Cysa+ Quiz reviews
file2cable i eth0 -f file.pcap - ANS-The analyst is attempting to use a protocol analyzer to
monitor network traffic.
Fuzzing testing - ANS-software testing technique that involves providing invalid, unexpected, or
random data as inputs to a computer program.
A security analyst is attempting to configure a vulnerability scan for a new segment on the
network. Given the requirement to prevent credentials from traversing the network while still
conducting a credentialed scan, which of the following is the BEST choice? - ANS-Install agents
on the endpoints to perform the scan
Nmap cpe:/o - ANS-information about OS
SSLv2 attack - ANS-Poodle
Shellshock attack - ANS-bash based attack
Heartbleed - ANS-attack on OPENSSL implementation / install patch
directory traversal attack - ANS-an attack that involves navigating to other directories an gaining
access to files and directories that would otherwise be restricted
#116 Exfiltration attack - ANS-HTTP POST (without initial GET)
DNS
FTP with encryption
#122 - ANS-ACL
multiple volumetric DoS attacks - ANS-ISP needs to filter incoming RFC1918 traffic be dropped.
#129 DLP - ANS-
#130 Acquiring compromised asset - ANS-perform evidence acquisiti
#138 hping3 flags - ANS-Flags
Win
#140 Reducing false positive scans - ANS-Authenticated vulnerability scans
#147 Beacon detection firewall - ANS-Comprmised host contacting cnc
, #154 Virtualization single point of failure - ANS-server consolidation
#157 SNMP UDP 161, 162, 163 - ANS-Update and patch service
#158 indetify critical threats and vulnerabilities during workhours - ANS-vulnerability scans
frequency that does not interrupt workflow
# perfect forward secrecy vulnerability - ANS-VPN Concentrator
#169 Malware spreading - ANS-Isolation
#183 Shared drive/ keys - ANS-MITM - private keys
Windows host / virtual OS - ANS-ping of death
#186 USB access to PC - ANS-Bluetooth attacks on registry and snarfing
#192- Greatest impact on data retention policy - ANS-Technology used
#193 PCI compliance - ANS-Quarterly
#194 Bootkit-level infections - ANS-Remove local admin privileges
NMAP flags - ANS--sS TCP SYN
-sT TCP connect
-sU UDP Connect
-sF TCP FIN connect
RDP port - ANS-TCP 3389
#202 Suspected behavior - ANS-Scan and remove
#205 multiple login attempts logs - ANS-Limit unsuccessful login attempts
#207 Highest regulatory constraints on data - ANS-PCI
#208 - indicator of false positive - ANS-Any items labeled low are considered informational only.
#211 VPN, SSH, and HTTPS vulnerability - ANS-weak level of encryption
#215 Looking for software version - ANS-nmap -A
ver
file2cable i eth0 -f file.pcap - ANS-The analyst is attempting to use a protocol analyzer to
monitor network traffic.
Fuzzing testing - ANS-software testing technique that involves providing invalid, unexpected, or
random data as inputs to a computer program.
A security analyst is attempting to configure a vulnerability scan for a new segment on the
network. Given the requirement to prevent credentials from traversing the network while still
conducting a credentialed scan, which of the following is the BEST choice? - ANS-Install agents
on the endpoints to perform the scan
Nmap cpe:/o - ANS-information about OS
SSLv2 attack - ANS-Poodle
Shellshock attack - ANS-bash based attack
Heartbleed - ANS-attack on OPENSSL implementation / install patch
directory traversal attack - ANS-an attack that involves navigating to other directories an gaining
access to files and directories that would otherwise be restricted
#116 Exfiltration attack - ANS-HTTP POST (without initial GET)
DNS
FTP with encryption
#122 - ANS-ACL
multiple volumetric DoS attacks - ANS-ISP needs to filter incoming RFC1918 traffic be dropped.
#129 DLP - ANS-
#130 Acquiring compromised asset - ANS-perform evidence acquisiti
#138 hping3 flags - ANS-Flags
Win
#140 Reducing false positive scans - ANS-Authenticated vulnerability scans
#147 Beacon detection firewall - ANS-Comprmised host contacting cnc
, #154 Virtualization single point of failure - ANS-server consolidation
#157 SNMP UDP 161, 162, 163 - ANS-Update and patch service
#158 indetify critical threats and vulnerabilities during workhours - ANS-vulnerability scans
frequency that does not interrupt workflow
# perfect forward secrecy vulnerability - ANS-VPN Concentrator
#169 Malware spreading - ANS-Isolation
#183 Shared drive/ keys - ANS-MITM - private keys
Windows host / virtual OS - ANS-ping of death
#186 USB access to PC - ANS-Bluetooth attacks on registry and snarfing
#192- Greatest impact on data retention policy - ANS-Technology used
#193 PCI compliance - ANS-Quarterly
#194 Bootkit-level infections - ANS-Remove local admin privileges
NMAP flags - ANS--sS TCP SYN
-sT TCP connect
-sU UDP Connect
-sF TCP FIN connect
RDP port - ANS-TCP 3389
#202 Suspected behavior - ANS-Scan and remove
#205 multiple login attempts logs - ANS-Limit unsuccessful login attempts
#207 Highest regulatory constraints on data - ANS-PCI
#208 - indicator of false positive - ANS-Any items labeled low are considered informational only.
#211 VPN, SSH, and HTTPS vulnerability - ANS-weak level of encryption
#215 Looking for software version - ANS-nmap -A
ver
