CompTIA CySA+ (CS0-003) Practice Exam — 100 Questions (New Set)
Timed practice exam aligned to CySA+ v3 domains: Threat & Vulnerability Management; Security Operations & Monitoring; Incident Response; Reporting & Communication. Single-answer multiple-choice with concise explanations.
Quiz Summary
0 of 100 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 100 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- single 0%
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 100
1. Question
CorrectIncorrectHint
Eradication follows containment.
-
Question 2 of 100
2. Question
CorrectIncorrectHint
Eradication follows containment.
-
Question 3 of 100
3. Question
CorrectIncorrectHint
Pair with MFA and session recording.
-
Question 4 of 100
4. Question
CorrectIncorrectHint
Look for unusual logon times/volumes.
-
Question 5 of 100
5. Question
CorrectIncorrectHint
Use live response carefully.
-
Question 6 of 100
6. Question
CorrectIncorrectHint
Follow IR playbook and restore from backups.
-
Question 7 of 100
7. Question
CorrectIncorrectHint
Segment/quarantine as needed.
-
Question 8 of 100
8. Question
CorrectIncorrectHint
Train and test playbooks.
-
Question 9 of 100
9. Question
CorrectIncorrectHint
Automate with IAM governance.
-
Question 10 of 100
10. Question
CorrectIncorrectHint
Think: discover → assess → remediate → verify.
-
Question 11 of 100
11. Question
CorrectIncorrectHint
Combine with egress monitoring.
-
Question 12 of 100
12. Question
CorrectIncorrectHint
Correlate with IPs and geo.
-
Question 13 of 100
13. Question
CorrectIncorrectHint
Monitor for widespread failures.
-
Question 14 of 100
14. Question
CorrectIncorrectHint
Use labels/tags per app.
-
Question 15 of 100
15. Question
CorrectIncorrectHint
Correlate with IPs and geo.
-
Question 16 of 100
16. Question
CorrectIncorrectHint
Mitigate via compensating controls until patched.
-
Question 17 of 100
17. Question
CorrectIncorrectHint
Use CEF/LEEF or schemas.
-
Question 18 of 100
18. Question
CorrectIncorrectHint
Alert on hashes/permissions changes.
-
Question 19 of 100
19. Question
CorrectIncorrectHint
Document rationale and expiry.
-
Question 20 of 100
20. Question
CorrectIncorrectHint
Used commonly in mobile apps.
-
Question 21 of 100
21. Question
CorrectIncorrectHint
Define owners and due dates.
-
Question 22 of 100
22. Question
CorrectIncorrectHint
Drive notable creation.
-
Question 23 of 100
23. Question
CorrectIncorrectHint
Leads to measurable detection gains.
-
Question 24 of 100
24. Question
CorrectIncorrectHint
Defend with MFA and detection.
-
Question 25 of 100
25. Question
CorrectIncorrectHint
Follow IR playbook and restore from backups.
-
Question 26 of 100
26. Question
CorrectIncorrectHint
Look for unusual logon times/volumes.
-
Question 27 of 100
27. Question
CorrectIncorrectHint
Pair with MFA and session recording.
-
Question 28 of 100
28. Question
CorrectIncorrectHint
Prefer ECDHE suites.
-
Question 29 of 100
29. Question
CorrectIncorrectHint
Include residual risk and review dates.
-
Question 30 of 100
30. Question
CorrectIncorrectHint
Defend with MFA and detection.
-
Question 31 of 100
31. Question
CorrectIncorrectHint
Also check exploitability and exposure.
-
Question 32 of 100
32. Question
CorrectIncorrectHint
Alert on hashes/permissions changes.
-
Question 33 of 100
33. Question
CorrectIncorrectHint
Define owners and due dates.
-
Question 34 of 100
34. Question
CorrectIncorrectHint
Drive notable creation.
-
Question 35 of 100
35. Question
CorrectIncorrectHint
Use labels/tags per app.
-
Question 36 of 100
36. Question
CorrectIncorrectHint
Tie CMDB/asset tags to scanner targets.
-
Question 37 of 100
37. Question
CorrectIncorrectHint
Prefer ECDHE suites.
-
Question 38 of 100
38. Question
CorrectIncorrectHint
Pair with SPF/DMARC.
-
Question 39 of 100
39. Question
CorrectIncorrectHint
Pair with SPF/DMARC.
-
Question 40 of 100
40. Question
CorrectIncorrectHint
Use CEF/LEEF or schemas.
-
Question 41 of 100
41. Question
CorrectIncorrectHint
Use isolate host/rollback when supported.
-
Question 42 of 100
42. Question
CorrectIncorrectHint
Pair with secure coding.
-
Question 43 of 100
43. Question
CorrectIncorrectHint
Short-term mitigations include WAF or config changes.
-
Question 44 of 100
44. Question
CorrectIncorrectHint
Pair with SPF/DMARC.
-
Question 45 of 100
45. Question
CorrectIncorrectHint
Automate enrichments and containment.
-
Question 46 of 100
46. Question
CorrectIncorrectHint
Use isolate host/rollback when supported.
-
Question 47 of 100
47. Question
CorrectIncorrectHint
Use severity matrices.
-
Question 48 of 100
48. Question
CorrectIncorrectHint
Define owners and due dates.
