I'm curious about Q8cause the Question says activity related to data exfiltration. and D focusing on system logs for file access and transfer attempts will give you a clearer picture of whether sensitive data was exfiltrated from the compromised workstation.
There will be in the future, currently working on some projects for the channel that I hope to get done in the next few weeks. I’ll also do some Pentest+ as well.
Thank you for material. You're really doing great work by sharing this. I have a doubt on question 9. if I'm not wrong, OWASP focus on web application and nothing in the question is related to web application. Is there a better explanation for why A is the correct answer?
Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage? Options: A Enrich the SIEM-ingested data to include all data required for triage. B Schedule a task to disable alerting when vulnerability scans are executing. C Filter all alarms in the SIEM with low severity. D Add a SOAR rule to drop irrelevant and duplicated notifications. can we discuss this question?
Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage? Options: AEnrich the SIEM-ingested data to include all data required for triage. BSchedule a task to disable alerting when vulnerability scans are executing. CFilter all alarms in the SIEM with low severity. DAdd a SOAR rule to drop irrelevant and duplicated notifications. can you help me to answer this question please
Are these questions similar to the exam itself? I'm finding it hard to pin down the difficulty level of the exam as practice questions online vary in technical detail.
i would think D for question 15 will only be if all of the files are actually backed up and businesses really back to normal it's kind of tricky because business cannot fully be back to normal if everything is not backed up. although answer D is the correct answer I disagree lol. once everything has been restored then you could document that in ur incident report
Thanks a bunch for these vids. Really helping with prep. On a side note, you wouldn’t happen to also be the person behind the Historia Civilis channel? I don’t think so, but your voices are so similar to me. Thanks again.
Thanks for the content, I'm really enjoying doing practice questions prior to sitting SY0-701 in the near future. Question 9 concerns me in that I haven't seen it reference in any study material and it points to a commercially available web site for identifying potential vulnerabilities (which you may/may not have to join to access the full range of data. I'd be concerned if this was an actual question in my exam. Thanks again
And question 10, why would you only export user data for the past year? What if the data exfil or ransomware attack preceded this one year? I'm hopefully not being picky but genuinely worried about the wording of the questions and reasoning behind the answers.
Hey! This video is for the CySA+ exam not the 701! But regardless, a common tactic that CompTIA does in their exams is ask about stuff that's either not real or not the answer if it isn't within the exam objectives. As the test taker, you need to know what's within the exam objectives. National Vulnerability Database, while it's a real thing, would not be the answer because it's not within the exam objectives. Hope this makes sense
Out of all the available options, option B is the best. Don't think too far into the question, the correct thing to do is to hand over ALL information to law enforcement. Now that you know that's what you're supposed to do, which of the answers best resembles this? Option B, Export all user logs for the past year and provide them to law enforcement.
for question 19 it says it appears legitimate we do not know if it's a true positive or not so why not extract the malicious URL ( answer D) and then once it's found out that it is fake email we can then containerize it which would be answer (A). remember it says 'potential'
While watching this video I got a whole bunch of ads spread about every minute apart. UA-cam must have an algorithm that shows more ads for certain videos.
Haha yeah! I actually submitted my 18 year old wow account to Blizzard for battle net deletion two weeks ago though. Decided that it was time to put it away for good. Which versions of wow are you playing? I was playing wrath (and then cata) and a lot of SoD
@@ImCyberJames I'm big on the classic cata right now.... And btw, I just passed the CySA+ this morning. Was using these videos to freshen up near the end of my studying. Being able to hear the thought process working through the question was amazing. Appreciate the content and will be around if you ever decide to return to Azeroth.
Watch part 1 of the CySA+ : ua-cam.com/video/xT6afzxvkJ0/v-deo.html
I passed it today, 803
This guy genuinely wants to help. Sub and thumb him for your own good
Would love a part 3! For those who have passed the CySA+, are these questions about equivalent to the test, easier, or more difficult?
awesome video ~ I'm learning so much about cybersecurity
I'm curious about Q8cause the Question says activity related to data exfiltration.
and D focusing on system logs for file access and transfer attempts will give you a clearer picture of whether sensitive data was exfiltrated from the compromised workstation.
I agree I thought it would be D specifically since the question mentioned data exfiltration and not lateral movement
thank you cyber James..
taking the test in january 2025 and need to pass
anything free or low cost you would recommend?
Thanks for the videos. Is there a Part 3 available?
There will be in the future, currently working on some projects for the channel that I hope to get done in the next few weeks. I’ll also do some Pentest+ as well.
