CompTIA CySA+Free Cybersecurity Analyst practice test

Correct answer: A. NAC

802.1X is an authentication protocol primarily used to implement NAC (Network Access Control), which governs which devices are permitted to connect to a network. DKIM (DomainKeys Identified Mail) is an email authentication protocol that lets organizations embed verifiable signatures in messages to confirm they originated from an authorized domain. VDI (Virtual Desktop Infrastructure) is a virtualization technology that streams desktop operating systems to users from centralized server hardware. SNMP (Simple Network Management Protocol) is used to monitor and manage devices on a network, not for port-based access control.

Correct answer: D. Reverse engineering an application

Technical controls consist of hardware, software, systems, and configurations that directly enforce or support security policies. Configuring a firewall, encrypting data in transit, and deploying an EDR (Endpoint Detection and Response) solution are all technical controls because they directly implement security measures through technology. Reverse engineering an application is an operational control — it is a procedural activity performed by humans to understand software behavior. Operational controls cover practices and procedures that strengthen security posture rather than technical enforcement mechanisms.

Correct answer: D. Wireless rogue

A wireless rogue is an unauthorized device that joins a network over a wireless connection. Since 802.11ax is a Wi-Fi standard, the camera qualifies as a wireless rogue rather than a wired rogue (which would require a physical cable connection). Beaconing refers to periodic network traffic used by command-and-control malware to check in with an attacker-controlled server — it is not a device classification. NAC (Network Access Control) is a mechanism used to enforce policies that control which devices may access a network, not a category of rogue device.

Correct answer: B. Adversarial

NIST defines four broad threat categories: Adversarial — intentional attempts to harm an organization Accidental — unintentional mistakes made by individuals Structural — failures of equipment, software, or infrastructure Environmental — natural disasters and other environmental events (e.g., fires, floods, power outages) A disgruntled ex-employee acting with deliberate malicious intent is an adversarial threat. "Human-made" and "public" are not among NIST's four recognized threat categories.

Correct answer: B. Environmental

NIST recognizes four threat categories: Adversarial — deliberate attempts to harm an organization Accidental — unintentional human errors Structural — failures of hardware, software, or infrastructure components Environmental — natural or physical disasters such as floods, hurricanes, fires, or power outages Because the damage was caused by a flood — a natural disaster — this threat is classified as environmental.

Correct answer: D. Nation-state

Key threat actor categories to know for CySA+ include: Nation-state: Government-sponsored actors with significant resources and advanced capabilities Organized crime: Financially motivated groups, often associated with ransomware campaigns Hacktivists: Ideologically driven actors seeking to promote a political or social cause Script kiddies: Low-skill attackers relying on pre-built tools Insider threats: Malicious or negligent actors already inside an organization Supply chain: Actors who compromise hardware or software supply chains to reach downstream targets A government-backed agency conducting sophisticated, targeted attacks is a nation-state actor. CRL (Certificate Revocation List) is a PKI concept and has nothing to do with threat actor classification.

Correct answer: A. df

The df command (disk free) reports disk space usage for all mounted filesystems on a Linux system. Running df -h produces human-readable output showing total size, used space, available space, and mount points. The w command displays information about currently logged-in users and their activity. The ps command lists running processes and their resource usage. The netstat command shows network statistics, active connections, and services listening on open ports.

Correct answer: B. Script kiddie

Script kiddies are unsophisticated threat actors who depend on pre-built, publicly available tools rather than developing their own attack capabilities. Their attacks are typically low-complexity. Hacktivists are motivated by political or ideological goals rather than a lack of skill. Nation-state actors are highly resourced and technically advanced. OSINT (Open Source Intelligence) is an intelligence-gathering methodology, not a threat actor type.

Correct answer: D. Data exfiltration

Data exfiltration is the unauthorized transfer or extraction of data from a system or network to an external location. Spear phishing is a targeted social engineering attack designed to deceive a specific individual into revealing credentials or information. File carving is a forensic technique used to recover files from storage media when filesystem metadata is unavailable or corrupted. DLP (Data Loss Prevention) refers to tools and policies designed to detect and prevent unauthorized data transfers — it describes the prevention mechanism, not the act itself.

Correct answer: D. Bandwidth consumption

Bandwidth consumption issues arise when network capacity is exhausted, causing slowdowns or outages. Common causes include misconfigurations, malicious activity, or sudden traffic surges — all of which can overwhelm available bandwidth. Beaconing involves periodic communications from compromised hosts to command-and-control infrastructure, typically at low or regular intervals rather than causing massive traffic spikes. Social engineering and phishing are human-focused attack techniques that manipulate individuals rather than generate excessive network traffic.