CompTIA CySA+ Cybersecurity Analyst Certification Exam: Security Operations and Monitoring | Practice Test / Quiz / MCQs

1. Which of the following terms best describes an effort to manage and integrate multiple disparate security automation processes and tools?

Data enrichmentWorkflow orchestrationScriptingMachine learning1

2. Which of the following automated methods is used to write interfaces between applications to exchange data and facilitate inter-application task management?

Application programming interface integrationSecurity Content Automation Protocol implementation2Data enrichmentScripting

3. Joseph is examining raw data obtained from various log files and other sources within his network. However, it is very difficult for him to analyze what this data means without understanding why and how it was created and how it relates to various potential threats and vulnerabilities. Which of the following would allow Joseph to view this data in a much more productive way, allowing him to perform a more comprehensive analysis of the raw data?

Continuous integrationData enrichment3Machine learningSecurity orchestration, automation, and response

4. Ben is analyzing different attack surfaces in his organization. Which of the following should he do on individual hosts to reduce their attack surface?

Install a honeypot on the host.2Remove or disable all necessary ports, protocols, and services from the host.Add more administrative users on the host to ensure there are enough in case the host gets compromised.Open additional ports, protocols, and services to confuse a potential attacker.

5. You are evaluating a set of recommended controls for implementation to reduce the risk for a system. The system is valued at $1 million, accounting for its replacement cost, data, and current revenue. The controls you wish to implement cost almost as much as the system but significantly reduce risk to almost a negligible level. Which is the most likely choice you should make?

Reevaluate the risk involved to see what an acceptable level of risk is and allocate resources for the controls that will reduce the risk to that acceptable level.1Allocate resources for the recommended controls since they significantly reduce risk and do not exceed the value of the system.Decline to spend the money on the controls since they cost almost as much as the system and effectively double its cost.Reevaluate the risk involved to see if it can be mitigated without spending money on the recommended controls.

6. Jared is a cybersecurity analyst tasked with determining which applications should be allowed to run on the company's network. Jared has selected a list of applications that should be allowed and determined that no one else should be able to run additional applications without going through an extensive approval process. Which of the following should Jared implement?

Application allow listApplication exception listApplication deny listJared should assign permissions to each application's executable that is allowed to run and not assign those permissions to any other application's executable. Jared should then create a group of users who can execute the applications.2

7. You are a cybersecurity analyst who has been tasked to review logs from over 200 individual hosts that make up your network. After two weeks of trying and failing to visit every single host to review their logs, you decide to come up with a better solution. Which of the following is the best solution for examining large numbers of logs in a central location?

Web application firewallSyslog serverProxy server4SIEM system

8. Which of the following automated methods is used to write interfaces between applications to exchange data and facilitate inter-application task management?

Data enrichmentSecurity Content Automation Protocol implementation2ScriptingApplication programming interface integration

9. Ethan is implementing a firewall solution for a sensitive internal network. The resources he is protecting contain sensitive web-based accounting applications that should not be accessible by any other users outside of the accounting department. Which of the following firewall solutions should he consider?

Circuit-level gatewayStateful inspection firewallWeb application firewallNext-generation firewall3

10. Sam is a cybersecurity analyst who has been performing threat hunting on his infrastructure and has discovered some disturbing issues with the ability of the organization to detect potential threats. Which of the following actions should he take?

Install a honeynet in the perimeter to distract potential attackers, since they may not be easily detected with the organization's existing capabilities.Request additional funds for perimeter security for the infrastructure.Because those findings are peripheral to his objective of threat hunting, he should put those results aside for the time being.Use this as an opportunity to improve the organization's threat detection capabilities.4

11. You are a cybersecurity analyst tasked with ensuring vulnerability scans begin at specified times of the night throughout the week. The vulnerability scanning software you are using does not allow for scheduled tasks. Which of the following would be the most efficient method for scheduling and executing the vulnerability scans at the prescribed times?

Implementing a security orchestration, automation, and response (SOAR) to ensure that the vulnerability scans are scheduled.Installing a workflow orchestration suite to ensure that the vulnerability scans run when they are supposed to.Creating a script that would execute the scans at specified times and dates.Implementing machine learning software so that you can instruct it to execute the scans on a scheduled basis.4

12. Ethan is implementing a firewall solution for a sensitive internal network. The resources he is protecting contain sensitive web-based accounting applications that should not be accessible by any other users outside of the accounting department. Which of the following firewall solutions should he consider?

Web application firewallStateful inspection firewallNext-generation firewall3Circuit-level gateway

13. Evie is a cybersecurity analyst who has discovered some potential threats on the network. She is trying to put together information about the characteristics of the threat and information about the threat actor as well as to discover some of their tactics and techniques. What is this process called?

ProfilingThreat huntingThreat modelingRisk analysis2

14. Sam is a cybersecurity analyst who has been performing threat hunting on his infrastructure and has discovered some disturbing issues with the ability of the organization to detect potential threats. Which of the following actions should he take?

Request additional funds for perimeter security for the infrastructure.Because those findings are peripheral to his objective of threat hunting, he should put those results aside for the time being.Install a honeynet in the perimeter to distract potential attackers, since they may not be easily detected with the organization's existing capabilities.Use this as an opportunity to improve the organization's threat detection capabilities.4

15. Which of the following terms best describes an effort to manage and integrate multiple disparate security automation processes and tools?

ScriptingData enrichmentWorkflow orchestrationMachine learning1

16. Evie is a cybersecurity analyst who has discovered some potential threats on the network. She is trying to put together information about the characteristics of the threat and information about the threat actor as well as to discover some of their tactics and techniques. What is this process called?

Threat modelingRisk analysis2Threat huntingProfiling

17. Ben is analyzing different attack surfaces in his organization. Which of the following should he do on individual hosts to reduce their attack surface?

Remove or disable all necessary ports, protocols, and services from the host.Install a honeypot on the host.2Open additional ports, protocols, and services to confuse a potential attacker.Add more administrative users on the host to ensure there are enough in case the host gets compromised.

17 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

17 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com