CYSA+ Practice Exam #1 question with complete solution 2022
12 keer bekeken 0 keer verkocht
Vak
CySA
Instelling
CySA
CYSA+ Practice Exam #1 question with complete solution 2022While reviewing network flow logs, John sees that network flow on a particular segment suddenly dropped to zero. What is the most likely cause of this?
A denial-of-service attack
A link failure
High bandwidth consumption
Beaconing
B....
cysa practice exam 1 question with complete solution 2022
while reviewing network flow logs
john sees that network flow on a particular segment suddenly dropped to zero what is the most likely caus
Geschreven voor
CySA
CySA
Verkoper
Volgen
BravelRadon
Ontvangen beoordelingen
Voorbeeld van de inhoud
CYSA+ Practice Exam #1 question with complete solution 2022
While reviewing network flow logs, John sees that network flow on a particular segment suddenly dropped to zero. What is the most likely cause of this? A denial-of-service attack A link failure High bandwidth consumption Beaconing - correct answer B. The sudden drop to zero is most likely to be an example
of link failure. A denial-of- service attack could result in this type of drop but is less likely
for most organizations. High bandwidth consumption and beaconing both show different
traffic patterns than shown in this example.
Charlotte is having a dispute with a co-worker over access to information contained in a database maintained by her co-worker's department. Charlotte insists that she needs the information to carry out her job responsibilities, while the co-worker insists that nobody outside the department is allowed to access the information. Charlotte does not agree that the other department should be able to make this decision, and Charlotte's supervisor agrees with her. What type of policy could Charlotte turn to for the most applicable guidance? Data classification policy Data retention policy Data ownership policy Acceptable use policy - correct answer C. This is fundamentally a dispute about data ownership. Charlotte's co-worker is asserting that her department owns the data in question, and Charlotte disagrees. While the other policies mentioned may have some relevant information, Charlotte should first turn to the data ownership policy to see whether it reinforces or undermines her co-worker's data ownership claim.
Frank is conducting the recovery process after his organization experienced a security incident. During that process, he plans to apply patches to all of the systems in his environment. Which one of the following should be his highest priority for patching? Windows systems Systems involved in the incident Linux systems Web servers - correct answer B. During an incident recovery effort, patching priority should be placed upon systems that were directly involved in the incident. This is one component of remediating known issues that were actively exploited.
Susan's organization suffered from a major breach that was attributed to an advanced persistent threat (APT) that used exploits of zero-day vulnerabilities to gain control of systems on her company's network. Which of the following is the least appropriate solution for Susan to recommend to help prevent future attacks of this type? Heuristic attack detection methods Signature-based attack detection methods Segmentation Leverage threat intelligence - correct answer B. Signature-based attack detection methods rely on knowing what an attack or malware looks like. Zero-day attacks are unlikely to have an existing signature, making them a poor choice to prevent them. Heuristic (behavior) detection methods can indicate compromises despite the lack of signatures for the specific exploit. Leveraging threat intelligence to understand new attacks and countermeasures is an important part of defense against zero-day attacks. Building a well-designed and segmented network can limit the impact of compromises or even prevent them.
During his investigation of a Windows system, Eric discovered that files were deleted and wants to determine whether a specific file previously existed on the computer. Which of the following is the least likely to be a potential location to discover evidence supporting that theory? Windows registry Master File Table INDX files Event logs - correct answer D. The Windows registry, Master File Tables, and INDX files all contain information about files, often including removed or deleted files. Event logs are far less likely to contain information about a specific file location.
As part of her duties as an SOC analyst, Emily is tasked with monitoring intrusion detection sensors that cover her employer's corporate headquarters network. During her
shift, Emily's IDS alarms report that a network scan has occurred from a system with IP address 10.0.11.19 on the organization's WPA2 enterprise wireless network aimed at systems in the finance division. What data source should she check first? Host firewall logs AD authentication logs Wireless authentication logs WAF logs - correct answer C. Since Emily's organization uses WPA2 enterprise, users must authenticate to use the wireless network. Associating the scan with an authenticated user will help incident responders identify the device that conducted the scan.
Casey's incident response process leads her to a production server that must stay online for her company's business to remain operational. What method should she use to capture the data she needs? Live image to an external drive. Live image to the system's primary drive. Take the system offline and image to an external drive. Take the system offline, install a write blocker on the system's primary drive, and then image it to an external drive. - correct answer A. Normally, forensic images are collected
from systems that are offline to ensure that a complete copy is made. In cases like this where keeping the system online is more important than the completeness of the forensic image, a live image to an external drive using a portable forensic tool such as FTK Imager Lite, dd, or similar is the correct choice.
During a routine upgrade, Maria inadvertently changes the permissions to a critical directory, causing an outage of her organization's RADIUS infrastructure. How should this threat be categorized using NIST's threat categories? Adversarial Accidental Structural Environmental - correct answer B. Accidental threats occur when individuals doing their
routine work mistakenly perform an action that undermines security. In this case, Maria's actions were an example of an accident that caused an availability issue.
What does the nmap response "filtered" mean in port scan results? nmap cannot tell whether the port is open or closed. A firewall was detected. An IPS was detected There is no application listening, but there may be one at any time. - correct answer A. When nmap returns a response of "filtered," it indicates that nmap cannot tell whether the port is open or closed. Filtered results are often the result of a firewall or other network device, but a response of filtered does not indicate that a firewall or IPS was detected. When nmap returns a "closed" result, it means that there is no application listening at that moment.
Darcy is the security administrator for a hospital that operates in the United States and is subject to the Health Insurance Portability and Accountability Act (HIPAA). She is designing a vulnerability scanning program for the hospital's data center that stores and processes electronic protected health information (ePHI). What is the minimum scanning frequency for this environment, assuming that the scan shows no critical vulnerabilities? Every 30 days Every 90 days Every 180 days No scanning is required. - correct answer D. Despite that vulnerability scanning is an important security control, HIPAA does not offer specific requirements for scanning
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper BravelRadon. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €12,90. Je zit daarna nergens aan vast.