-
Question 49 of 100
49. Question
CorrectIncorrectHint
Alert on deviations.
-
Question 50 of 100
50. Question
CorrectIncorrectHint
Use STRIDE or PASTA as methods.
-
Question 51 of 100
51. Question
CorrectIncorrectHint
Isolate network instead.
-
Question 52 of 100
52. Question
CorrectIncorrectHint
Consider KEV lists and internet exposure.
-
Question 53 of 100
53. Question
CorrectIncorrectHint
Alert on hashes/permissions changes.
-
Question 54 of 100
54. Question
CorrectIncorrectHint
Block metadata service egress.
-
Question 55 of 100
55. Question
CorrectIncorrectHint
Use technique IDs to drive analytics.
-
Question 56 of 100
56. Question
CorrectIncorrectHint
Combine with egress monitoring.
-
Question 57 of 100
57. Question
CorrectIncorrectHint
Use authenticated scans to validate.
-
Question 58 of 100
58. Question
CorrectIncorrectHint
Pair with secure coding.
-
Question 59 of 100
59. Question
CorrectIncorrectHint
Prefer ECDHE suites.
-
Question 60 of 100
60. Question
CorrectIncorrectHint
Consider retention requirements.
-
Question 61 of 100
61. Question
CorrectIncorrectHint
Leads to measurable detection gains.
-
Question 62 of 100
62. Question
CorrectIncorrectHint
Follow IR playbook and restore from backups.
-
Question 63 of 100
63. Question
CorrectIncorrectHint
Isolate network instead.
-
Question 64 of 100
64. Question
CorrectIncorrectHint
Monitor for widespread failures.
-
Question 65 of 100
65. Question
CorrectIncorrectHint
Train and test playbooks.
-
Question 66 of 100
66. Question
CorrectIncorrectHint
Enforce access checks server-side.
-
Question 67 of 100
67. Question
CorrectIncorrectHint
Use CEF/LEEF or schemas.
-
Question 68 of 100
68. Question
CorrectIncorrectHint
Block metadata service egress.
-
Question 69 of 100
69. Question
CorrectIncorrectHint
Used commonly in mobile apps.
-
Question 70 of 100
70. Question
CorrectIncorrectHint
Enforce access checks server-side.
-
Question 71 of 100
71. Question
CorrectIncorrectHint
Use isolate host/rollback when supported.
-
Question 72 of 100
72. Question
CorrectIncorrectHint
Tie to risk appetite.
-
Question 73 of 100
73. Question
CorrectIncorrectHint
Drive notable creation.
-
Question 74 of 100
74. Question
CorrectIncorrectHint
Combine with egress monitoring.
-
Question 75 of 100
75. Question
CorrectIncorrectHint
Block metadata service egress.
-
Question 76 of 100
76. Question
CorrectIncorrectHint
Automate enrichments and containment.
-
Question 77 of 100
77. Question
CorrectIncorrectHint
Look for unusual logon times/volumes.
-
Question 78 of 100
78. Question
CorrectIncorrectHint
Alert on deviations.
-
Question 79 of 100
79. Question
CorrectIncorrectHint
Pair with secure coding.
-
Question 80 of 100
80. Question
CorrectIncorrectHint
Consider retention requirements.
-
Question 81 of 100
81. Question
CorrectIncorrectHint
Use labels/tags per app.
-
Question 82 of 100
82. Question
CorrectIncorrectHint
Isolate network instead.
-
Question 83 of 100
83. Question
CorrectIncorrectHint
Enforce access checks server-side.
-
Question 84 of 100
84. Question
CorrectIncorrectHint
Consider retention requirements.
-
Question 85 of 100
85. Question
CorrectIncorrectHint
Provide least-privilege read credentials to the scanner.
-
Question 86 of 100
86. Question
CorrectIncorrectHint
Segment/quarantine as needed.
-
Question 87 of 100
87. Question
CorrectIncorrectHint
Use severity matrices.
-
Question 88 of 100
88. Question
CorrectIncorrectHint
Base, Temporal, and Environmental metrics inform priority.
-
Question 89 of 100
89. Question
CorrectIncorrectHint
Eradication follows containment.
-
Question 90 of 100
90. Question
CorrectIncorrectHint
Automate enrichments and containment.
-
Question 91 of 100
91. Question
CorrectIncorrectHint
Used commonly in mobile apps.
-
Question 92 of 100
92. Question
CorrectIncorrectHint
Use live response carefully.
-
Question 93 of 100
93. Question
CorrectIncorrectHint
Leads to measurable detection gains.
-
Question 94 of 100
94. Question
CorrectIncorrectHint
Segment/quarantine as needed.
-
Question 95 of 100
95. Question
CorrectIncorrectHint
Train and test playbooks.
-
Question 96 of 100
96. Question
CorrectIncorrectHint
Correlate with IPs and geo.
-
Question 97 of 100
97. Question
CorrectIncorrectHint
Tie to risk appetite.
-
Question 98 of 100
98. Question
CorrectIncorrectHint
Baseline volume, latency, auth rates, etc.
-
Question 99 of 100
99. Question
CorrectIncorrectHint
Alert on deviations.
-
Question 100 of 100
100. Question
CorrectIncorrectHint
Use severity matrices.