CYSA EXAM 2023 QUESTIONS AND VERIFIED CORRECT ANSWERS

CYSA EXAM 2023 QUESTIONS AND VERIFIED CORRECT ANSWERS The IT team reports the EDR software that is installed on laptops is using a large amount of resources. Which of the following changes should a security analyst make to the EDR to BEST improve performance without compromising security? A. Quarantine the infected systems. B. Disable on-access scanning. C. Whitelist known-good applications. D. Sandbox unsigned applications. - ANSWER Whitelist known-good applications A security analyst is reviewing the following requirements for new time clocks that will be installed in a shipping warehouse:The clocks must be configured so they do not respond to ARP broadcasts.The server must be configured with static ARP entries for each clock.Which of the following types of attacks will this configuration mitigate? A. Spoofing B. Overflows C. Rootkits D. Sniffing - ANSWER Spoofing Which of the following sources would a security analyst rely on to provide relevant and timely threat information concerning the financial services industry? A. Real-time and automated firewall rules subscriptions B. Open-source intelligence, such as social media and blogs C. Information sharing and analysis memberships D. Common vulnerability and exposure bulletins - ANSWER Information sharing and analysis An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident? A. Pause the virtual machine. B. Shut down the virtual machine. C. Take a snapshot of the virtual machine. D. Remove the NIC from the virtual machine. - ANSWER Take a snapshot of the virtual machine. As part of an organization's information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies? A. Conduct a risk assessment based on the controls defined in the newly revised policies. B. Require all employees to attend updated security awareness training and sign an acknowledgement. C. Post the policies on the organization's intranet and provide copies of any revised policies to all active vendors. D. Distribute revised copies of policies to employees and obtain a signed acknowledgement from them - ANSWER Require all employees to attend updated security awareness training and sign an acknowledgement. An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use? A. Tcpdump -X dst port 21 B. ftp r -p 21 C. nmap -o r -p 21 D. telnet r 21 - ANSWER Tcpdump -X dst port 21 Employees of a large financial company are continuously being infected by strands of malware that are not detected by EDR tools. Which of the following is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites? A. MFA on the workstations B. Additional host firewall rules C. VDI environment D. Hard drive encryption E. Network access control F. Network segmentation - ANSWER VDI environment