CCNA Cysa Reporting Communication Questions

9 of 84 questions · Page 2/2 · Cysa Reporting Communication topic · Answers revealed

76
MCQeasy

Which of the following best describes the purpose of a threat intelligence report at the operational level?

A.Offer detailed analysis of threat actor TTPs for specific campaigns
B.Deliver technical indicators like IoCs to SOC analysts
C.Provide high-level trends to executive leadership
D.Summarize geopolitical risks affecting the organization
AnswerA

Operational intelligence provides actionable insights for defenders.

Why this answer

Operational intelligence focuses on specific campaigns, tools, and techniques to inform defenders' actions.

77
MCQmedium

A vulnerability report for a critical application shows that a high-risk vulnerability has been accepted by the business owner. What should the analyst include in the report to document this decision?

A.A formal risk acceptance form signed by the business owner with a justification
B.The technical details of the vulnerability only
C.An automatic closure of the vulnerability ticket
D.A note that the vulnerability is low priority
AnswerA

This meets compliance and governance requirements.

Why this answer

Proper risk acceptance documentation requires a formal sign-off by the risk owner, typically including a justification and acceptance date.

78
MCQeasy

Which of the following is a key performance indicator (KPI) for measuring the efficiency of patch management?

A.Mean time to respond (MTTR)
B.Number of open vulnerabilities
C.Phishing simulation click rate
D.Patch SLA compliance %
AnswerD

Correct. It directly measures adherence to patching deadlines.

Why this answer

Patch SLA compliance percentage measures how often patches are applied within the defined service level agreement, indicating the effectiveness of patch management processes.

79
MCQeasy

A security analyst needs to communicate the business impact of a newly discovered critical vulnerability to the executive team. Which of the following is the BEST approach?

A.Send the raw vulnerability scan report.
B.Explain the vulnerability in layman's terms and estimate potential financial loss.
C.Recommend immediate patching without further context.
D.Provide a detailed CVSS score and exploit code.
AnswerB

This translates technical risk to business risk.

Why this answer

Translating technical risk into business terms (financial, reputational, regulatory) helps executives understand the impact and make informed decisions.

80
MCQhard

During an incident, the SOC team identifies indicators of compromise (IoCs) that may affect partners. According to best practices, what should the analyst do first?

A.Follow the incident response communication plan
B.Wait until the incident is fully resolved
C.Post the IoCs on a public threat sharing platform
D.Directly notify all affected partners
AnswerA

The plan outlines steps for internal and external communication.

Why this answer

An incident response plan should define communication procedures; typically, the team should escalate internally to leadership who can authorize external notifications.

81
MCQmedium

A security analyst is preparing a vulnerability report for the IT operations team. Which section should provide a high-level overview of the organization's risk posture?

A.Risk acceptance
B.Executive summary
C.Remediation timeline
D.Findings by severity
AnswerB

The executive summary gives a high-level risk overview.

Why this answer

The executive summary provides a concise overview of key findings and risk posture for management.

82
Multi-Selecthard

A threat intelligence analyst has produced a report containing specific Indicators of Compromise (IoCs) such as IP addresses, domain names, and file hashes. Which TWO audiences are most appropriate for this type of intelligence? (Select TWO.)

Select 2 answers
A.Board of directors
B.SOC analysts
C.Executive leadership
D.Incident responders
E.Network engineers
AnswersB, D

SOC uses IoCs for detection and alerting.

Why this answer

Tactical intelligence (IoCs) is most useful for the SOC team and incident responders who can use them for detection and response. Executives need strategic intelligence, and network engineers need operational intelligence.

83
MCQmedium

During a security incident, the incident response team has identified that a phishing email led to credential theft and lateral movement. Which component of the incident report should detail the sequence of events from initial compromise to containment?

A.Root cause analysis
B.Impact assessment
C.Lessons learned
D.Timeline
AnswerD

The timeline records the sequence of events.

Why this answer

The timeline component of an incident report provides a chronological sequence of events, which is essential for understanding how the incident unfolded.

84
Multi-Selectmedium

An incident responder is documenting the root cause of a data breach. Which THREE components are essential to include in the root cause analysis section of the incident report? (Select THREE.)

Select 3 answers
A.The technical vulnerability exploited
B.The number of records affected
C.The name of the employee who clicked the phishing email
D.Human factors, such as lack of training
E.Process failures that allowed the vulnerability to exist
AnswersA, D, E

Correct. The specific technical weakness is a key part of the root cause.

Why this answer

Root cause analysis should identify the underlying causes, not just the symptoms. It should include the technical failure, the process failure, and the human or organizational factors that contributed.

← PreviousPage 2 of 2 · 84 questions total

Ready to test yourself?

Try a timed practice session using only Cysa Reporting Communication questions.