CompTIA CySA+ Certification exam ( 1 ) -

Welcome to your CompTIA CySA+ Certification exam ( 1 )

1-) A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch. Which of the following is the MOST appropriate threat classification for these incidents?

A. Known threat

B. Zero day

C. Unknown threat

D. Advanced persistent threat

2-) An organization's network administrator uncovered a rogue device on the network that is emulating the charactenstics of a switch. The device is trunking protocols and inserting tagging va the flow of traffic at the data link layer Which of the following BEST describes this attack?

A. VLAN hopping

B. Injection attack

C. Spoofing

D. DNS pharming

3-) A security analyst is required to stay current with the most recent threat data and intelligence reports. When gathering data, it is MOST important for the data to be:

A. proprietary and timely

B. proprietary and accurate

C. relevant and deep

D. relevant and accurate

4-) A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

A. detection and prevention capabilities to improve.

B. which systems were exploited more frequently.

C. possible evidence that is missing during forensic analysis.

D. which analysts require more training.

E. the time spent by analysts on each of the incidents.

5-) A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

A. Logs may contain incorrect information.

B. SAML logging is not supported for cloud-based authentication.

C. Access to logs may be delayed for some time.

D. Log data may be visible to other customers.

6-) A threat intelligence analyst has received multiple reports that are suspected to be about the same advanced persistent threat. To which of the following steps in the intelligence cycle would this map?

A. Dissemination

B. Analysis

C. Feedback

D. Requirements

E. Collection

7-) An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability. Which of the following would be the MOST appropriate to remediate the controller?

A. Segment the network to constrain access to administrative interfaces.

B. Replace the equipment that has third-party support.

C. Remove the legacy hardware from the network.

D. Install an IDS on the network between the switch and the legacy equipment.

😎 Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

A. Self-encrypting drive

B. Bus encryption

C. TPM

D. HSM

9-) Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

A. Reverse engineering

B. Fuzzing

C. Penetration testing

D. Network mapping

10-) A security analyst is reviewing the following log entries to identify anomalous activity:

Which of the following attack types is occurring?

A. Directory traversal

B. SQL injection

C. Buffer overflow

D. Cross-site scripting

11-) Massivelog log has grown to 40GB on a Windows server At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10.000 lines of the loq for review?

A. tail -10000 Massivelog.log > extract.txt

B. info tail n -10000 Massivelog.log | extract.txt;

C. get content ‘./Massivelog.log’ –Last 10000 | extract.txt

D. get-content ‘./Massivelog.log’ –Last 10000 > extract.txt;

12-) A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?

A. Public relations must receive information promptly in order to notify the community.

B. Improper communications can create unnecessary complexity and delay response actions.

C. Organizational personnel must only interact with trusted members of the law enforcement community.

D. Senior leadership should act as the only voice for the incident response team when working with forensics teams.

13-) Which of the following assessment methods should be used to analyze how specialized software performs during heavy loads?

A. Stress test

B. API compatibility lest

C. Code review

D. User acceptance test

E. Input validation

14-) An organization that uses SPF has been notified emails sent via its authorized third-party partner are getting rejected A security analyst reviews the DNS entry and sees the following: v=spf1 ip4:180.10.6.5 ip4:180.10.6.10 include:robustmail.com –all The organization's primary mail server IP is 180.10 6.6, and the secondary mail server IP is 180.10.6.5. The organization's third-party mail provider is "Robust Mail" with the domain name robustmail.com. Which of the following is the MOST likely reason for the rejected emails?

A. The wrong domain name is in the SPF record.

B. The primary and secondary email server IP addresses are out of sequence.

C. SPF version 1 does not support third-party providers

D. An incorrect IP version is being used.

15-) A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC: ../../../../bin/bash Which of the following commands can be used to determine if the string is present in the log?

A. echo access.log | grep "../../../../bin/bash"

B. grep "../../../../bin/bash" 1 cat access.log

C. grep "../../../. ./bin/bash" < access.log

D. cat access.log > grep "../../../ ../bin/bash"

16-) A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement

A. federated authentication

B. role-based access control.

C. manual account reviews

D. multifactor authentication.

17-) A security analyst is supporting an embedded software team. Which of the following is the BEST recommendation to ensure proper error handling at runtime?

A. Perform static code analysis.

B. Require application fuzzing.

C. Enforce input validation

D. Perform a code review

18-) A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

A. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report

B. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.

C. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate

D. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.

19-)An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

A. Root-cause analysis

B. Active response

C. Advanced antivirus

D. Information-sharing community

E. Threat hunting

20-) A security analyst needs to reduce the overall attack surface. Which of the following infrastructure changes should the analyst recommend?

A. Implement a honeypot.

B. Air gap sensitive systems.

C. Increase the network segmentation.

D. Implement a cloud-based architecture.

Please fill in the comment box below.

CompTIA CySA+ Certification exam ( 1 )

Leave a Reply Cancel reply