Search
Close this search box.

CompTIA CySA+ (CS0-003) – Domain 3 – Incident Response and Management

CySA+ (CS0-003) – Domain 3 – Incident Response and Management

1 / 68

What do Indicators of Compromise (IoCs) consist of?

2 / 68

What is the primary purpose of the eradication phase while responding to a cybersecurity incident?

3 / 68

Which of the following correctly describes the term ’Scope of Impact’ in relation to incident response?

4 / 68

What are the stages included in ATT&CK matrices to represent the complete threat lifecycle?

5 / 68

The Diamond Model of Intrusion Analysis includes several specific terms. Which one of the following is not a term used in this analysis model?

6 / 68

Why do incident response processes have loops that allow responders to return to prior phases during response to a cybersecurity incident?

7 / 68

What is the first step in the Containment, Eradication, and Recovery phase of incident response?

8 / 68

Why is it important for a cybersecurity analyst to perform root cause analysis in the aftermath of a security incident?

9 / 68

What is the purpose of a ’Legal Hold’?

10 / 68

Which of the following accurately describes the process that should be followed regarding evidence after an incident is concluded?

11 / 68

How should a CSIRT classify each incident that occurs?

12 / 68

What is the functional impact of a security incident?

13 / 68

What is the function of a Chain-of-Custody in evidence acquisition and preservation during incident response activities?

14 / 68

What are the three key measures used in the incident severity assessment according to the NIST guidelines?

15 / 68

According to the National Institute for Standards and Technology (NIST), which of the following is NOT classified as a security incident?

16 / 68

What should not be included in the incident response policy?

17 / 68

Why is it not sufficient to merely correct the identified security issue in a compromised system?

18 / 68

What are some key functions and objectives of a lessons learned session following a cybersecurity incident?

19 / 68

What are the two primary isolation techniques used during a cybersecurity incident response effort?

20 / 68

What are commonly used intrusion detection systems for monitoring file system modifications?

21 / 68

Which of the following measures are used to determine the severity of a security incident?

22 / 68

Which of the following best describes the importance of combining IoCs in identifying a compromise?

23 / 68

What is the purpose of validating data integrity during preservation activities?

24 / 68

What is the importance of testing the Incident Response Plan (IRP)?

25 / 68

What is the strongest containment technique in the cybersecurity analyst’s incident response toolkit?

26 / 68

Why are attack frameworks useful according to the CompTIA CySA+ study guide?

27 / 68

What technique does NIST’s hypothetical attacker use to identify when their compromised system has been removed from the network?

28 / 68

What is involved in the preparation phase of setting up a CSIRT?

29 / 68

What is one purpose of maintaining a chain-of-custody of evidence during incident response activities?

30 / 68

What key elements should an incident response policy contain according to NIST recommendations?

31 / 68

According to the NIST, what four data impact categories should cybersecurity analysts consider?

32 / 68

Which of the following is NOT one of the common examples of behavior-based Indicators of Compromise (IoC)?

33 / 68

Which of the following is a typical indicator of compromise (IoC) that involves networking?

34 / 68

What is the purpose of Chain of Custody in incident response activities?

35 / 68

What is ’impossible travel’ IoC?

36 / 68

What should a CSIRT team do if they believe the evidence they’ve gathered may be used in court?

37 / 68

What is the Unified Kill Chain?

38 / 68

How can increases in resource usage indicate potential compromise?

39 / 68

What should be given focus when documenting the incident response plan?

40 / 68

What is the purpose of playbooks developed by CSIRT teams?

41 / 68

Which roles are typically represented on a Cybersecurity Incident Response Team (CSIRT)?

42 / 68

What are the three options for the secure disposition of media containing sensitive information according to NIST?

43 / 68

What are some of the important elements that should be covered in a post-incident report written by the CSIRT?

44 / 68

Which of the following attack vectors is associated with using brute-force methods to compromise, degrade, or destroy systems, networks, or services as described by NIST?

45 / 68

What is the primary responsibility of IT managers and senior leadership in incident response efforts?

