100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CYSA+ Test_One (1) $7.99   Add to cart

Exam (elaborations)

CYSA+ Test_One (1)

 2 views  0 purchase
  • Course
  • Institution

Exam of 14 pages for the course CySA+ at CySA+ (CYSA+ Test_One (1))

Preview 2 out of 14  pages

  • August 1, 2024
  • 14
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CYSA+ Test_One
A cybersecurity analyst uses the Common Vulnerability Scoring System (CVSS) to evaluate the
severity of a vulnerability in a company's software. When using the CVSS to evaluate the
severity of a software vulnerability, what specific factors should the analyst consider, and why is
CVSS an important tool for IT teams to use? (Select the two best options.)

A.Type of vulnerability, affected system, and potential impact; to prioritize remediation efforts
B.Severity, number of systems affected, and potential impact; to allocate resources more
effectively
C.Likelihood of exploitation, potential impact, and patch availability; to provide an objective
measure of risk
D.Cost of fixing, number of systems affected, and potential impact; to provide a standardized
method for assessing severity - ANS-A & D ???

he CVSS assigns a score to a vulnerability, including the vulnerability type, affected system, and
potential impact. CVSS is an important tool as it helps IT teams prioritize remediation efforts
based on the objective measure of risk provided by the scoring system. While severity, number
of systems affected, and potential impact are factors considered by CVSS, it is not a complete
list. The scoring system aims to help IT teams allocate resources more effectively, not just to
assess severity. CVSS factors include the likelihood of exploitation, potential impact, and patch
availability. The scoring system objectively measures risk posed by a given vulnerability. Cost of
fixing, number of systems affected, and potential impact are not a complete list. The scoring
system aims to provide a standardized method for assessing the severity of vulnerabilities.

A security analyst wants to use a web application scanner to test the security of a web
application. Which of the following is a feature of Burp Suite that could support the security
analyst's requirements?

A.Testing for vulnerabilities in the application source code
B.Assessing the security of the underlying operating system
C.Detecting malware and viruses on the web server
D.Intercepting and modifying HTTP requests and responses - ANS-Intercepting and modifying
HTTP requests and responses is a feature of Burp Suite. This scanner enables the analyst to
examine and manipulate the communication between the web application and the client.
Though Burp Suite permits testing for specific types of vulnerabilities in the application's source
code, its primary use is for assessing the web application's security, not the source code.
Burp Suite focuses on evaluating the security of web applications and does not assess the
security of the underlying operating system.
Burp Suite is not a malware or virus scanner and does not detect malware or viruses on the web
server.

, A company is planning to deploy its applications and services in a cloud environment, with a
strong emphasis on ensuring security and maintaining control over its data. Considering these
requirements, which cloud deployment model would be most suitable?
A.Public cloud deployment model
B.Private cloud deployment model
C.Hybrid cloud deployment model
D.Multi-cloud deployment model - ANS-The private cloud deployment model is the best one to
address concerns about security and control over data. It provides a dedicated, secure
environment where the organization has complete control over the data, applications, and
resources used.
Public cloud deployment is unsuitable for companies requiring high levels of security and control
over their data, as it involves sharing resources and infrastructure with other organizations.
Hybrid cloud deployment provides a combination of public and private clouds, but this type of
model may not offer the same level of security and control.
Multi-cloud deployment involves using multiple cloud providers to distribute applications and
services, but this type of model may not offer the same level of security and control as a private
cloud deployment model.

A network administrator has noticed a series of unusual network activities that indicate a
possible cyberattack. The administrator analyzes the event using a framework that explores the
relationships among four core features: adversary, capability, infrastructure, and victim. Which of
the following methodologies would the network administrator use for the review?
A.Cyber kill chain
B.Incident response plan
C.Diamond model of intrusion analysis
D.Data breach assessment - ANS-The diamond model of intrusion analysis specifically analyzes
intrusion events by exploring the relationships among four core features: adversary, capability,
infrastructure, and victim.
The cyber kill chain framework provides a good understanding of the steps an attacker may
take, but it does not explore the relationships among the four core features of an intrusion
represented by the diamond model.
Having an incident response plan is essential; however, it is not a methodology for analyzing
intrusion events.
Data breach assessment is a process of identifying, containing, and mitigating the impact of a
data breach, but it is not a methodology for analyzing intrusion events.

A network administrator has detected irregular P2P communication on the network. What could
be the possible cause of this communication?
A.Malware infection or botnet activity
B.Hardware failure of networking devices
C.Lack of network segmentation
D.Weak authentication protocols - ANS-Malware or botnets frequently employ peer-to-peer
(P2P) communication for command and control purposes. Therefore, unusual communication

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller modockochieng06. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

83100 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart