CompTIA CySA+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA CySA+ Exam with our quizzes. Master essential cybersecurity skills with flashcards and multiple-choice questions, complete with hints and explanations to optimize your learning experience.

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What action should a cybersecurity analyst take when detecting a malware infection on a workstation?

  1. Update the operating system immediately

  2. Communicate the issue to the IT department

  3. Attempt to remove the malware manually

  4. Identify and remove any established command and control connections

The correct answer is: Identify and remove any established command and control connections

When a cybersecurity analyst detects a malware infection on a workstation, identifying and removing any established command and control (C2) connections is crucial. C2 connections allow the malware to communicate with external servers controlled by attackers, enabling them to send commands and receive data. If these connections are not severed, the malware can continue to operate, leading to further compromise of the system and potentially spreading to other devices in the network. By prioritizing the identification and termination of these connections, the analyst can disrupt the attacker's control over the infected system, minimizing damage and preventing exfiltration of sensitive data. This step is critical before or alongside any removal efforts to ensure the malware does not re-establish communication after attempts to clean or mitigate the infection. While updating the operating system, communicating with the IT department, and attempting to remove the malware manually are important actions in the broader context of incident response, they do not address the immediate threat posed by active C2 communications. Therefore, focusing on these connections provides a direct and effective response to malware infections.

More Questions Like This