Home > CompTIA CySA+ Cybersecurity Analyst Certification > Quizzes > CompTIA CySA+ Cybersecurity Analyst Certification Exam: Incident Response
CompTIA CySA+ Cybersecurity Analyst Certification Exam: Incident Response
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 77% Most missed: “Lisa is a cybersecurity analyst who works at a major government think tank. She …”
CompTIA CySA+ Cybersecurity Analyst Certification Exam: Incident Response
Time left 00:00
17 Questions

1. You are a cybersecurity analyst for a medium-sized company that has recently moved some of its application services to the cloud. The organization experiences a potential hacking incident, where compromised office productivity software used from the cloud arbitrarily accessed sensitive data across the network using privileged accounts. You want to perform a forensic analysis of the application servers the cloud provider uses. Which of the following may impede that forensic analysis?
2. Lisa is a cybersecurity analyst who works at a major government think tank. She gets a call from a user stating that their computer is abnormally slow, stops responding for long periods, and won't open any applications. Which of the following should Lisa look at first to determine the cause?
3. Greg is a cybersecurity analyst for a small company. He has received complaints from different users that the network is extremely slow, and several users have also experienced malware attacks in the past couple of days. Which of the following actions should Greg take to determine the cause of the network performance problems?
4. Bobby is a brand-new cybersecurity analyst and has been assigned to document all the organization's indicators of compromise for input into a database. What sources of information could give Bobby the existing IOCs the organization is already using?
5. Emilia is a cybersecurity analyst who works in a security operations center. During a massive malware attack on the company's infrastructure, she needs to make sure that a group of critical servers stays online and is not infected due to the sensitivity of the data that resides on them. Which of the following is the best course of action to prevent the spread of malware to the servers?
6. Dawn is performing a forensic analysis on an image acquired from a large hard drive. Some of the data has been corrupted, and it's also obvious that the user attempted to delete several files several weeks ago, which may or may not be intact. What should Dawn do to collect as many intact forensic artifacts from the drive image as possible?
7. You are a cybersecurity analyst for a medium-sized company that has recently moved some of its application services to the cloud. The organization experiences a potential hacking incident, where compromised office productivity software used from the cloud arbitrarily accessed sensitive data across the network using privileged accounts. You want to perform a forensic analysis of the application servers the cloud provider uses. Which of the following may impede that forensic analysis?
8. Tim has been asked to look into a user's computer that doesn't seem to be able to receive an IP address when they connect to the network. An administrator continually has to assign a static IP address to the host for it to communicate. After troubleshooting the host, Tim can find nothing wrong with it. Several other users begin to complain about the same thing. What should Tim look at next as a possible cause of the problem?
9. Greg is a cybersecurity analyst for a small company. He has received complaints from different users that the network is extremely slow, and several users have also experienced malware attacks in the past couple of days. Which of the following actions should Greg take to determine the cause of the network performance problems?
10. Tim has been asked to look into a user's computer that doesn't seem to be able to receive an IP address when they connect to the network. An administrator continually has to assign a static IP address to the host for it to communicate. After troubleshooting the host, Tim can find nothing wrong with it. Several other users begin to complain about the same thing. What should Tim look at next as a possible cause of the problem?
11. Lisa is a cybersecurity analyst who works at a major government think tank. She gets a call from a user stating that their computer is abnormally slow, stops responding for long periods, and won't open any applications. Which of the following should Lisa look at first to determine the cause?
12. Emily is a cybersecurity analyst who is in charge of monitoring the company SIEM system. Early one morning she notices alerts that several hosts on the network are utilizing a great amount of bandwidth, far more than they ever have. After examining logs and network traffic, she determines that they are all sending abnormally large files to an external host. Which of the following could be the cause of this event?
13. Evie is a cybersecurity analyst who works at a major research facility. As part of writing the incident response plan, she needs to determine the time frames for bringing systems back online after an incident. She does not know exactly which systems should be brought back online first. What is the best way for Evie to determine these time frames?
14. Dawn is performing a forensic analysis on an image acquired from a large hard drive. Some of the data has been corrupted, and it's also obvious that the user attempted to delete several files several weeks ago, which may or may not be intact. What should Dawn do to collect as many intact forensic artifacts from the drive image as possible?
15. Tim is responsible for writing data sensitivity and criticality policies and procedures. He must compose a list of personnel authorized to access sensitive information regarding the specifications and manufacturing processes for a proprietary aircraft part. Which of the following categories will this information fall under?
16. You are the team lead for the corporate incident response team. During the containment phase of the response, you view evidence that indicates a crime has been committed. Which of the following is your best course of action?
17. Bill is a cybersecurity analyst in a small company that specializes in healthcare billing for insurance companies. As part of his official duties, he has access to all data on the network, including individual patient medical records and financial records. Which of the following would best characterize Bill's data protection responsibilities during a potential malware attack on the company's network?