CS0003 CompTIA CySA+ (CS0003) Free Practice Test — 30 Questions

Question 1

Anya, a cybersecurity analyst, observes anomalous outbound traffic from a sensitive database server and a pattern of repeated failed login attempts on several administrative accounts. Initial triage suggests a potential breach involving unauthorized data access or exfiltration. To effectively manage this evolving situation, what is the most critical immediate action Anya should take to mitigate further compromise and preserve investigative integrity?

Accepted Answer

Isolate the compromised server from the network to prevent further data exfiltration and lateral movement.

Question 2

Anya, a cybersecurity analyst at a financial institution, observes a critical database server exhibiting anomalous outbound network traffic to an unclassified external IP address. Simultaneously, system monitoring reveals a sharp, sustained increase in the server\'s CPU utilization, far exceeding normal operational baselines. The alert originated from an intrusion detection system (IDS) flagging the outbound connections as highly suspicious. Considering the sensitivity of the data housed on this server and the potential for immediate impact, which of the following actions represents the most prudent initial step in mitigating the identified threat, prioritizing risk reduction and operational stability?

Accepted Answer

Immediately isolate the affected server from the network to prevent further communication or data exfiltration.

Question 3

Anya, a senior cybersecurity analyst, is leading her team in the deployment of enhanced security monitoring through a new SIEM correlation rule set. Mid-way through the planned rollout, a critical zero-day vulnerability is publicly disclosed, impacting a core web server infrastructure used by her organization. The Chief Information Security Officer (CISO) directs all security teams to immediately prioritize the identification and remediation of this vulnerability across the enterprise. Anya’s team must now pause their SIEM deployment activities to reallocate resources. Which behavioral competency is Anya primarily demonstrating by re-prioritizing her team\'s efforts and communicating the impact on the SIEM project to relevant stakeholders?

Accepted Answer

Adaptability and Flexibility

Question 4

A cybersecurity analyst discovers that a sophisticated, multi-stage phishing campaign has compromised a cloud-based customer relationship management (CRM) system. The breach resulted in the exfiltration of approximately 50,000 customer records, containing names, email addresses, physical addresses, phone numbers, and crucially, partial financial information and sensitive medical history data. The incident response team has confirmed the breach occurred within the last 48 hours and has identified the likely vector and initial indicators of compromise. The organization operates within the European Union and must adhere to the General Data Protection Regulation (GDPR). What is the most immediate and critical action the incident response team must undertake regarding regulatory compliance and stakeholder communication?

Accepted Answer

Notify the relevant supervisory authority within 72 hours of awareness and prepare for direct notification to affected data subjects if a high risk is determined.

Question 5

Following a significant network breach involving custom malware and a series of highly targeted phishing campaigns that exfiltrated sensitive intellectual property, a cybersecurity analyst is tasked with not only eradicating the threat but also enhancing the organization\'s long-term resilience. The investigation has yielded a collection of unique TTPs and IoCs. Which of the following analytical approaches, when integrated with the incident response lifecycle, would best facilitate the transition from immediate remediation to strategic defense enhancement against similar future threats?

Accepted Answer

Mapping observed TTPs and IoCs to the MITRE ATT&CK framework to identify likely adversary groups and their methodologies, then proactively updating detection rules and threat hunting procedures based on this intelligence.

Question 6

Anya, a cybersecurity analyst at a global financial institution, identifies a pattern of unusually large data transfers originating from a privileged account to an external cloud storage provider. Further investigation reveals that the account belongs to Raj, a recently overlooked employee who possesses significant access to sensitive customer financial data. SIEM alerts indicate that these transfers coincide with Raj\'s recent negative performance review. Anya suspects Raj might be exfiltrating proprietary information. Which of the following actions should Anya prioritize to ensure a thorough, legally sound, and ethically compliant investigation?

Accepted Answer

Immediately revoke the employee's access privileges and initiate a forensic imaging of their workstation and relevant network segments to preserve all potential evidence.

Question 7

Anya, a cybersecurity analyst, observes a surge in encrypted DNS queries originating from several internal servers, all pointing towards a suspicious external domain. Further investigation reveals a pattern of outbound connections from these same servers to IP addresses previously associated with known malware C2 infrastructure. The organization\'s regulatory compliance framework mandates immediate action to mitigate data exfiltration risks. Which of the following actions should Anya prioritize to effectively contain the identified threat and adhere to the compliance requirements?

Accepted Answer

Block the identified C2 IP addresses at the network perimeter firewall and segment the affected internal servers from the rest of the network.