46 / 68

What can make distributed DoS attacks difficult to identify and stop?

47 / 68

What is the purpose of isolating attackers in a sandbox environment?

48 / 68

What criticism has Lockheed Martin’s Cyber Kill Chain model received?

49 / 68

What is an important aspect while gathering and handling evidence during the incident response containment phase?

50 / 68

What are the objectives of the containment, eradication, and recovery phase in incident response?

51 / 68

Why should responders refer back to the change control and configuration management processes after an incident?

52 / 68

What criteria does NIST recommend to develop an appropriate containment strategy during an incident response?

53 / 68

Which of the following is NOT a recommended action for improving the effectiveness of incident analysis according to NIST 800-61?

54 / 68

What is the objective of isolating affected systems in a network?

55 / 68

According to the NIST Computer Security Incident Handling Guide, what does it suggest about identifying an attacking host?

56 / 68

What are the post-incident activities a CSIRT team should perform after immediate, urgent actions of containment, eradication, and recovery are complete?

57 / 68

What are the four activities that should always be included in the incident recovery validation effort?

58 / 68

What specific role does an independent facilitator serve during a Lessons Learned Review?

59 / 68

What is the focus of defense against the Exploitation stage in Lockheed Martin’s Cyber Kill Chain?

60 / 68

What activities are undertaken during the post-incident activity phase of incident response?

61 / 68

What is a characteristic of unusual DNS traffic that an organization may monitor?

62 / 68

What are some considerations when deciding to retain an incident response provider?

63 / 68

Which of the following is NOT typically within the scope of the CSIRT as defined by the organization’s incident response policy?

64 / 68

What is a common technique used by attackers to conceal their activities and evade detection?

65 / 68

What is the primary purpose of network segmentation in cybersecurity?

66 / 68

In the incident recovery effort, what is the recommended approach for patching systems and applications?

67 / 68

What are the two testing resources that you must know for the CySA+ exam?

68 / 68

What is the main objective of post-incident activity in cybersecurity?

Your score is

đź”’ Hands-On Cybersecurity Course + INTERNSHIP đź”’

Visit to Cyber Course 

 

Dowload the FREE OFFLINE Version of this Test Bank

Get ready to improve your skills offline now! Click the download button.

Image of CySA Anki Deck

CompTIA CySA+ Domain 3: Incident Response and Management

For those looking to enhance their career in security or transition into IT, we offer a free practice test for CompTIA CySA+ Domain 3: Incident Response and Management. This test is designed to mirror the actual exam format, boosting your confidence and readiness.

Explore Other CompTIA CySA+ Domains

Key Features

  • Realistic Exam Simulation: Familiarize yourself with the actual exam environment.
  • Detailed Explanations: Learn from comprehensive explanations for each question.
  • Identify Weak Areas: Focus your study on areas that need improvement.
  • Completely Free: Access our high-quality practice test at no cost.

Why Choose Our Practice Test?

  • Expertly Crafted: Developed by experienced cybersecurity professionals.
  • Career Advancement: Passing the CompTIA CySA+ can open new job opportunities.
  • Convenient and Accessible: No registration required, available online anytime. Also, download the free offline deck for Anki app use.

Master Incident Response and Management for the CompTIA CySA+ (CS0-003) exam with our free practice test. Start enhancing your cybersecurity skills today!

For more information on CompTIA CySA+ certification, visit the official site.

Explore Our Other Free Mock Exams:

Share the Post:

Related Posts

RSS  
  • Discover How to Work Remotely and Travel!
    Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality.  Who Am I? My name is Josh, and I’m all about creating helpful content on […]
  • Why Contract Work in IT Can Be a Good Start for Your Career
    Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
  • Is Cyber Security a Career That Will Last Forever?
    Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]
IT Course

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

Ready to get started your journey?
Cyber Course

The Affordable, Hands-On Cyber Security that gets Results!

Ready to get started your journey?

JOIN OUR

NEWSLETTER

Sign up for our free newsletters.

by joining 8000+ others in my weekly newsletter 

where you’ll get a dose of my thoughts on self-improvement, career,

and life!