CYSA, Top Exam Questions and answers, 100% Accurate. RATED A+
1 view 0 purchase
Course
CYSA
Institution
CYSA
CYSA, Top Exam Questions and answers, 100% Accurate. RATED A+
The IT team reports the EDR software that is installed on laptops is using a large amount of resources. Which of the following changes should a security analyst make to the EDR to BEST improve performance without compromising securi...
CYSA, Top Exam Questions and
answers, 100% Accurate. RATED A+
The IT team reports the EDR software that is installed on laptops is using a large amount of resources.
Which of the following changes should a security analyst make to the EDR to BEST improve performance
without compromising security?
A. Quarantine the infected systems.
B. Disable on-access scanning.
C. Whitelist known-good applications.
D. Sandbox unsigned applications. - ✔✔-Whitelist known-good applications
A security analyst is reviewing the following requirements for new time clocks that will be installed in a
shipping warehouse:The clocks must be configured so they do not respond to ARP broadcasts.The server
must be configured with static ARP entries for each clock.Which of the following types of attacks will this
configuration mitigate?
A. Spoofing
B. Overflows
C. Rootkits
D. Sniffing - ✔✔-Spoofing
Which of the following sources would a security analyst rely on to provide relevant and timely threat
information concerning the financial services industry?
A. Real-time and automated firewall rules subscriptions
B. Open-source intelligence, such as social media and blogs
C. Information sharing and analysis memberships
D. Common vulnerability and exposure bulletins - ✔✔-Information sharing and analysis
An information security analyst discovered a virtual machine server was compromised by an attacker.
Which of the following should be the FIRST step to confirm and respond to the incident?
A. Pause the virtual machine.
,B. Shut down the virtual machine.
C. Take a snapshot of the virtual machine.
D. Remove the NIC from the virtual machine. - ✔✔-Take a snapshot of the virtual machine.
As part of an organization's information security governance process, a Chief Information Security
Officer (CISO) is working with the compliance officer to update policies to include statements related to
new regulatory and legal requirements. Which of the following should be done to BEST ensure all
employees are appropriately aware of changes to the policies?
A. Conduct a risk assessment based on the controls defined in the newly revised policies.
B. Require all employees to attend updated security awareness training and sign an acknowledgement.
C. Post the policies on the organization's intranet and provide copies of any revised policies to all active
vendors.
D. Distribute revised copies of policies to employees and obtain a signed acknowledgement from them -
✔✔-Require all employees to attend updated security awareness training and sign an
acknowledgement.
An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any,
passwords are being used. Which of the following commands should the analyst use?
A. Tcpdump -X dst port 21
B. ftp ftp.server -p 21
C. nmap -o ftp.server -p 21
D. telnet ftp.server 21 - ✔✔-Tcpdump -X dst port 21
Employees of a large financial company are continuously being infected by strands of malware that are
not detected by EDR tools. Which of the following is the BEST security control to implement to reduce
corporate risk while allowing employees to exchange files at client sites?
A. MFA on the workstations
B. Additional host firewall rules
C. VDI environment
D. Hard drive encryption
E. Network access control
F. Network segmentation - ✔✔-VDI environment
, While reviewing a packet capture. a security analyst discovers a recent attack used specific ports
communicating across non-standard ports and exchanged a particular set of files. In addition, forensics
determines the files contain malware and have a specific callback domain within the files. The MOST
appropriate action to take in this situation would be to implement a change request for an IPS:
A. to block the callback domain and another signature hash to block the files
B. behavioral signature and update the blacklisting on the domain
C. rule to block the non-standard ports and update the blacklisting of the callback domain
D. signature for the callback domain and update the firewall settings to block the non-standard ports -
✔✔-rule to block the non-standard ports and update the blacklisting of the callback domain
During a review of the vulnerability scan results on a server. an information security analyst notices the
following:The MOST appropriate action for the analyst to recommend to developers is to charge the
web server so:
A. It only accepts TLSv1.2
B. It only accepts ciphers suites using AES and SHA
C. It no longer accepts the vulnerable cipher suites
D. SSL/TLS is offloaded to a WAF and load balancer - ✔✔-It no longer accepts the vulnerable cipher
suites
As part of a merger with another organization, a Chief Information Security Manager (CISO) is working
with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily
concerned with the potential legal liability and fines associated with data privacy. Based on the CISO's
concerns, the assessor will MOST likely focus on:
A. qualitative probabilities
B. quantitative probabilities
C. qualitative magnitude
D. quantitative magnitude - ✔✔-quantitative magnitude
concerned developers have too much visibility into customer data. Which of the following controls
should be implemented to BEST address these concerns?
A. Data masking
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller PassPoint02. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.