Home/United States/IT & Cybersecurity/Cybersecurity Analyst+
IT & Cybersecurity · 2026 question bank

Cybersecurity Analyst+
Practice Test

Practice for CompTIA CySA+ with cybersecurity analyst review topics, video walkthroughs, a free PDF and online mock exam access.

$2.99/week$6.99/monthfull unlock, cancel anytime
1010real questions
8free mock questions
4topic areas
Incident Response And Management Security Operations Vulnerability Management Reporting And Communication
Free sample · Cybersecurity Analyst+Q1 / 8
Which type of attack, as defined by NIST, uses massive volumes of invalid traffic to overwhelm and obstruct access to a web application?
Correct — D. Answer: Attrition NIST classifies attacks that use high volumes of invalid traffic to obstruct services as attrition. An example of this is a DDoS attack, which aims to overwhelm a web application through brute force methods. Phishing involves attempting to acquire sensitive information through deceptive emails or websites. An insider threat refers to a malicious threat to an organization's security from within. An advanced persistent threat describes a prolonged and sophisticated cyber attack that aims to remain undetected within the target's system.
↑ Tap an answer to check it
Practice all 8 questions

Heads up: the app and the web exam use separate accounts — a web unlock and an in-app purchase do not carry over. Buy on the web to practice on the web.

Watch & learn

Cybersecurity Analyst+ exam — full Q&A walkthrough

Every question read aloud with the answer explained. Play it on your commute, then test yourself.

▶ Full Q&A walkthrough📺 @CertsQuizPrep
Sample questions

Cybersecurity Analyst+ sample questions

Tap any question below to reveal the answer and a plain-English explanation.

Incident Response And Management Which type of attack, as defined by NIST, uses massive volumes of invalid traffic to overwhelm and obstruct access to a web application?

A. Phishing

B. Insider Threat

C. Advanced Persistent Threat

D. Attrition ✓

Correct — D. Answer: Attrition NIST classifies attacks that use high volumes of invalid traffic to obstruct services as attrition. An example of this is a DDoS attack, which aims to overwhelm a web application through brute force methods. Phishing involves attempting to acquire sensitive information through deceptive emails or websites. An insider threat refers to a malicious threat to an organization's security from within. An advanced persistent threat describes a prolonged and sophisticated cyber attack that aims to remain undetected within the target's system.

Security Operations Which of the following elements should a cybersecurity analyst ensure is current on their network devices, such as switches and routers, when conducting regular maintenance?

A. Operating system

B. Backup software

C. Firmware ✓

D. Anti-virus

Correct — C. Answer: Firmware When performing routine maintenance on network devices such as switches and routers, it is essential to verify that the firmware is up-to-date. Firmware updates often include important security patches and improvements. Typically, these network devices will not require anti-virus software, a complete operating system, or backup software to function correctly.

Vulnerability Management Which protocol facilitates communication between various industrial devices in a manufacturing setting without the need for a central controller?

A. RTOS

B. FTP

C. Profinet ✓

D. MODBUS

Correct — C. Answer: Profinet Profinet is a protocol used to facilitate communication between various industrial devices such as sensors, actuators, and controllers in a manufacturing setting without the need for a central controller. It is designed to ensure real-time communication and interoperability. MODBUS is a communication protocol used by PLCs. A real-time operating system (RTOS) is used to manage hardware resources in systems requiring low-latency. FTP is a standard network protocol for the transfer of files between computers on a TCP/IP network.

Reporting And Communication The Health Insurance Portability and Accountability Act (HIPAA) highlights three primary safeguards for protecting patient information. Which of the following is NOT one of the three primary safeguards defined by HIPAA?

A. Technical Safeguards

B. Operational Safeguards ✓

C. Administrative Safeguards

D. Physical Safeguards

Correct — B. Answer: Operational Safeguards HIPAA does not define Operational Safeguards among its primary categories. The primary safeguards defined by HIPAA are Administrative Safeguards, Physical Safeguards, and Technical Safeguards.

Incident Response And Management An IT technician needs to view active network connections and the ports on which the computer is listening. Which command should the technician use from the Linux terminal to accomplish this?

A. ifconfig -a

B. nslookup

C. traceroute

D. netstat -tuln ✓

Correct — D. Answer: netstat -tuln. By running the netstat -tuln command, the technician can view all active connections along with the ports on which the computer is listening. The ifconfig -a command displays all IP configuration information, nslookup queries DNS information, and traceroute shows the hops a packet takes to its destination.

Security Operations Identify the two main components of a rule in a Suricata IDS configuration.

