CompTIA CySA+ CSO-002 Post-Assessment Quiz
Esther is performing a manual log file review and sees a number of failed logins for one
username after the next, with no more than two tries for any given username. Which of the
following types of attacks should she ensure that her infrastructure is protected against?
a. Rainbow table attack
b. Triple threat attack
c. Password spraying
d. Session hijacking - ANS-Password spraying
Cristin wants to protect her database server from indirect attacks via the web applications that
her company has deployed. Which of the following types of attacks might she want to protect
against?
a. SQL stuffing
b. DBMS DDL
c. SQL injection
d. DBMS wrapping - ANS-SQL injection
Tavon is testing an application before it goes into production. As part of his testing, he is
entering various types of data into the form's text fields in the application to see if he can get it to
generate a system error that isn't caught by the application's input validation. He tries to enter
the number 289 into a field that is being stored as an 8-bit number in the database. Which of the
following might be the result?
a. This will cause a buffer overflow.
b. This will cause a SQL injection.
c. There will not be an error and it will insert into the table correctly.
d. This will cause an integer overflow. - ANS-This will cause an integer overflow.
Elzbieta is a cybersecurity analyst at a water treatment utility. The company is looking to
automate some of the functions at the plants that it operates to save on labor costs. Which of
the following might she suggest that they deploy?
a. BAS
b. ICS
c. IoT
d. RTOS - ANS-ICS
A pandemic has spread worldwide that has caused a number of health issues, requiring many
companies to ask their employees to work from home. However, there are some concerns that
some of the devices on their employees' home networks easily could be compromised if not
developed with a strong security posture in mind. Which of the following types of devices are the
most likely concern?
a. IoT
,b. FPGA
c. RTOS
d. SoC - ANS-IoT
Isak works for a company that makes embedded systems for use in the building and
construction industry. Which of the following most commonly is used by SoC technologies that
he will most likely need to be familiar with?
a. IoT
b. RTOS
c. FPGA
d. SCADA - ANS-RTOS
Emil works for a large online ecommerce site. The company is looking to automate deliveries to
its customers while avoiding the traffic jams in large cities. However, they are concerned that
some of these devices could remotely be controlled and sent to other destinations with the
customer's packages. Which of the following is the company most likely looking at using?
a. CAN bus
b. Drones
c. AIRV
d. IoT - ANS-Drones
Avery is a cybersecurity analyst for a large credit card company. He is performing a manual
audit of the logs for a web application server and notices some entries out of the ordinary. As he
starts to investigate, he sees large amounts of traffic originating from one country, where the
credit card company currently does not process any credit cards from. Which of the following
might best describe the threat actors which have breached his company's security?
a. Script kiddies
b. Insider threat
c. Nation-state actors
d. Hacktivists - ANS-Nation-state actors
Aria has just returned from a cybersecurity conference. She met a number of professionals like
herself who worked for well-known multinational organizations, as well as penetration testers
who were hired to hack for a living. Which of the following describes the group of people
described?
a. White hat
b. Black hat
c. Yellow hat
d. Green hat - ANS-White hat
Ricardo receives a visit from one of the directors of the sales department. He states that the
sales department has been using a cloud-based customer relationship management system for
a while now and would like to start pulling in some data from the ERP. This is the first that
, Ricardo or anyone in IT has heard about the sales department using a cloud-based CRM.
Which of the following best describes this scenario?
a. Department-based IT
b. Exception-based technologies
c. Shadow IT
d. Shared-services IT - ANS-Shadow IT
Garrett wants to become a penetration tester. He has spent many hours learning and attending
cybersecurity conferences and talking with other pros who are already penetration testers. Many
of the existing pen testers recommended which of the following for how he should attack
companies for which he is hired to test?
a. Using the kill chain
b. Using the onion method
c. Using the inside-out model
d. Using the A++ACK process - ANS-Using the kill chain
Beatriz has just received an alert that the threshold has been met for the number of emails
caught by the spam filter that all originated from the same email address from outside the
company within a one-hour timeframe. She checks out the contents of the emails, and they all
are stating that the recipient has been awarded a large sum of money but will only receive it if
they act within the next 24 hours. Which of the following is the principle of influence that might
have been used in this phishing attack?
a. Liking
b. Authority
c. Social proof
d. Scarcity - ANS-Scarcity
Grenhilda has been asked by her manager to come up with a list of vulnerabilities and prioritize
them. Which of the following might she use a part of the prioritization process?
a. CVSS
b. FOIA
c. STIX
d. TAXII - ANS-CVSS
Anton has been asked by his manager to examine a list of vulnerabilities within a matrix that has
been created by a third-party consultant and fill in the information about what it would cost the
enterprise if each of the attack vectors were carried out effectively. For which information is the
manager looking?
a. Likelihood
b. Impact
c. Adversary capability
d. Total attack surface - ANS-Impact
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller modockochieng06. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.