Question 8

Anya, a senior security analyst, is tasked with revamping her team\'s incident response playbook. The organization recently suffered a significant impact from a third-party data breach, leading to a dramatic shift in internal security priorities. Previously, the team primarily focused on responding to known indicators of compromise. Now, there\'s an urgent need to integrate proactive threat hunting for novel, unpatched vulnerabilities and sophisticated, stealthy attack techniques that bypass traditional signature-based defenses. Anya must guide her team through this operational pivot, ensuring they can effectively analyze evolving threat intelligence, adopt new analytical tools, and maintain a high level of operational readiness despite the inherent uncertainty and rapid pace of change in the threat landscape. Which of the following behavioral competencies is most critical for Anya to demonstrate in successfully navigating this complex situation?

Accepted Answer

Adaptability and Flexibility

Question 9

Anya, a cybersecurity analyst, is tasked with a comprehensive review and hardening of the organization\'s public-facing web servers. Midway through this project, a high-severity, zero-day exploit targeting a widely used web application framework is publicly disclosed. The organization’s leadership immediately re-prioritizes all security efforts towards identifying systems potentially vulnerable to this exploit and implementing immediate mitigations. Anya must suspend her ongoing hardening tasks to focus on this urgent incident response. Which core behavioral competency is most critical for Anya to effectively navigate this sudden shift in operational demands and ensure organizational security?

Accepted Answer

Adaptability and Flexibility

Question 10

Upon discovering a pattern of unusual outbound data transfers from a critical database server and a surge in brute-force login attempts originating from a single external IP address, cybersecurity analyst Anya is alerted to a potential security incident. Considering the immediate need to prevent further compromise and preserve evidence, which of the following actions should Anya prioritize as the initial containment step?

Accepted Answer

Isolate the affected database server from the network to prevent further unauthorized data exfiltration and lateral movement.

Question 11

Anya, a cybersecurity analyst at a financial services firm, observes a significant increase in unusual network traffic patterns shortly after the deployment of a new cloud-based customer relationship management (CRM) system. The traffic spikes correlate directly with periods of high user activity on the CRM. Anya\'s manager has emphasized the need for a swift resolution to avoid impacting client services. Which of the following investigative approaches would best align with Anya\'s need to quickly diagnose the situation while maintaining operational awareness?

Accepted Answer

Initiate immediate full-scale forensic imaging of all affected network segments and begin deep packet inspection for evidence of malicious activity.

Question 12

Anya, a seasoned cybersecurity analyst, has identified a pattern of anomalous data access and transfer originating from a senior engineer\'s workstation, suggesting a potential insider threat involving intellectual property exfiltration. The observed activity includes unusually large outbound data transfers to an external cloud storage service outside of normal business hours, coupled with recent searches for data encryption tools. Anya suspects the engineer might be preparing to exfiltrate sensitive design documents. What is the most prudent immediate action for Anya to take to validate her suspicions while adhering to ethical and procedural guidelines?

Accepted Answer

Discreetly gather additional technical evidence, such as correlating network traffic logs with endpoint activity and examining system commands, to build a stronger case before any escalation.

Question 13

Anya, a cybersecurity analyst at a financial services firm, discovers evidence suggesting a large volume of customer personally identifiable information (PII) has been transferred to an unauthorized external cloud storage location. Initial indicators point towards a possible misconfiguration of a data access control list on a critical database server, rather than a deliberate act of data theft by an employee. However, the investigation is ongoing, and the exact cause and intent are not yet definitively confirmed. The firm operates under stringent data privacy regulations that mandate reporting of any suspected data breach involving PII to the legal department within 24 hours. Given this situation, what should Anya prioritize as her immediate next step?

Accepted Answer

Immediately report the suspected data exfiltration to the legal department to ensure compliance with regulatory notification timelines.

Question 14

Anya, a seasoned cybersecurity analyst, detects a sophisticated, multi-vector phishing campaign targeting her organization\'s senior executives. The attack vector is novel, employing advanced social engineering and potentially zero-day exploits, rendering standard incident response playbooks partially ineffective. Anya must rapidly assess the situation, develop new detection signatures, and coordinate a defensive posture that deviates significantly from established protocols. Which core behavioral competency is most critical for Anya to effectively manage this emergent, high-stakes threat?

Accepted Answer

Adaptability and Flexibility

Question 15

Anya, a cybersecurity analyst, is leading the initial response to a sophisticated phishing campaign that has successfully infiltrated several high-profile client systems. The campaign employs a previously undocumented exploit, rendering traditional signature-based detection ineffective. Her team is working under tight deadlines, with limited threat intelligence available due to the zero-day nature of the attack. Anya must rapidly devise and implement containment and eradication strategies without established playbooks for this specific threat. Which of the following behavioral competencies is most critical for Anya to demonstrate in this high-pressure, ambiguous situation to ensure an effective response?

