CySA+ Questions and Answers Already Passed

CySA+ Questions and Answers Already Passed Confidentiality, integrity, and availability What are the three key objectives of information security? Threats and vulnerabilities. Risk exists at the intersection of _______ and _________. Network access control What type of system controls access to a network based on criteria such as time of day, location, device type, and system health? The Internet, an internal network, and a DMZ What are the three networks typically connected to a triple-homed firewall? Packet filters Stateful inspection firewalls Next-generation firewalls Web application firewalls. What are the four types of firewalls? Group Policy Objects (GPOs) ______ may be used to apply settings to many different Windows systems at the same time. Planning, Discovery, Attack, and Reporting Four phases of penetration testing Port scanner What type of software can you use to enumerate the services that are accepting network connections on a remote system without probing that system for vulnerabilities? nmap What is the most commonly used port scanner? Traceroute or tracert, depending on the operating system What tool can be used to determine the path between two systems over the Internet? Anomaly analysis What type of data analysis looks for differences from expected behaviors? Trend analysis What type of data analysis predicts threats based on existing data? Credentialed scan What type of vulnerability scan leverages read-only access to the scan target? Risk appetite What term is used to describe an organization's willingness to tolerate risk? Read-only account What type of account should be used to perform credentialed vulnerability scans? Vulnerability scanning What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS? Web application scanning What is the purpose of Nikto and Acunetix? Criticality Difficulty Severity Exposure Remediation Priority CVSS What industry-standard system is used to assess the severity of security vulnerabilities? False positive What is the term used to describe when a scanner reports a vulnerability that does not really exist? Buffer overflow What type of vulnerability allows an attacker to place more data into an area of memory than is allocated for a specific purpose? Privilege escalation What type of attack seeks to increase the level of access that an attacker has to a targeted system? Arbitrary code execution What type of attack allows an attacker to run software of his or her choice on the targeted system? TLS 1.2 or later What is the current secure standard for providing HTTPS encryption? DNS amplification In what type of attack does the attacker sends spoofed DNS requests to a DNS server that are carefully designed to elicit responses that are much larger in size than the original requests? Security event What term is used to describe any observable occurrence in a system or network that relates to a security function? Security incident What term is used to describe a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices? Preparation Detection & Analysis Containment, Eradication, & Recovery Post-Incident Activity What are the phases of incident response? Procedures What type of documents provide the detailed, tactical information that CSIRT members need when responding to an incident? Incident Response Policy What document serves as the cornerstone of an organization's incident response program? Advanced Persistent Threat (APT) What type of threat consists of highly skilled and talented attackers focused on a specific objective? Functional impact, economic impact, and recoverability effort What are the types of impact used to describe the scope of a security incident? External/removable media Attrition Web, email Impersonation Improper usage Loss or theft of equipment What are the common attack vectors for security incidents? Top or ps What Linux command displays processes, memory utilization, and other detail about running programs? Beaconing What term is used to describe traffic sent to a command and control system by a PC that is part of a botnet? Perfmon What Windows tool provides information on memory, CPU, and disk use? SNMP What protocol is used to gather information about and manage network devices? lsof What Linux command allows you to list the files that are open by processes on a system? Flow data provides information about the source and destination IP address, protocol, and total data sent. What type of information is found in network flow data? iPerf What tool can administrators use to determine the maximum bandwidth available on a network connection? Forensic drive duplicator What type of device is designed to copy drives for forensic investigation, and then provide validation that the original drive and the content of the new drive match? Volume shadow copies Where can forensic analysts turn to find point-in-time information from prior actions on a Windows system? Event logs Where can forensic analysts turn to find information about logins, service start/stop events, and evidence of applications being run on a Windows system? dd What Linux utility is commonly used to clone drives in RAW format? Write blocker What type of device can ensure that attaching a drive to a forensic copy device or workstation does not result in modifications being made to drive, thus destroying the forensic integrity of the process? fmem and LiME What Linux kernel modules allow forensic access to physical memory? USB Historian What tool provides a list of USB devices that have been connected to a Windows system? Contain the damage What is the first action that incident responders should take after identifying a potential incident? Containment Network segmentation, isolation, and removal of affected systems are examples of ___________ strategies Eradication