CYSA Test QUESTIONS
AND 100% VERIFIED
SOLUTIONS
Stephanie believes that her computer had been compromised because her computer
suddenly slows down and often freezes up. Worried her computer was infected with
malware, she immediately unplugged the network and power cables from her computer....
CYSA Test QUESTIONS AND 100% VERIFIED SOLUTIONS Stephanie believes that her computer had been compromised because her computer suddenly slows down and often freez es up. Worried her computer was infected with malware, she immediately unplugged the network and power cables from her computer. Per the company procedures, she contacts the help desk, fills out the appropriate forms, and is sent to a cybersecurity analyst for further analysis. The analyst was not able to confirm or deny the presence of possible malware on her computer. Which of the following should have been performed during the incident response preparation phase to prevent this issue? - ANSWER Train use rs not to unplug their computer if an incident has ocurred. The issue presented in this scenario is that Stephanie unplugged the computer before anyone had a chance to investigate it. During the preparation phase of the incident response process, the compa ny should train its users on what to do in an anomaly or suspected malware intrusion. Many years ago, it was commonly assumed that unplugging the computer is the best thing to do when a system is suspected to be infected with malware. This is no longer tru e because many malware types are installed when the computer is running, but when you power off and reboot the machine, they can encrypt the hard drive, infect the boot sector, or corrupt the operating system. Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest's wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement? - ANSWER Sponsored authenti cation of guest wireless devices requires a guest user to provide valid identification when registering their wireless device for use on the network. This requires that an employee validates the guest's need for access, known as sponsoring the guest. While setting a strong password or using 802.1x are good security practices, these alone do not meet the question's sponsorship requirement. An open authentication standard only requires that the guest know the Service -Set Identifier (SSID) to gain access to th e network. Therefore, this does not meet the sponsorship requirement. You are reviewing the latest list of important web application security controls published by OWASP. Which of these items is LEAST likely to appear on that list? - ANSWER Obscure web i nterface locations; The least likely option to appear in the list is to obscure web interface locations. This recommendation is based on security through obscurity and is not considered a good security practice. The other options are all considered best pr actices in designing web application security controls and creating software assurance in our programs. What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes? - ANSWER Clear applies logical techniques to sanitize data in all user -addressable storage locations for protection against simple non -invasive data recovery techniques. Clearing involves overwriting data once (and seldom more than three times) with repetitiv e data (such as all zeros) or resetting a device to factory settings. Which of the following would NOT be useful in defending against a zero -day threat? - ANSWER Patching; While patching is a great way to combat threats and protect your systems, it is no t effective against zero -day threats. By definition, a zero -day threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. Which of the following options places th e correct phases of the Software Development Lifecycle's waterfall method in the correct order? - ANSWER The waterfall method moves through seven phases: planning, requirements, design, implementation, testing, deployment, and maintenance. Which of the f ollowing will an adversary do during the delivery phase of the Lockheed Martin kill chain? - ANSWER 1. Direct action against public facing servers 2. Deliberate social media interactions with the targets personnel 3. Release of malicious email -- During t he delivery phase, the adversary is firing whatever exploits they have prepared during the weaponization phase. Which of the following is NOT a host -related indicator of compromise? - ANSWER Beaconing is considered a network -related indicator of compromi se -- Memory consumption, processor consumption, and drive capacity consumption are all classified as host -related indicators of compromise. A cybersecurity analyst just finished conducting an initial vulnerability scan and is reviewing their results. To avoid wasting time on results that are not really a vulnerability, the analyst wants to remove any false positives before remediating the findings. Which of the following is an indicator that something in their results would be a false positive? - ANSWER OBJ-1.3: When conducting a vulnerability scan, it is common for the report to include some findings that are classified as "low" priority or "for informational purposes only." These are most likely false positives and can be ignored by the analyst when sta rting their remediation efforts. You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization's normal business operations? - ANSWER A honeypot is a host set up to lure attackers away from the actual network components and/or discover attack strategies and weaknesses in the security configuration. You are a cybersecurity analyst and your company has just enabled key -based authentication on its SSH server. Review the following log file: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BEGIN LOG ------------- Sep 09 13:15:24 diontraining sshd[3423]: Faile d password for root from 192.168.3.2 port 45273 ssh2 Sep 09 15:43:15 diontraining sshd[3542]: Failed password for root from 192.168.2.24 port 43543 ssh2 Sep 09 15:43:24 diontraining sshd[3544]: Failed password for jdion from 192.168.2.24 port 43589 ssh2 Se p 09 15:43:31 diontraining sshd[3546]: Failed password for tmartinez from 192.168.2.24 port 43619 ssh2Sep 09 15:43:31 diontraining sshd[3546]: Failed password for jdion from 192.168.2.24 port 43631 ssh2 Sep 09 15:43:37 diontraining sshd[3548]: Failed passw ord for root from 192.168.2.24 port 43657 ssh2 ------------- END LOG -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Which of the following actions should be performed to secure the SSH server? - ANSWER It is common for attackers to log in remotely using the ssh service and the root or other user accounts. The best way to protect your server is to disable password authentication over ssh. Since your company just enabled key -based authentication on the SSH server, all legitimate users should be logging in using their RSA key pair on their client machines, not usernames and passwords. An organization utilizes a BYOD policy with its employees. This allows the employees to store sensitive corporate data on their personally owned devices. Which of the followin g occurred if an employee accidentally left their device in the back of a taxi? - ANSWER Failed Deperimeterization Management; Deperimeterization is a strategy for protecting a company's data on multiple levels using encryption and dynamic data -level authentication. Which one of the following is an open -source forensic tool suite? - ANSWER The SIFT (SANS investigative forensics toolkit) Workstation is a group of free, open -source incident response and forensic tools designed to perform detailed digital f orensic examinations in various settings. Which of the following lists the UEFI boot phases in the proper order? - ANSWER Security, Pre -EFI Initialization, Driver Execution Environment, Boot Device Select, Transient System Load, Runtime An organization wants to choose an authentication protocol that can be used over an insecure network without implementing additional encryption services. Which of the following protocols should they choose? - ANSWER The Kerberos protocol is designed
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller smartscoress. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
