CompTIA CySA+ Questions and Answers
100 questions organized by topic with detailed explanations
CompTIA
CS0-003
100 questions
4 topics
Updated May 2026Security Operations
37 questions13 easy13 medium11 hard~33% of exam
An organization wants to improve its security operations by consolidating visibility across all security tools into a un...A security analyst is investigating a phishing email that bypassed the spam filter. Which tool would be most appropriate...Which framework uses tactics, techniques, and procedures (TTPs) to describe adversary behavior and is commonly reference...
Vulnerability Management
27 questions6 easy13 medium8 hard~30% of exam
A penetration test report identifies that the organization's web application is vulnerable to insecure deserialization. ...A security team is scheduling vulnerability remediation and must patch a critical vulnerability on a production database...What does CVSS stand for, and what is its primary purpose?
Incident Response Management
20 questions6 easy8 medium6 hard~20% of exam
Which phase of the incident response lifecycle involves identifying and limiting the spread of an active attack?A security analyst is building an incident response playbook for ransomware events. Which element is most critical to in...A large organization experiences a ransomware outbreak affecting 40% of its endpoints. The CISO asks the incident respon...
Reporting and Communication
16 questions4 easy8 medium4 hard~17% of exam
A security analyst must communicate the results of a vulnerability assessment to a non-technical business unit manager. ...After a significant security incident, the incident response team must formally notify senior leadership and potentially...An organization's security team has completed a vulnerability assessment and found that 30% of critical vulnerabilities ...
All Questions
| # | Question | Topic | Difficulty |
|---|---|---|---|
| 1 | Which phase of the incident response lifecycle involves identifying and limiting the spread of an ac... | Incident Response Management | easy |
| 2 | A security analyst is building an incident response playbook for ransomware events. Which element is... | Incident Response Management | medium |
| 3 | A large organization experiences a ransomware outbreak affecting 40% of its endpoints. The CISO asks... | Incident Response Management | hard |
| 4 | During an incident investigation, a forensic analyst needs to collect volatile data from a compromis... | Incident Response Management | medium |
| 5 | A penetration test report identifies that the organization's web application is vulnerable to insecu... | Vulnerability Management | hard |
Sign in to see all 100 questions
Create a free account to browse all questions — completely free during our launch phase.
Ready to test your knowledge?
Take a full CompTIA CySA+ practice test with timed exam simulation.
Start Practice Test