Threat Detection — CompTIA CySA+ (CS0-003) Practice Questions
Threat detection is the practice of identifying indicators of malicious activity within an environment before or during an attack, and it is a core discipline tested throughout the CySA+ exam. Analysts must correlate data from logs, network sensors, endpoint agents, and threat intelligence feeds to distinguish attacker behavior from normal operations. The CS0-003 objectives emphasize proactive detection through threat hunting as well as reactive detection via automated alerting. A strong detection capability directly reduces dwell time, limiting the damage an attacker can cause before being contained.
Free questions on threat detection
During a post-incident review, the security team identifies that early warning signs of the breach were visible in logs for 3 days before detection. What should be improved?
Free question · medium · full answer + explanation
An incident response team discovers that malware has been present on a compromised system for 6 months before detection. What is the BEST recommendation to prevent similar incidents?
Free question · medium · full answer + explanation
Which of the following provides the BEST real-time visibility into advanced persistent threats (APTs) on a network?
Free question · medium · full answer + explanation
A company's intrusion detection system (IDS) generates approximately 10,000 alerts daily, but the security team only has capacity to investigate 2% of these alerts. Which approach best addresses this issue?
Free question · medium · full answer + explanation
More threat detection questions in the full bank
- What is file system indicator of compromise? Unlock answer & explanation →
- How to distinguish insider threats? Unlock answer & explanation →
- What is the primary purpose of network monitoring in a security infrastructure? Unlock answer & explanation →