CompTIA CySA+ Certification exam (2) -

Welcome to your CompTIA CySA+ Certification exam (2)

1-) A security analyst is conceded that a third-party application may have access to user passwords during authentication. Which of the following protocols should the application use to alleviate the analyst's concern?

A. SAML

B. MFA

C. SHA-1

D. LADPS

2-) During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

A. An IPS signature modification for the specific IP addresses

B. An IDS signature modification for the specific IP addresses

C. A firewall rule that will block port 80 traffic

D. A firewall rule that will block traffic from the specific IP addresses

3-) A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository Which of the following will ensure the application is valid?

A. Ask the user to refresh the existing definition file for the antivirus software

B. Perform a malware scan on the file in the internal repository

C. Hash the application's installation file and compare it to the hash provided by the vendor

D. Remove the user's system from the network to avoid collateral contamination

4-) A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

A. Deidentification

B. Encoding

C. Encryption

D. Watermarking

5-) Which of the following sources would a security analyst rely on to provide relevant and timely threat information concerning the financial services industry?

A. Information sharing and analysis membership

B. Open-source intelligence, such as social media and blogs

C. Real-time and automated firewall rules subscriptions

D. Common vulnerability and exposure bulletins

6-) A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment Conditionally other processes will need to be created based on input from prior processes Which of the following is the BEST method for accomplishing this task?

A. Machine learning and process monitoring

B. API integration and data enrichment

C. Workflow orchestration and scripting

D. Continuous integration and configuration management

7-) A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution?

A. The use of infrastructure-as-code capabilities leads to an increased attack surface.

B. Patching the underlying application server becomes the responsibility of the client.

C. The application is unable to use encryption at the database level.

D. Insecure application programming interfaces can lead to data compromise.

😎 A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?

A. Create a full disk image of the server's hard drive to look for the file containing the malware.

B. Run a manual antivirus scan on the machine to look for known malicious software.

C. Take a memory snapshot of the machine to capture volatile information stored in memory.

D. Start packet capturing to look for traffic that could be indicative of command and control from the miner.

9-) A security analyst needs to obtain the footprint of the network. The footprint must identify the following information; • TCP and UDP services running on a targeted system • Types of operating systems and versions • Specific applications and versions Which of the following tools should the analyst use to obtain the data?

A. ZAP

B. Nmap

C. Prowler

D. Reaver

10-) Which of the following technologies can be used to store digital certificates and is typically used in high-security implementations where integrity is paramount?

A. HSM

B. eFuse

C. UEFI

D. Self-encrypting drive

11-) A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integration intelligence into hunt operations?

A. It enables the team to prioritize the focus area and tactics within the company’s environment.

B. It provide critically analyses for key enterprise servers and services.

C. It allow analysis to receive updates on newly discovered software vulnerabilities.

D. It supports rapid response and recovery during and followed an incident.

12-) A large insurance company wants to outsource its claim-handling operations to an overseas third-party organization Which of the following would BEST help to reduce the chance of highly sensitive data leaking?

A. Configure a VPN between the third party organization and the internal company network

B. Set up a VDI that the third party must use to interact with company systems.

C. Use MFA to protect confidential company information from being leaked.

D. Implement NAC to ensure connecting systems have malware protection

E. Create jump boxes that are used by the third-party organization so it does not connect directly.

13-) A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:

A. DLP procedures.

B. logging and monitoring capabilities.

C. data protection capabilities.

D. SLA for system uptime.

14-) A contained section of a building is unable to connect to the Internet A security analyst. A security analyst investigates me issue but does not see any connections to the corporate web proxy However the analyst does notice a small spike in traffic to the Internet. The help desk technician verifies all users are connected to the connect SSID. but there are two of the same SSIDs listed in the network connections. Which of the following BEST describes what is occurring?

A. Bandwidth consumption

B. Denial of service

C. Beaconing

D. Rogue device on the network

15-) Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient. Which of the following controls would have MOST likely prevented this incident?

A. SSO

B. DLP

C. WAF

D. VDI

16-) A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

A. Apply the required patches to remediate the vulnerability.

B. Escalate the incident to senior management for guidance.

C. Disable all privileged user accounts on the network.

D. Temporarily block the attacking IP address.

17-) A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company's internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems: • Existence of a new and unexpected svchost exe process • Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred • DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain If this situation remains unresolved, which of the following will MOST likely occur?

A. The affected hosts may participate in a coordinated DDoS attack upon command

B. An adversary may leverage the affected hosts to reconfigure the company's router ACLs.

C. Key files on the affected hosts may become encrypted and require ransom payment for unlock.

D. The adversary may attempt to perform a man-in-the-middle attack.

18-) A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports. Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access?

A. Apply a firewall application server rule.

B. Whitelist the application server.

C. Sandbox the application server.

D. Enable port security.

E. Block the unauthorized networks.

19-) A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources. Which of the following BEST describes this attack?

A. Injection attack

B. Memory corruption

C. Denial of service

D. Array attack

20-) Employees of a large financial company are continuously being Infected by strands of malware that are not detected by EDR tools. When of the following Is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?

A. MFA on the workstations

B. Additional host firewall rules

C. VDI environment

D. Hard drive encryption

E. Network access control

F. Network segmentation

Please fill in the comment box below.

CompTIA CySA+ Certification exam (2)

Leave a Reply Cancel reply