Exam (elaborations)
CompTIA CySA+ Practice Exam Graded A+
- Course
- Institution
CompTIA CySA+ Practice Exam Graded A+
[Show more]
Content preview
CompTIA CySA+ Practice Exam Graded A+A bad actor bypasses authentication and reveals all records in a database through an
SQL injection. Implementation of which of the following would work BEST to prevent
similar attacks in - ANSWER-Strict input validation
A Chief Information Security Officer (CISO) is concerned developers have too much
visibility into customer data. Which of the following controls should be implemented to
BEST address these concerns? - ANSWER-Data masking
A Chief Information Security Officer (CISO) is concerned the development team, which
consists of contractors, has too much access to customer data. Developers use
personal workstations, giving the company little to no visibility into the development
activities.
Which of the following would be BEST to implement to alleviate the CISO's concern? -
ANSWER-NDA
A Chief Information Security Officer (CISO) wants to upgrade an organization's security
posture by improving proactive activities associated with attacks from internal and
external threats.
Which of the following is the MOST proactive tool or technique that feeds incident
response capabilities? - ANSWER-Development of a hypothesis as part of threat
hunting
A Chief Security Officer (CSO) is working on the communication requirements (or an
organization's incident response plan. In addition to technical response activities, which
of the following is the main reason why communication must be addressed in an
effective incident response program? - ANSWER-Improper communications can create
unnecessary complexity and delay response actions.
A company just chose a global software company based in Europe to implement a new
supply chain management solution. Which of the following would be the MAIN concern
of the company? - ANSWER-Violating national security policy
A company recently experienced a break-in whereby a number of hardware assets were
stolen through unauthorized access at the back of the building. Which of the following
would BEST prevent this type of theft from occurring in the future? - ANSWER-Motion
detection
A company wants to establish a threat-hunting team. Which of the following BEST
describes the rationale for integration intelligence into hunt operations? - ANSWER-It
enables the team to prioritize the focus area and tactics within the company's
environment.
,A company was recently awarded several large government contracts and wants to
determine its current risk from one specific APT. Which of the following threat modeling
methodologies would be the MOST appropriate to use during this analysis? - ANSWER-
Adversary capability
A company's Chief Information Security Officer (CISO) is concerned about the integrity
of some highly confidential files. Any changes to these files must be tied back to a
specific authorized user's activity
session. Which of the following is the BEST technique to address the CISO's concerns?
- ANSWER-Configure DLP to reject all changes to the files without pre-authorization.
Monitor the files for unauthorized changes.
A company's marketing emails are either being found in a spam folder or not being
delivered at all. The security analyst investigates the issue and discovers the emails in
question are being sent on behalf of the company by a third party
in1marketingpartners.com Below is the exiting SPP word:
v=spf1 a mx -all
Which of the following updates to the SPF record will work BEST to prevent the emails
from being marked
as spam or blocked? - ANSWER-Option D
v=spf1 a mx includemail.marketingpartners.com `all
A company's modem response team is handling a threat that was identified on the
network Security analysts have as at remote sites. Which of the following is the MOST
appropriate next step in the incident response plan? - ANSWER-Quarantine the web
server
A compliance officer of a large organization has reviewed the firm's vendor
management program but has discovered there are no controls defined to evaluate
third-party risk or hardware source authenticity. The compliance officer wants to gain
some level of assurance on a recurring basis regarding the implementation of controls
by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance
officer? (Choose two.) - ANSWER-Executing vendor compliance assessments against
the organization's security controls
Soliciting third-party audit reports on an annual basis
A contained section of a building is unable to connect to the Internet A security analyst.
A security analyst investigates me issue but does not see any connections to the
corporate web proxy However the
, analyst does notice a small spike in traffic to the Internet. The help desk technician
verifies all users are connected to the connect SSID. but there are two of the same
SSIDs listed in the network connections. Which of the following BEST describes what is
occurring? - ANSWER-Bandwidth consumption
A critical server was compromised by malware, and all functionality was lost. Backups
of this server were taken; however, management believes a logic bomb may have been
injected by a rootkit. Which of the following should a security analyst perform to restore
functionality quickly? - ANSWER-Stand up a new server and restore critical data from
backups
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on
a company's server. Which of the following is the FIRST step the analyst should take? -
ANSWER-Start packet capturing to look for traffic that could be indicative of command
and control from the miner.
A cybersecurity analyst has access to several threat feeds and wants to organize them
while simultaneously comparing intelligence against network traffic.
Which of the following would BEST accomplish this goal? - ANSWER-Automation and
orchestration
A cybersecurity analyst is contributing to a team hunt on an organization's endpoints.
Which of the following should the analyst do FIRST? - ANSWER-Establish a
hypothesis.
A cybersecurity analyst is currently checking a newly deployed server that has an
access control list applied. When conducting the scan, the analyst received the
following code snippet of results:
Which of the following describes the output of this scan? - ANSWER-The analyst has
discovered a True Positive, and the status code is correct providing a file not found error
message.
A cybersecurity analyst is dissecting an intrusion down to the specific techniques and
wants to organize them in a logical manner. Which of the following frameworks would
BEST apply in this situation? - ANSWER-MITRE ATT&CK
A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities The
type of vulnerability that should be disseminated FIRST is one that: - ANSWER-enables
remote code execution that is being exploited in the wild.
A cybersecurity analyst is responding to an incident. The company's leadership team
wants to attribute the incident to an attack group. Which of the following models would
BEST apply to the situation? - ANSWER-MITRE ATT&CK
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CLOUND. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
72349 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now