Accepted Answer

Adaptability and Flexibility

Question 16

Anya, a seasoned cybersecurity analyst at a vital energy grid operator, is alerted to a sophisticated, previously unknown malware actively targeting the facility\'s custom industrial control systems (ICS). Initial investigations reveal the malware exhibits polymorphic behavior and dynamically alters its communication patterns, rendering signature-based detection tools ineffective. The organization is subject to strict adherence to the NIST Cybersecurity Framework and specific Critical Infrastructure Protection (CIP) regulations, necessitating a response that prioritizes operational stability while ensuring security. Anya must devise an immediate containment and analysis strategy.

Which of the following actions represents the most effective and compliant approach to address this evolving threat?

Accepted Answer

Implement a behavioral-based anomaly detection strategy focused on deviations from established ICS baseline activity and perform dynamic sandboxing of suspicious artifacts to understand the exploit's mechanics.

Question 17

Anya, a cybersecurity analyst at a firm operating within the financial sector, discovers a sophisticated intrusion that has exfiltrated a significant volume of customer Personally Identifiable Information (PII). The firm is strictly governed by regulations such as the General Data Protection Regulation (GDPR) and the Sarbanes-Oxley Act (SOX). Given the sensitive nature of the compromised data and the stringent legal framework, what is the most critical immediate action Anya must initiate to mitigate the organization\'s risk and fulfill its compliance obligations?

Accepted Answer

Commence the formal notification process to relevant regulatory bodies and affected individuals as per legal mandates.

Question 18

Anya, a cybersecurity analyst, observes a noticeable increase in sophisticated phishing attempts targeting her organization. Initially, these were generic emails, but they have recently evolved into highly personalized spear-phishing campaigns impersonating internal IT support, aiming to extract user credentials. Her team has already implemented enhanced email filtering and conducted initial user awareness training, which temporarily reduced the success rate. However, the attackers are adapting their tactics rapidly, indicating a need for a more robust and proactive defense strategy to maintain effectiveness during this escalating threat. Which of the following actions would represent the most strategic and adaptive next step to address this evolving threat landscape?

Accepted Answer

Integrate a Security Orchestration, Automation, and Response (SOAR) platform to automate threat intelligence correlation and response playbooks.

Question 19

Anya, a cybersecurity analyst at a financial institution, detects a cluster of outbound network connections from a previously dormant server, exhibiting communication patterns inconsistent with its usual operational baseline. The alerts are generating a high volume of noise, and the specific threat actor or exploit is not immediately identifiable. Which of the following behavioral competencies is most critical for Anya to effectively manage this developing security incident?

Accepted Answer

Problem-Solving Abilities

Question 20

Anya, a senior cybersecurity analyst, is investigating a suspected data exfiltration event. Initial indicators strongly suggested that Rohan, a recently terminated employee with elevated privileges, was the perpetrator, exploiting his former access. However, newly discovered network logs from the past 24 hours show anomalous activity originating from the workstation assigned to Liam, a current employee whose access levels are identical to Rohan\'s previous role. The logs indicate the use of tools and techniques consistent with the initial Rohan-related hypothesis, but the source is definitively Liam\'s workstation. Anya must adjust her investigative approach. Which of the following actions represents the most prudent and adaptable next step in this evolving situation?

Accepted Answer

Immediately isolate Liam's workstation from the network to contain the potential ongoing compromise.

Question 21

A cybersecurity analyst has identified a critical zero-day vulnerability in a core component of the organization\'s e-commerce platform, posing a significant risk of customer data exfiltration. The executive leadership team, with limited technical expertise, requires an immediate briefing to approve a costly, multi-day remediation effort that will necessitate a temporary platform shutdown. Which of the following communication strategies would most effectively facilitate a prompt and informed decision from the leadership?

Accepted Answer

Present a detailed technical report outlining the exploit's mechanics, followed by a phased implementation plan for patching, including rollback procedures and post-incident forensic analysis requirements.

Question 22

Anya, a senior security analyst, is leading a response to a sophisticated nation-state attack targeting a financial institution\'s core banking system. A previously unknown variant of malware has been detected, exhibiting polymorphic behavior and evading standard signature-based detection. The incident response team\'s initial playbook, designed for known threats, is proving insufficient. Anya must quickly re-evaluate the situation, adjust the team\'s focus from containment of known indicators to proactive hunting for the novel malware\'s behavioral patterns, and communicate this shift to a dispersed team working across different time zones. Which set of behavioral competencies is most critical for Anya to effectively manage this evolving crisis and ensure the successful resolution of the incident?

Accepted Answer

Adaptability and Flexibility, Leadership Potential, and Communication Skills

Question 23

Anya, a senior security analyst, detects an advanced persistent threat (APT) exhibiting novel evasion techniques targeting her company\'s financial systems. Initial indicators point to a highly sophisticated adversary, potentially nation-state-backed, exploiting an undocumented vulnerability. The CISO has tasked Anya with recommending an immediate course of action. Anya must weigh the imperative to protect sensitive data against the potential for significant operational disruption caused by aggressive countermeasures. She recognizes that a hasty, broad network segmentation or a full system rollback could cripple critical business functions and alert the adversary prematurely to the detection of their activities. What strategic approach best exemplifies adaptive and flexible problem-solving in this high-stakes, ambiguous scenario, aligning with the principles of effective incident response and minimizing collateral damage?

