CySA+ IOC Quiz: Can You Read the Signs?

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Thames
T
Thames
Community Contributor
Quizzes Created: 7097 | Total Attempts: 80,150
| Questions: 20 | Updated: Jul 2, 2026
Quiz
Please wait...
Question 1 / 21
🏆 Rank #--
0 %
0/100
Score 0/100

1. A sudden increase in failed authentication attempts followed by successful logins from a new device is a ____ IOC.

Submit
Please wait...
About This Quiz
Cysa+ Ioc Quiz: Can You Read The Signs? - Quiz

Test your ability to identify Indicators of Malicious Activity (CySA+) across networks, systems, and user behavior. This quiz covers common IOCs such as suspicious network traffic, file hashes, registry modifications, and behavioral anomalies that security analysts must recognize. Master the signs of compromise and strengthen your incident detection skills fo... see morereal-world cybersecurity roles. see less

2.

What first name or nickname would you like us to use?

You may optionally provide this to label your report, leaderboard, or certificate.

2. Which of the following best represents a complete IOC for threat intelligence sharing?

Submit

3. Data exfiltration to cloud storage services is typically detected by monitoring for ____ indicators such as unusual transfer volume and destination IP.

Submit

4. Which scenario best demonstrates a host-based IOC rather than a network-based IOC?

Submit

5. True or False: An IOC must be confirmed malicious across multiple independent sources before being actionable in an incident response.

Submit

6. Which log source is MOST critical for identifying indicators of malicious activity on a Windows endpoint?

Submit

7. A process injecting code into legitimate system processes is called ____ and is a strong IOC for malware.

Submit

8. Which of these are recognized IOC categories for CySA+ analysts? (Select all that apply)

Submit

9. True or False: Indicators of Malicious Activity (CySA+) can only be detected through manual log review and cannot be automated.

Submit

10. Which indicator is most directly associated with lateral movement within a compromised network?

Submit

11. Which of the following is a network-based indicator of compromise (IOC)?

Submit

12. In the context of IOCs, what does YARA rule detection primarily identify?

Submit

13. Which of the following are valid indicators of malicious activity? (Select all that apply)

Submit

14. True or False: Indicators of Malicious Activity (CySA+) include only network-based evidence and do not encompass host-based artifacts.

Submit

15. Which of these network artifacts would NOT typically be considered an IOC for malicious activity?

Submit

16. A process spawning child processes with suspicious command-line arguments is an example of a ____ IOC.

Submit

17. Abnormal user login patterns, such as logins from geographically impossible locations, represent which type of IOC?

Submit

18. Which registry modification is a common IOC for malware persistence on Windows systems?

Submit

19. True or False: A spike in network traffic to a single external IP address during off-hours is always a definitive indicator of a data exfiltration attack.

Submit

20. A file hash (MD5, SHA-256) is most useful for detecting malicious activity because it ____ uniquely identifies a specific file.

Submit
×
Saved
Thank you for your feedback!
View My Results
Cancel
  • All
    All (20)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
A sudden increase in failed authentication attempts followed by...
Which of the following best represents a complete IOC for threat...
Data exfiltration to cloud storage services is typically detected by...
Which scenario best demonstrates a host-based IOC rather than a...
True or False: An IOC must be confirmed malicious across multiple...
Which log source is MOST critical for identifying indicators of...
A process injecting code into legitimate system processes is called...
Which of these are recognized IOC categories for CySA+ analysts?...
True or False: Indicators of Malicious Activity (CySA+) can only be...
Which indicator is most directly associated with lateral movement...
Which of the following is a network-based indicator of compromise...
In the context of IOCs, what does YARA rule detection primarily...
Which of the following are valid indicators of malicious activity?...
True or False: Indicators of Malicious Activity (CySA+) include only...
Which of these network artifacts would NOT typically be considered an...
A process spawning child processes with suspicious command-line...
Abnormal user login patterns, such as logins from geographically...
Which registry modification is a common IOC for malware persistence on...
True or False: A spike in network traffic to a single external IP...
A file hash (MD5, SHA-256) is most useful for detecting malicious...
play-Mute sad happy unanswered_answer up-hover down-hover success oval cancel Check box square blue
Alert!