CySA+ Test Study Guide 2026
Everything you need to pass the CySA+ Test exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 CySA+ Test Exam Format at a Glance
📚 CySA+ Test Topics to Study (69)
✍️ Sample CySA+ Test Questions & Answers
1. During a purple team exercise, the blue team fails to detect a simulated lateral movement via PsExec. Which control gap does this MOST likely indicate?
PsExec operates over SMB using legitimate admin shares; the gap is missing behavioral detection for admin tool abuse, not AV signatures.
2. A security analyst wants to determine whether a suspicious file is malicious without executing it in production. What analysis method should be used FIRST?
Static analysis examines a file's properties without executing it, providing initial triage information quickly with no risk of detonating the payload.
3. A candidate with network security experience but limited scripting exposure should focus exam preparation on which CySA+ skill area?
CySA+ tests the ability to read and interpret code/scripts for indicators of malicious behavior, not to write production code.
4. A threat hunter notices recurring outbound SMB (port 445) connections from a workstation to an internet IP. Why is this significant from a CySA+ perspective?
SMB is an internal protocol that should never appear as outbound internet traffic; its presence indicates either a firewall gap, malware lateral movement preparation, or active exploitation.
5. FISMA requires federal agencies to categorize information systems using which standard?
FIPS 199 provides the standards for security categorization of federal information and information systems based on potential impact.
6. A threat actor compromises a domain controller and forges a Kerberos ticket-granting ticket (TGT) with a custom lifetime of 10 years using the KRBTGT hash. What type of attack is this?
A Golden Ticket attack uses the compromised KRBTGT account hash to forge valid Kerberos TGTs, granting the attacker persistent, domain-wide access that persists even after password resets.