FREE CySA+ Difficulty Level Questions and Answers

Basic: Which of the following best describes a brute force attack?

Exploiting a software vulnerability to gain unauthorized access

Flooding a system with traffic to overwhelm it

Attempting all possible password combinations to gain access

Impersonating a trusted entity to steal information

Correct! Wrong!

A brute force attack involves systematically trying all possible combinations of passwords or keys until the correct one is found.

Intermediate: A security analyst detects unusual outbound traffic from a workstation. Which of the following should be the first step in addressing this potential incident?

Notify the user and ask them to stop using the workstation

Isolate the workstation from the network

Perform a vulnerability scan on the workstation

Re-image the workstation immediately

Correct! Wrong!

Isolating the workstation helps prevent further damage or data exfiltration while allowing the analyst to investigate the incident.

Advanced: A recent vulnerability scan flagged a critical issue related to outdated OpenSSL libraries. What is the most appropriate action to remediate this vulnerability?

Block incoming traffic to the affected system

Patch or update the OpenSSL libraries to the latest version

Decommission the system immediately

Increase monitoring on the affected system

Correct! Wrong!

Applying a patch or update is the best approach to address vulnerabilities in outdated software, reducing the risk of exploitation.

Basic: What is the purpose of a web application firewall (WAF)?

To detect and block malicious web traffic

To encrypt data in transit between a browser and a server

To authenticate users before accessing a web application

To manage and distribute network traffic evenly

Correct! Wrong!

A web application firewall (WAF) filters and monitors traffic to and from a web application, blocking malicious activities such as SQL injection or cross-site scripting (XSS).

Advanced: During a forensic investigation, a security analyst identifies unexpected DNS queries originating from multiple internal hosts. What might this indicate?

A misconfigured DNS server

A Distributed Denial of Service (DDoS) attack

Malware communicating with a command-and-control server

A benign application update process

Correct! Wrong!

Unusual DNS queries often indicate that malware is attempting to contact its command-and-control (C2) server for instructions or to exfiltrate data.