A. Protocol and port

B. Rule header and rule options ✓

C. Signature and action

D. Source IP and destination IP

Correct — B. Answer: Rule header and rule options In Suricata IDS, each rule consists of a rule header and rule options. The rule header specifies the action, protocol, and IP addresses, while the rule options define additional details such as payload content.

Vulnerability Management An incident response team is preparing for a tabletop exercise to simulate a potential cybersecurity incident. During the preparation meeting, they discuss elements such as the exercise's schedule, the scenarios to be tested, and whether active responses like system isolation will be performed. What term is used to describe such preparatory discussions?

A. Containment Strategy

B. Incident Timeline

C. Rules of engagement ✓

D. Scenario Planning

Correct — C. Answer: Rules of engagement The rules of engagement should be established before conducting a tabletop exercise or any incident response practice. These rules define how the exercise will be conducted, including timing, scope, authorization, communication protocols, and specific actions to be tested or avoided. During the preparation, the team ensures all members understand their roles, the sequence of events, and the expected outcomes.

Incident Response And Management An IT specialist is assembling a toolkit for incident response. To ensure evidence collected from network breaches is securely transferred and stored without tampering, which of the following should be included in the toolkit?

A. Tamper-evident bags ✓

B. Network diagram templates

C. Blank USB drives

D. Incident response guide

Correct — A. Answer: Tamper-evident bags During an incident response, it is crucial to ensure that any evidence collected is securely transported and stored to maintain the chain of custody. Tamper-evident bags are designed to show any signs of unauthorized access, thus ensuring evidence integrity. Network diagram templates help in documenting network architecture. Blank USB drives are used for data transfer but do not ensure data integrity on their own. An incident response guide provides procedural instructions and does not protect evidence integrity.

What is on the exam

About the Cybersecurity Analyst+ test

The Cybersecurity Analyst+ measures the IT & Cybersecurity knowledge you'll actually rely on — tested the way the real exam asks it, not with trick questions. Practising real Cybersecurity Analyst+-style questions, then sitting a full timed mock exam, is the fastest way to walk in knowing you'll pass.

You will be tested on

  • The core topics and terminology you'll be tested on
  • Rules, standards and best-practice procedures
  • Real-world scenarios and how to respond
  • Common mistakes and how to avoid them

How TheoryPractice helps you pass

  • Real exam-style questions with instant, detailed explanations
  • Full timed mock exams that mirror the real test format
  • Flashcards & quiz modes from the same question bank
  • Progress tracking so you know exactly when you're ready
Coverage

Topics in this question bank

Topic

The core topics and terminology you'll be tested on

Topic

Rules, standards and best-practice procedures

Topic

Real-world scenarios and how to respond

Topic

Common mistakes and how to avoid them

Unlock everything

Full Cybersecurity Analyst+ bank + unlimited mocks

Try 30 questions free. Unlock the complete Cybersecurity Analyst+ question bank, every explanation, and unlimited timed mock exams. Practice on any device.

Unlock Cybersecurity Analyst+ →
Cramming?
$2.99
/ week · per exam
Best value
$6.99
/ month · per exam
Questions

Cybersecurity Analyst+ test FAQ

Is the Cybersecurity Analyst+ hard?
The Cybersecurity Analyst+ is very passable when you study with realistic practice questions. Most people only find it tricky because the wording is unfamiliar. Practise in the real question format until you score consistently above the pass mark and you'll walk in confident.
How many questions are on the Cybersecurity Analyst+?
The exact number depends on the version of the Cybersecurity Analyst+ you sit. CySA+ Test Prep includes a large bank of practice questions covering every topic, plus full-length mock exams set up to mirror the real test format and pass mark.
Can I practise the Cybersecurity Analyst+ for free?
Yes. You can practise a free sample of Cybersecurity Analyst+ questions on TheoryPractice in your browser, with answers and explanations. A web unlock adds the full question bank and unlimited timed mock exams for this exam.
Does CySA+ Test Prep work offline?
The web practice works in your browser. If you prefer offline study, use the downloadable PDF or the mobile app where available, then return to the web version for timed mock exams and progress tracking.
Is Cybersecurity Analyst+ practice available in other languages?
Several of our apps support more than one language. Open the CySA+ Test Prep listing on the App Store or Google Play to see the exact languages available for the Cybersecurity Analyst+.
How many Cybersecurity Analyst+ questions are there?
This bank covers 1010 Cybersecurity Analyst+ practice questions, each with a plain-English explanation for the correct answer.
Is Cybersecurity Analyst+ practice free?
Yes — the sample questions on this page are free to practice. Unlock the full bank and timed mock exams when you're ready to go further.
Where can I practice the Cybersecurity Analyst+ online?
Right here on TheoryPractice, in your browser — no download required.