CYSA+ Practice Exam #1 question with complete solution 2022
14 views 0 purchase
Module
CySA
Institution
CySA
CYSA+ Practice Exam #1 question with complete solution 2022While reviewing network flow logs, John sees that network flow on a particular segment suddenly dropped to zero. What is the most likely cause of this?
A denial-of-service attack
A link failure
High bandwidth consumption
Beaconing
B....
cysa practice exam 1 question with complete solution 2022
while reviewing network flow logs
john sees that network flow on a particular segment suddenly dropped to zero what is the most likely caus
Written for
CySA
CySA
Seller
Follow
BravelRadon
Reviews received
Content preview
CYSA+ Practice Exam #1 question with complete solution 2022
While reviewing network flow logs, John sees that network flow on a particular segment suddenly dropped to zero. What is the most likely cause of this? A denial-of-service attack A link failure High bandwidth consumption Beaconing - correct answer B. The sudden drop to zero is most likely to be an example
of link failure. A denial-of- service attack could result in this type of drop but is less likely
for most organizations. High bandwidth consumption and beaconing both show different
traffic patterns than shown in this example.
Charlotte is having a dispute with a co-worker over access to information contained in a database maintained by her co-worker's department. Charlotte insists that she needs the information to carry out her job responsibilities, while the co-worker insists that nobody outside the department is allowed to access the information. Charlotte does not agree that the other department should be able to make this decision, and Charlotte's supervisor agrees with her. What type of policy could Charlotte turn to for the most applicable guidance? Data classification policy Data retention policy Data ownership policy Acceptable use policy - correct answer C. This is fundamentally a dispute about data ownership. Charlotte's co-worker is asserting that her department owns the data in question, and Charlotte disagrees. While the other policies mentioned may have some relevant information, Charlotte should first turn to the data ownership policy to see whether it reinforces or undermines her co-worker's data ownership claim.
Frank is conducting the recovery process after his organization experienced a security incident. During that process, he plans to apply patches to all of the systems in his environment. Which one of the following should be his highest priority for patching? Windows systems Systems involved in the incident Linux systems Web servers - correct answer B. During an incident recovery effort, patching priority should be placed upon systems that were directly involved in the incident. This is one component of remediating known issues that were actively exploited.
Susan's organization suffered from a major breach that was attributed to an advanced persistent threat (APT) that used exploits of zero-day vulnerabilities to gain control of systems on her company's network. Which of the following is the least appropriate solution for Susan to recommend to help prevent future attacks of this type? Heuristic attack detection methods Signature-based attack detection methods Segmentation Leverage threat intelligence - correct answer B. Signature-based attack detection methods rely on knowing what an attack or malware looks like. Zero-day attacks are unlikely to have an existing signature, making them a poor choice to prevent them. Heuristic (behavior) detection methods can indicate compromises despite the lack of signatures for the specific exploit. Leveraging threat intelligence to understand new attacks and countermeasures is an important part of defense against zero-day attacks. Building a well-designed and segmented network can limit the impact of compromises or even prevent them.
During his investigation of a Windows system, Eric discovered that files were deleted and wants to determine whether a specific file previously existed on the computer. Which of the following is the least likely to be a potential location to discover evidence supporting that theory? Windows registry Master File Table INDX files Event logs - correct answer D. The Windows registry, Master File Tables, and INDX files all contain information about files, often including removed or deleted files. Event logs are far less likely to contain information about a specific file location.
As part of her duties as an SOC analyst, Emily is tasked with monitoring intrusion detection sensors that cover her employer's corporate headquarters network. During her
shift, Emily's IDS alarms report that a network scan has occurred from a system with IP address 10.0.11.19 on the organization's WPA2 enterprise wireless network aimed at systems in the finance division. What data source should she check first? Host firewall logs AD authentication logs Wireless authentication logs WAF logs - correct answer C. Since Emily's organization uses WPA2 enterprise, users must authenticate to use the wireless network. Associating the scan with an authenticated user will help incident responders identify the device that conducted the scan.
Casey's incident response process leads her to a production server that must stay online for her company's business to remain operational. What method should she use to capture the data she needs? Live image to an external drive. Live image to the system's primary drive. Take the system offline and image to an external drive. Take the system offline, install a write blocker on the system's primary drive, and then image it to an external drive. - correct answer A. Normally, forensic images are collected
from systems that are offline to ensure that a complete copy is made. In cases like this where keeping the system online is more important than the completeness of the forensic image, a live image to an external drive using a portable forensic tool such as FTK Imager Lite, dd, or similar is the correct choice.
During a routine upgrade, Maria inadvertently changes the permissions to a critical directory, causing an outage of her organization's RADIUS infrastructure. How should this threat be categorized using NIST's threat categories? Adversarial Accidental Structural Environmental - correct answer B. Accidental threats occur when individuals doing their
routine work mistakenly perform an action that undermines security. In this case, Maria's actions were an example of an accident that caused an availability issue.
What does the nmap response "filtered" mean in port scan results? nmap cannot tell whether the port is open or closed. A firewall was detected. An IPS was detected There is no application listening, but there may be one at any time. - correct answer A. When nmap returns a response of "filtered," it indicates that nmap cannot tell whether the port is open or closed. Filtered results are often the result of a firewall or other network device, but a response of filtered does not indicate that a firewall or IPS was detected. When nmap returns a "closed" result, it means that there is no application listening at that moment.
Darcy is the security administrator for a hospital that operates in the United States and is subject to the Health Insurance Portability and Accountability Act (HIPAA). She is designing a vulnerability scanning program for the hospital's data center that stores and processes electronic protected health information (ePHI). What is the minimum scanning frequency for this environment, assuming that the scan shows no critical vulnerabilities? Every 30 days Every 90 days Every 180 days No scanning is required. - correct answer D. Despite that vulnerability scanning is an important security control, HIPAA does not offer specific requirements for scanning
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BravelRadon. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £11.16. You're not tied to anything after your purchase.