@@ImCyberJames Thanks. Can you also cover Performance based Questions in the practice exams?
Thank you for material. You're really doing great work by sharing this.
I have a doubt on question 9. if I'm not wrong, OWASP focus on web application and nothing in the question is related to web application.
Is there a better explanation for why A is the correct answer?
Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?
Options:
A Enrich the SIEM-ingested data to include all data required for triage.
B Schedule a task to disable alerting when vulnerability scans are executing.
C Filter all alarms in the SIEM with low severity.
D Add a SOAR rule to drop irrelevant and duplicated notifications.
can we discuss this question?
THIS IS GREATTTTTTTTTT
ohhh nooo i need more videos these are great 😩😩😩😩😥😥😥😥
Thank you for this!
Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?
Options:
AEnrich the SIEM-ingested data to include all data required for triage.
BSchedule a task to disable alerting when vulnerability scans are executing.
CFilter all alarms in the SIEM with low severity.
DAdd a SOAR rule to drop irrelevant and duplicated notifications.
can you help me to answer this question please
Are these questions similar to the exam itself? I'm finding it hard to pin down the difficulty level of the exam as practice questions online vary in technical detail.
i would think D for question 15 will only be if all of the files are actually backed up and businesses really back to normal it's kind of tricky because business cannot fully be back to normal if everything is not backed up. although answer D is the correct answer I disagree lol. once everything has been restored then you could document that in ur incident report
That's what I was thinking too. Obviously that is the correct answer, but the explanation didn't address the prompt.
@@DivAcad exactly
Thank you a lot but these questions are the same real test or not?
Thanks a bunch for these vids. Really helping with prep.
On a side note, you wouldn’t happen to also be the person behind the Historia Civilis channel? I don’t think so, but your voices are so similar to me. Thanks again.
I'm glad to hear they're helping! And no I'm not haha
Thanks for the content, I'm really enjoying doing practice questions prior to sitting SY0-701 in the near future. Question 9 concerns me in that I haven't seen it reference in any study material and it points to a commercially available web site for identifying potential vulnerabilities (which you may/may not have to join to access the full range of data. I'd be concerned if this was an actual question in my exam. Thanks again
And question 10, why would you only export user data for the past year? What if the data exfil or ransomware attack preceded this one year? I'm hopefully not being picky but genuinely worried about the wording of the questions and reasoning behind the answers.
Hey! This video is for the CySA+ exam not the 701! But regardless, a common tactic that CompTIA does in their exams is ask about stuff that's either not real or not the answer if it isn't within the exam objectives. As the test taker, you need to know what's within the exam objectives. National Vulnerability Database, while it's a real thing, would not be the answer because it's not within the exam objectives. Hope this makes sense
Out of all the available options, option B is the best. Don't think too far into the question, the correct thing to do is to hand over ALL information to law enforcement. Now that you know that's what you're supposed to do, which of the answers best resembles this? Option B, Export all user logs for the past year and provide them to law enforcement.
@@ImCyberJames Had the same concern. Thanks for the strategy.
Where do you get these questions from?
Where’s part 3?!
We can see WoW fan here, great!, for the alliance!, can you comapre sec+ to cysa in terms of difficulty? Or maybe u did a sybex 1000 questions book?
for question 19 it says it appears legitimate we do not know if it's a true positive or not so why not extract the malicious URL ( answer D) and then once it's found out that it is fake email we can then containerize it which would be answer (A). remember it says 'potential'
question 9 i would say B
i’ve watch part 1 and part 2, is the CYSA+ really this easy?
CySA+ was the easiest for me
your answer for Q9 has baffled me. OWASP seems very far removed from the scenario and what the question was after. B makes more sense
For question 1 itself, i don't see B as an better option
I am sory Sir for this question is that all exam part1 ant 2 only for CYSA+
i passed my test
Congrats! That’s awesome!
While watching this video I got a whole bunch of ads spread about every minute apart. UA-cam must have an algorithm that shows more ads for certain videos.
Nah, he puts it there for profit
A fellow wow player too?
Haha yeah! I actually submitted my 18 year old wow account to Blizzard for battle net deletion two weeks ago though. Decided that it was time to put it away for good. Which versions of wow are you playing? I was playing wrath (and then cata) and a lot of SoD
@@ImCyberJames I'm big on the classic cata right now.... And btw, I just passed the CySA+ this morning. Was using these videos to freshen up near the end of my studying. Being able to hear the thought process working through the question was amazing. Appreciate the content and will be around if you ever decide to return to Azeroth.
@@roycejetjones5363 congratulations. what other resources did you use besides these videos?