Q1. Which control would best prevent tailgating? (Q-924446)
- A.Antivirus software
- B.Mantrap✓ Correct
- C.Firewall
- D.Encryption
Explanation: Mantraps prevent unauthorized physical entry via tailgating. Learn more.
CompTIA CySA+ Practice Questions: More Practice Questions
15 free, exam-style CompTIA CySA+ (CS0-003) practice questions covering More Practice Questions. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.
Q2. What is the purpose of a Faraday cage? (Q-627ffc)
- A.To block electromagnetic signals✓ Correct
- B.To filter network traffic
- C.To encrypt wireless communications
- D.To cool servers
Explanation: Faraday cages block electromagnetic fields, preventing wireless signal leakage. Learn more.
Q3. Which of the following is a physical security control? (Q-924465)
- A.Firewall
- B.Biometric scanner✓ Correct
- C.Antivirus
- D.Encryption
Explanation: Biometric scanners restrict physical access. Learn more.
Q4. What is the PRIMARY purpose of a Faraday cage? (Q-628058)
- A.To block electromagnetic signals✓ Correct
- B.To encrypt wireless traffic
- C.To filter network packets
- D.To cool servers
Explanation: Faraday cages prevent electromagnetic leakage/access. Learn more.
Q5. Which report audience usually needs business impact, risk, and remediation status rather than raw log lines?
- A.Executive stakeholders✓ Correct
- B.Packet capture parser
- C.Malware sandbox only
- D.NTP server
Explanation: Executives need risk-focused summaries that support decisions, not low-level technical evidence. Learn more.
Q6. Which activity converts raw technical findings into business impact and recommended actions?
- A.Security reporting✓ Correct
- B.Packet fragmentation
- C.Disk partitioning
- D.Cable labeling
Explanation: Effective reporting translates technical evidence into risk, impact, and remediation guidance. Learn more.
Q7. Which communication should be avoided in an incident report for nontechnical leadership?
- A.Unexplained raw log dumps✓ Correct
- B.Risk summary
- C.Business impact
- D.Remediation status
Explanation: Leadership reports should avoid unexplained technical dumps and focus on impact, decisions, and remediation progress. Learn more.
Q8. Which tool would you use to analyze Windows memory dumps? (Q-924489)
- A.FTK Imager
- B.Volatility✓ Correct
- C.Wireshark
- D.Nessus
Explanation: Volatility is a memory forensics framework for analyzing RAM dumps. Learn more.
Q9. Which forensic artifact is most volatile and should be collected first?
- A.Disk image
- B.CPU registers and cache✓ Correct
- C.System logs
- D.Archived backups
Explanation: According to the order of volatility, CPU registers and cache are the most volatile data and must be captured first. Learn more.
Q10. Which artifact best shows command execution history on a Windows endpoint?
- A.PowerShell operational logs✓ Correct
- B.Printer spool directory only
- C.DHCP lease time
- D.Monitor EDID
Explanation: PowerShell logging can reveal executed scripts, encoded commands, and suspicious administrative activity. Learn more.
Q11. Which evidence source can show whether a malicious scheduled task was created on Windows?
- A.Windows Task Scheduler logs✓ Correct
- B.DNS MX records only
- C.Monitor brightness history
- D.Printer driver list
Explanation: Task Scheduler logs can record creation and execution of scheduled tasks used for persistence. Learn more.
Q12. What is the PRIMARY purpose of the STRIDE threat model? (Q-628037)
- A.To classify malware families
- B.To categorize threats (Spoofing, Tampering, etc.)✓ Correct
- C.To encrypt database backups
- D.To block DDoS attacks
Explanation: STRIDE categorizes threats as Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege. Learn more.
Q13. What is the MAIN security benefit of eFUSE technology? (Q-628060)
- A.Faster encryption
- B.Hardware-enforced security policies✓ Correct
- C.Lower power consumption
- D.Simplified compliance
Explanation: eFUSEs allow irreversible hardware configuration for secure boot/updates. Learn more.
Q14. A web server contains a newly created .php file in an image upload directory. What should be investigated?
- A.Possible web shell✓ Correct
- B.Expected CSS cache
- C.Wireless roaming
- D.Normal backup rotation
Explanation: Executable scripts in upload directories can indicate a web shell or unsafe file upload vulnerability. Learn more.
Q15. Which method helps determine whether a malicious file has been seen before without sharing the full file?
- A.Submit or compare its hash✓ Correct
- B.Rename the file
- C.Change its icon
- D.Print the binary
Explanation: Cryptographic hashes allow reputation checks and comparison without transferring full file contents. Learn more.
More CompTIA CySA+ practice topics
- Security Operations (64)
- Threat Management (53)
- Cloud Security (45)
- Incident Response (44)
- Security Operations and Monitoring (32)
- Access Control (21)
- Network Security (18)
- Risk Management (17)
- Software Security (16)
- Data Security (14)
- Vulnerability Management (11)
- Cryptography (10)
- Compliance (9)
- Threat Intelligence (9)
- Threat Detection (7)
- Threat and Vulnerability Management (5)
- All CompTIA CySA+ topics →