CompTIA CySA+ Certification exam ( 4 ) -

Welcome to your CompTIA CySA+ Certification exam ( 4 )

1-) A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation rec

A. Implement parameterized queries.

B. Use effective authentication and authorization methods.

C. Validate all incoming data.

D. Use TLs for all data exchanges.

2-) Which of the following MOST accurately describes an HSM?

A. An HSM is a low-cost solution for encryption.

B. An HSM can be networked based or a removable USB

C. An HSM is slower at encrypting than software

D. An HSM is explicitly used for MFA

3-) A Chief Executive Officer (CEO) is concerned about the company’s intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm. Which of the following courses of action is appropriate?

A. Limit all access to the sensitive data based on geographic access requirements with strict role-based access controls.

B. Enable data masking and reencrypt the data sets using AES-256.

C. Ensure the data is correctly classified and labeled, and that DLP rules are appropriate to prevent disclosure.

D. Use data tokenization on sensitive fields, reencrypt the data sets using AES-256, and then create an MD5 hash.

4-) Which of the following types of policies is used to regulate data storage on the network?

A. Password

B. Acceptable use

C. Account management

D. Retention

5-) A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)

A. Probability

B. Adversary capability

C. Attack vector

D. Impact

E. Classification

F. Indicators of compromise

6-) A company wants to reduce the cost of deploying servers to support increased network growth. The company is currently unable to keep up with the demand, so it wants to outsource the infrastructure to a cloud-based solution. Which of the following is the GREATEST threat for the company to consider when outsourcing its infrastructure?

A. The cloud service provider is unable to provide sufficient logging and monitoring.

B. The cloud service provider is unable to issue sufficient documentation for configurations.

C. The cloud service provider conducts a system backup each weekend and once a week during peak business times.

D. The cloud service provider has an SLA for system uptime that is lower than 99 9%.

7-) Which of the following BEST describes the primary role ol a risk assessment as it relates to compliance with risk-based frameworks?

A. It demonstrates the organization's mitigation of risks associated with internal threats.

B. It serves as the basis for control selection.

C. It prescribes technical control requirements.

D. It is an input to the business impact assessment.

😎 A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation. Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

A. Reverse engineering

B. Dynamic analysis

C. Strings extraction

D. Static analysis

9-) A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?

A. Review the firewall logs.

B. Review syslogs from critical servers.

C. Perform fuzzing.

D. Install a WAF in front of the application server.

10-) A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely expiated?

A. Insider threat

B. Buffer overflow

C. Advanced persistent threat

D. Zero day

11-) An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?

A. Software-based drive encryption

B. Hardware security module

C. Unified Extensible Firmware Interface

D. Trusted execution environment

12-) An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds. Which of the following can be inferred from this activity?

A. 10.200.2.0/24 is infected with ransomware.

B. 10.200.2.0/24 is not routable address space.

C. 10.200.2.5 is a rogue endpoint.

D. 10.200.2.5 is exfiltrating datA.

13-) Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

A. Configuring a firewall to block traffic on ports that use ActiveX controls

B. Adjusting the web-browser settings to block ActiveX controls

C. Installing network-based IPS to block malicious ActiveX code

D. Deploying HIPS to block malicious ActiveX code

14-) Which of the following data security controls would work BEST to prevent real Pll from being used in an organization's test cloud environment?

A. Digital rights management

B. Encryption

C. Access control

D. Data loss prevention

E. Data masking

15-) A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named webserverlist.xml. The host list is provided in a file named webserverlist.txt. Which of the following Nmap commands would BEST accomplish this goal?

A. nmap -iL webserverlist.txt -sC -p 443 -oX webserverlist.xml

B. nmap -iL webserverlist.txt -sV -p 443 -oX webserverlist.xml

C. nmap -iL webserverlist.txt -F -p 443 -oX webserverlist.xml

D. nmap --takefile webserverlist.txt --outputfileasXML webserverlist.xml –scanports 443

16-) When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

A. nmap –sA –O -noping

B. nmap –sT –O -P0

C. nmap –sS –O -P0

D. nmap –sQ –O -P0

17-) To prioritize the morning's work, an analyst is reviewing security alerts that have not yet been investigated. Which of the following assets should be investigated FIRST?

A. The workstation of a developer who is installing software on a web server

B. A new test web server that is in the process of initial installation

C. The laptop of the vice president that is on the corporate LAN

D. An accounting supervisor's laptop that is connected to the VPN

18-) Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections?

A. Compatibility mode

B. Secure boot mode

C. Native mode

D. Fast boot mode

19-) While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it. Which of the following is the BEST solution for the security analyst to implement?

A. Block the domain IP at the firewall.

B. Blacklist the new subnet

C. Create an IPS rule.

D. Apply network access control.

20-) A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

A. $75.000

B. $300.000

C. $1.425 million

D. $1.5 million

CompTIA CySA+ Certification exam ( 4 )

Leave a Reply Cancel reply