system with traffic to make it unavailable? A. Phishing B. Spoofing C. Denial-of-Service D. Man-in-the-middle Rationale: DoS attacks overwhelm resources to disrupt availability.
  3. What is the main purpose of vulnerability scanning? A. Patch systems B. Identify known weaknesses C. Block traffic D. Encrypt data Rationale: Vulnerability scans detect known security flaws.
  4. Which protocol securely transfers files? A. FTP B. TFTP C. SFTP D. HTTP Rationale: SFTP uses SSH to provide encrypted file transfers.
  5. What does IDS stand for? A. Integrated Defense System B. Intrusion Detection System C. Internal Data Service

D. Hide network traffic Rationale: Hashing verifies data has not been altered. 14.Which malware encrypts files and demands payment? A. Spyware B. Worm C. Ransomware D. Keylogger Rationale: Ransomware locks data until a ransom is paid. 15.What is a zero-day vulnerability? A. A patched flaw B. A fake exploit C. An unknown or unpatched vulnerability D. A user error Rationale: Zero-days are exploited before fixes are available. 16.Which framework provides best practices for cybersecurity risk management? A. ITIL B. NIST Cybersecurity Framework C. COBIT D. TOGAF Rationale: NIST CSF outlines identify, protect, detect, respond, recover. 17.What is the primary goal of incident response? A. Prevent all attacks B. Minimize impact of incidents C. Replace systems D. Increase system complexity Rationale: Incident response reduces damage and recovery time. 18.Which control type prevents unauthorized access? A. Detective B. Preventive

C. Corrective D. Compensating Rationale: Preventive controls stop incidents before they occur. 19.What does SIEM stand for? A. Secure Internet Event Monitor B. Security Information and Event Management C. System Integrity Event Module D. Secure Internal Endpoint Manager Rationale: SIEM aggregates and analyzes security logs. 20.Which attack exploits user trust rather than technical flaws? A. SQL injection B. Cross-site scripting C. Social engineering D. DDoS Rationale: Social engineering targets human behavior. 21.What is least privilege? A. Giving admins all access B. Granting only necessary permissions C. Using one shared account D. Removing authentication Rationale: Least privilege reduces attack surface. 22.Which tool is used for vulnerability scanning? A. Wireshark B. Nessus C. tcpdump D. Netcat Rationale: Nessus identifies vulnerabilities in systems. 23.What does MFA stand for? A. Managed File Access B. Multi-Factor Authentication

C. Detect malware D. Manage users Rationale: Firewalls enforce network access rules. 29.Which log helps detect malware execution? A. DNS logs B. Endpoint logs C. DHCP logs D. Proxy rules Rationale: Endpoint logs record process and application activity. 30.What is data exfiltration? A. Data backup B. Data deletion C. Unauthorized data transfer D. Data encryption Rationale: Exfiltration is stealing data from systems. 31.Which standard focuses on information security management systems? A. PCI DSS B. ISO/IEC 27001 C. HIPAA D. SOX Rationale: ISO 27001 defines ISMS requirements. 32.Which attack modifies DNS responses? A. Phishing B. DNS poisoning C. Smurf D. Teardrop Rationale: DNS poisoning redirects users to malicious sites. 33.What is the primary function of antivirus software? A. Patch systems B. Detect and remove malware

C. Encrypt disks D. Manage users Rationale: Antivirus identifies malicious software. 34.Which control corrects an issue after detection? A. Preventive B. Detective C. Corrective D. Deterrent Rationale: Corrective controls fix problems. 35.What is the main goal of penetration testing? A. Monitor logs B. Identify exploitable vulnerabilities C. Enforce policies D. Train users Rationale: Pen tests simulate real attacks. 36.Which attack intercepts communications? A. DoS B. Man-in-the-middle C. Brute force D. Replay Rationale: MITM attacks eavesdrop or alter traffic. 37.Which protocol secures email transmission? A. SMTP B. SMTPS C. POP D. IMAP Rationale: SMTPS encrypts email traffic. 38.What is threat intelligence? A. Antivirus updates B. Information about threats and actors

C. Corrective D. Detective Rationale: Deterrent controls discourage malicious behavior. 44.Which malware hides deep in the OS? A. Worm B. Trojan C. Rootkit D. Adware Rationale: Rootkits conceal malicious presence. 45.What is endpoint detection and response (EDR)? A. Firewall service B. Endpoint monitoring and response solution C. Backup software D. Encryption protocol Rationale: EDR detects and responds to endpoint threats. 46.Which attack exploits browser scripts? A. SQL injection B. Cross-site scripting C. DoS D. Spoofing Rationale: XSS injects malicious scripts into web pages. 47.What is the main goal of backup? A. Encryption B. Data recovery C. Access control D. Authentication Rationale: Backups restore data after loss. 48.Which protocol is used for secure remote login? A. Telnet B. SSH

C. FTP

D. SNMP

Rationale: SSH provides encrypted remote access. 49.What is lateral movement? A. Data backup B. Attacker moving within a network C. Patch deployment D. Log rotation Rationale: Lateral movement expands attacker access. 50.Which assessment is least intrusive? A. Penetration test B. Vulnerability scan C. Red team D. Exploit testing Rationale: Scans are automated and non-intrusive. 51.Which cloud security model places the most responsibility on the customer? A. SaaS B. PaaS C. IaaS D. FaaS Rationale: In IaaS, customers manage OS, applications, and security controls. 52.What is the main purpose of access control lists (ACLs)? A. Encrypt traffic B. Define permitted and denied access C. Monitor logs D. Patch systems Rationale: ACLs specify who can access resources.

