100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CYSA-003 Questions with solutions 100% solved $24.99   Add to cart

Exam (elaborations)

CYSA-003 Questions with solutions 100% solved

 11 views  0 purchase
  • Course
  • CYSA+
  • Institution
  • CYSA+

CYSA-003 Questions with solutions 100% solved A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be ...

[Show more]

Preview 4 out of 45  pages

  • September 23, 2024
  • 45
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CYSA+
  • CYSA+
avatar-seller
UpperClass
CYSA-003 Questions with solutions 100%
solved

A recent zero-day vulnerability is being actively exploited, requires no user interaction or

privilege escalation, and has a significant impact to confidentiality and integrity but not to

availability. Which of the following CVE metrics would be most accurate for this zero-day

threat?




A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L

B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H

D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H

CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L




Which of the following tools would work best to prevent the exposure of PII outside of an

organization?




A. PAM

B. IDS

C. PKI


D. DLP DLP

, CYSA-003 Questions with solutions 100%
solved

An organization conducted a web application vulnerability assessment against the corporate

website, and the following output was observed:(Cross Domain Misconfiguration) Which of the

following tuning recommendations should the security analyst share?




A. Set an HttpOnly flag to force communication by HTTPS

B. Block requests without an X-Frame-Options header

C. Configure an Access-Control-Allow-Origin header to authorized domains


D. Disable the cross-origin resource sharing header Configure an Access-Control-Allow-

Origin header to authorized domains




Which of the following items should be included in a vulnerability scan report? (Choose two.)




A. Lessons learned

B. Service-level agreement

C. Playbook

D. Affected hosts

E. Risk score

, CYSA-003 Questions with solutions 100%
solved
F. Education plan Affected hosts and Risk score




The Chief Executive Officer of an organization recently heard that exploitation of new attacks in

the industry was happening approximately 45 days after a patch was released. Which of the

following would best protect this organization?




A. A mean time to remediate of 30 days

B. A mean time to detect of 45 days

C. A mean time to respond of 15 days


D. Third-party application testing A mean time to remediate of 30 days




A security analyst recently joined the team and is trying to determine which scripting language is

being used in a production script to determine if it is malicious. Given the following script:

(foreach ($user in Get-Content .\this.txt)

Add-Which of the following scripting languages was used in the script?




A. PowerShell

B. Ruby

, CYSA-003 Questions with solutions 100%
solved
C. Python


D. Shell script PowerShell




A company's user accounts have been compromised. Users are also reporting that the company's

internal portal is sometimes only accessible through HTTP, other times; it is accessible through

HTTPS. Which of the following most likely describes the observed activity?




A. There is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS

access

B. An on-path attack is being performed by someone with internal access that forces users into

port 80

C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to

port 80

D. An error was caused by BGP due to new rules applied over the company's internal routers


Reveal Solution Discussion 4 An on-path attack is being performed by someone with

internal access that forces users into port 80




A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant

company security policies are shown below:

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller UpperClass. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $24.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

80202 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$24.99
  • (0)
  Add to cart