Accepted Answer

Implement targeted network isolation for identified high-risk segments while simultaneously initiating deep forensic analysis to precisely map the threat's lateral movement and persistence mechanisms, feeding findings into a dynamic risk assessment for phased mitigation deployment.

Question 24

An incident responder notices a critical server exhibiting anomalous outbound network traffic patterns, deviating significantly from established baselines. Simultaneously, a forensic analysis reveals a novel process injection technique being employed, bypassing conventional signature-based malware detection mechanisms. The organization is known to be a target for nation-state actors employing sophisticated, polymorphic malware. What strategic approach should the incident responder prioritize to effectively identify and contain the potential compromise?

Accepted Answer

Actively correlate the observed network anomalies and process injection behaviors with documented adversary Tactics, Techniques, and Procedures (TTPs) associated with relevant threat actor profiles.

Question 25

Anya, a senior cybersecurity analyst, is alerted to anomalous outbound network traffic from a server housing critical customer personally identifiable information (PII). The traffic exhibits characteristics of data exfiltration to multiple unknown external IP addresses, seemingly targeting cloud storage repositories. Initial telemetry suggests a potential compromise of administrative credentials or a zero-day vulnerability exploitation. Anya must devise an immediate response plan that balances containment of the breach with the preservation of forensic evidence and the strategic adaptation required to counter a potentially sophisticated threat actor. Which of the following response strategies best addresses this multifaceted challenge?

Accepted Answer

Isolate the affected server from the network, create forensic images of its disk and memory, and then analyze network logs and endpoint telemetry to identify the specific exfiltration techniques and indicators of compromise (IOCs) to inform further containment and remediation actions.

Question 26

Anya, a cybersecurity analyst at a financial institution, detects anomalous outbound network traffic originating from a server housing sensitive customer financial data. The traffic pattern is atypical and raises immediate concerns about potential data exfiltration. The institution operates under strict regulatory oversight, including the General Data Protection Regulation (GDPR), which mandates specific breach notification timelines and data subject rights. Anya must decide on the most appropriate immediate course of action to investigate this incident effectively while ensuring compliance.

Accepted Answer

Conduct a detailed analysis of the network logs to identify the specific files being transferred without alerting the source system.

Question 27

Anya, a seasoned cybersecurity analyst, observes that a sophisticated advanced persistent threat (APT) campaign is consistently evading the organization\'s current detection infrastructure. Traditional signature-based alerts are failing to identify the novel exploitation techniques. Anya must quickly pivot her team\'s strategy from reactive signature matching to proactive anomaly detection and behavioral analysis to identify and mitigate the ongoing intrusions. Which of the following behavioral competencies is most critical for Anya to effectively navigate this evolving security challenge?

Accepted Answer

Adaptability and Flexibility

Question 28

Anya, a cybersecurity analyst at a financial institution, detects an ongoing, multi-vector phishing campaign that employs polymorphic malware and advanced social engineering tactics designed to bypass traditional signature-based detection. Her initial incident response playbook proves insufficient against these novel evasion methods. Anya must quickly re-evaluate her approach, research alternative detection signatures, and reconfigure endpoint detection and response (EDR) policies in near real-time to contain the threat. Which core behavioral competency is Anya most prominently demonstrating in this situation?

Accepted Answer

Adaptability and Flexibility

Question 29

Anya, a seasoned cybersecurity analyst, discovers a novel phishing campaign where malicious links are ingeniously concealed within image files, leading to credential harvesting sites that mimic internal portals. This attack vector is not covered by her organization\'s existing incident response playbooks. The campaign targets financial data. Given this unprecedented situation, which behavioral competency is paramount for Anya to effectively manage the initial stages of this incident?

Accepted Answer

Adaptability and Flexibility

Question 30

During a sophisticated phishing campaign targeting an organization\'s executive team, a laptop belonging to the Chief Information Security Officer (CISO) shows unusual network activity and file modifications consistent with advanced persistent threat (APT) techniques. The CISO\'s laptop is critical for ongoing security operations and contains sensitive incident response plans. What is the MOST appropriate immediate action to take to preserve evidence integrity while enabling analysis?

Accepted Answer

Immediately power down the CISO's laptop and transport it to a secure forensic lab for a bit-for-bit disk image creation.

CS0003 CompTIA CySA+ (CS0003) Free Practice Test — 30 Questions

A lot more is already mapped out

About the CS0003 CompTIA CySA+ (CS0003) Certification