58.What is the main purpose of sandboxing? A. Encrypt applications B. Isolate and analyze suspicious code C. Patch vulnerabilities D. Monitor traffic Rationale: Sandboxing safely executes untrusted code. 59.Which authentication method uses certificates? A. Password-based B. Public key authentication C. Biometrics D. Token-based Rationale: Certificates rely on public/private key pairs. 60.What is the role of a SOC? A. Software development B. Monitor and respond to security events C. User training D. Hardware repair Rationale: SOCs handle continuous security monitoring. 61.Which regulation protects payment card data? A. HIPAA B. PCI DSS C. GDPR D. SOX Rationale: PCI DSS secures cardholder information. 62.What is the primary purpose of tokenization? A. Hash passwords B. Replace sensitive data with tokens C. Compress files D. Monitor access Rationale: Tokenization reduces exposure of real data.

63.Which malware records keystrokes? A. Worm B. Keylogger C. Rootkit D. Adware Rationale: Keyloggers capture user input. 64.What does IAM stand for? A. Integrated Access Module B. Identity and Access Management C. Internal Authentication Method D. Information Assurance Model Rationale: IAM manages digital identities and permissions. 65.Which tool is commonly used for malware analysis? A. Nessus B. Cuckoo Sandbox C. Splunk D. Nmap Rationale: Cuckoo analyzes malware behavior. 66.Which attack leverages weak passwords repeatedly? A. Phishing B. Brute force C. Replay D. Injection Rationale: Brute force tries many password combinations. 67.What is the purpose of network segmentation? A. Increase bandwidth B. Limit attack spread C. Encrypt traffic D. Simplify routing Rationale: Segmentation isolates systems.

73.What is the purpose of patch management? A. Backup systems B. Fix known vulnerabilities C. Monitor traffic D. Train users Rationale: Patching reduces exploit risk. 74.Which attack redirects traffic to fake sites? A. Phishing B. DNS poisoning C. Smurf D. Flooding Rationale: DNS poisoning manipulates name resolution. 75.What is the main benefit of encryption at rest? A. Faster access B. Protect stored data C. Reduce storage D. Improve availability Rationale: Encryption at rest secures stored information. 76.Which standard addresses privacy information management? A. ISO 27001 B. ISO/IEC 27701 C. PCI DSS D. NIST SP 800- 53 Rationale: ISO 27701 extends privacy controls. 77.What is the primary role of threat hunting? A. Automated scanning B. Proactively searching for threats C. Policy writing D. User training Rationale: Threat hunting finds hidden attackers.

78.Which metric measures recovery speed? A. MTTD B. MTTR C. Dwell time D. Risk score Rationale: MTTR is mean time to recover/respond. 79.What is the purpose of HIDS? A. Monitor networks B. Monitor individual hosts C. Encrypt files D. Manage users Rationale: HIDS detects host-level threats. 80.Which attack exploits software memory errors? A. Phishing B. Buffer overflow C. Replay D. Spoofing Rationale: Buffer overflows overwrite memory. 81.What does RBAC rely on? A. User passwords B. Assigned roles C. IP addresses D. Device types Rationale: RBAC permissions are role-based. 82.Which control restores operations after failure? A. Preventive B. Detective C. Recovery D. Deterrent Rationale: Recovery controls restore services.

88.Which attack spoofs sender email addresses? A. Brute force B. Email spoofing C. Buffer overflow D. Flooding Rationale: Spoofing forges sender identities. 89.What is the role of digital forensics? A. Prevent attacks B. Investigate security incidents C. Encrypt data D. Monitor traffic Rationale: Forensics analyzes evidence post-incident. 90.Which protocol ensures secure API communication? A. HTTP B. TLS C. FTP D. Telnet Rationale: TLS encrypts data in transit. 91.What is the purpose of a baseline configuration? A. Improve performance B. Define secure system state C. Encrypt traffic D. Train users Rationale: Baselines establish security standards. 92.Which metric measures detection speed? A. MTTR B. MTTD C. Dwell time D. Risk score Rationale: MTTD is mean time to detect.

93.Which attack abuses legitimate admin tools? A. Phishing B. Living off the land C. Spoofing D. Flooding Rationale: Attackers misuse built-in tools. 94.What is the primary benefit of zero trust? A. No authentication B. Continuous verification C. Faster access D. Fewer controls Rationale: Zero trust assumes no implicit trust. 95.Which component verifies user identity? A. Authorization B. Authentication C. Accounting D. Auditing Rationale: Authentication confirms identity. 96.What is the purpose of change management? A. Block updates B. Control system modifications C. Monitor attacks D. Encrypt data Rationale: Change management reduces risk from changes. 97.Which attack targets wireless networks? A. SQL injection B. Evil twin C. Buffer overflow D. Phishing Rationale: Evil twin sets up fake access points.