CySA+ Back to exams page. Take our CompTIA CySA+ course here. Check out our labs book on Amazon. 1. A security analyst is analyzing systems on his network for known indicators of compromise. What term best describes the work he is performing?Threat huntingVulnerability scanningIntrusion preventionData miningQuestion 1 of 50 2. Which one of the following controls may be used to attract the attention of intruders who gain access to a network segment so that they are distracted from high-value targets and may be monitored?MACHoneypotIntrusion Prevention SystemRogue APQuestion 2 of 50 3. A network analyst needs to give IT staff members remote access to the company's internal systems through the DMZ. What type of system should this professional place in the DMZ to accommodate these members' needs?Jump boxHypervisorHoneypotIDSQuestion 3 of 50 4. Josh is configuring the host firewall on a web server that allows both encrypted and unencrypted web connections. It also must allow SSH access for users to securely drop off files. Which one of the following ports should NOT be open on the host firewall?212280443Question 4 of 50 5. Will's company is implementing a new cloud service. They are configuring the operating system on a server built in the cloud provider's environment. What cloud service model is in use?PaaSFaaSSaaSIaaSQuestion 5 of 50 6. Dropbox is an example of a cloud service named Question 6 of 50 7. Amazon EWS EC2 is an example of a cloud service called Question 7 of 50 8. Huroku is an example of a cloud service called Question 8 of 50 9. A security analyst has been asked to secure the wired network that is normally a suite of offices that will be temporarily used by a visiting team from another company. If this professional wants to continue to allow members of his team to use the jacks, what technical means can he use to do this while also verifying the security posture of the systems that connect?MAC filteringFirewallNACNIDSQuestion 9 of 50 10. What type of firewall is able to incorporate contextual information about the user and application when making permit/deny decisions?Perimeter firewallStateful inspection firewallNext Generation FirewallPacket filterQuestion 10 of 50 11. Which team is responsible for securing the targeted environment during a network attack simulation?RedWhiteBlackBlueQuestion 11 of 50 12. Which team is responsible for attacking the targeted environment during a network attack simulation?RedWhiteBlackBlueQuestion 12 of 50 13. An attacker was able to breach company ABC's security resources and steal a file. According to the triad of information security, the basic security concept that has been violated is Question 13 of 50 14. _________________ is not an incident response activity to take place during the eradication phase.SegmentationSanitizationRe-imagingDisposalQuestion 14 of 50 15. Companies that deal with credit card transactions must be __________________ compliant.HIPAAPCI/DSSFERPASOXQuestion 15 of 50 16. Companies/organizations that deal with sensitive users' health information must be __________________ compliant.HIPAAPCI/DSSFERPASOXQuestion 16 of 50 17. Educational institutions such as schools and universities deal with sensitive student data, therefore they must be __________________ compliant.HIPAAPCI/DSSFERPASOXQuestion 17 of 50 18. This activity is not part of the attacking phase in a penetration test.System browsingPrivilege escalationGaining accessReconnaissanceQuestion 18 of 50 19. This activity is deployed during the information gathering phase.System browsingPrivilege escalationGaining accessReconnaissanceQuestion 19 of 50 20. Security analyst Josh is evaluating the risk to his organization from APT attackers. He assesses the likelihood of this risk as medium and the impact as high. How would this risk be categorized?No riskLow riskMedium riskHigh riskQuestion 20 of 50 21. A security system that is capable of detecting AND blocking anomalies is called a(n) Question 21 of 50 22. Marie, a security administrator, was assigned to scan the company's network in order to identify possible vulnerabilities. Which tool could she use?NessuspingnmaphpingQuestion 22 of 50 23. Now, Marie has another assignment: test whether the company's public web server can handle a number of simultaneous requests. Which tool can she use?NessuspinghpingnmapQuestion 23 of 50 24. It's been brought to the network analyst's attention that sales representatives are not able to connect to the company's database from the public network. After some debugging, Kyle determines that there is an issue with a node within the path between those sales representatives the database server. Which tool can Kyle use to try to identify such node?NessustraceroutepingnmapQuestion 24 of 50 25. Vulnerability scanners are very powerful, however they also generate too much traffic and can issue alarms. A more silent way of gathering info of targets is using port scanners. Which of the following tools is recommended and broadly adopted to run passive port scans?NessusTraceroutenmaphpingQuestion 25 of 50 26. The most traditional implementation of anomaly detection is characterized by ____________________ analysis.trendsignaturebehaviornext-generationQuestion 26 of 50 27. Wireshark is classified as a(n) ________________ tool.sniffingvulnerability scannerport scannerinformation gatheringQuestion 27 of 50 28. OllyDBG and GNU debugger (GDB) are examples of tools that can be used to implement __________________________.reverse engineeringpacket capturinghost intrusion detectionnetwork intrusion detectionQuestion 28 of 50 29. Tripwire is an example of a tool that can be used to implement __________________________.reverse engineeringpacket capturinghost intrusion detectionnetwork intrusion detectionQuestion 29 of 50 30. Abby is analyzing a system that is experiencing abnormal behavior. She would like a list of the open network connections on that system. Which one of the following tools would be helpful in this scenario?psnmaptopnetstatQuestion 30 of 50 31. Imaging live systems should be avoided due to several reasons, except:The forensic tool could modify the drive.The process could modify the drive content.Unallocated spaces are not included.backing up memory content is more difficult.Question 31 of 50 32. Harry suspects that one of the company's Linux servers is running a bit slower than usual. Therefore, he decides to take a look at the list of processes. He does such by running ' aux'. Question 32 of 50 33. The 'ps' Linux command supports several options/switches. But users generally use the '' option because it displays all processes attached or not to a terminal belonging to any user. Question 33 of 50 34. After running a portscan, Mike sees that one of the company's server has port 22 open. The protocol that is most likely associated with that port is . Question 34 of 50 35. Company Umbrella Inc decided to migrate their HTTP website to HTTPS. That means that after migration, their web server will listen to port instead of Question 35 of 50 36. SQL injection is a common and diverse type of attack. One way to reduce the chances of such risk is to implement/deploy:Firewall rulesInput validationFalse services through honeypotan antivirusQuestion 36 of 50 37. What component of a virtualized infrastructure is responsible for ensuring that software running on one virtualized system does not receive access to areas of memory that are reserved for use by another virtualized system?Virtual guestVirtual hostPhysical hardwareHypervisorQuestion 37 of 50 38. HTTPS certificates must be issued by a Certificate . Question 38 of 50 39. is the industry-standard network management protocol. Question 39 of 50 40. The industry-standard network management protocol uses as its transport protocol. Question 40 of 50 41. A vulnerability scan reported a blind SQL injection vulnerability that was later on determined to be an impossible attack. This characterizes a false . Question 41 of 50 42. What type of term describes review of code by running it?Static code analysisDynamic code analysisreverse engineeringRuntime inspectionQuestion 42 of 50 43. These two regulatory schemes require vulnerability scans:FISMA and PCI/DSSPCI/DSS and HIPAAHIPAA and GLBAGLBA and FISMAQuestion 43 of 50 44. compliance requires federal agencies to implement information security plans to protect sensitive data. Question 44 of 50 45. Bill cybersecurity manager for a federal government agency subject to FISMA. He is evaluating the potential confidentiality impact of a system and decides that the unauthorized disclosure of information stored on the system could have a serious adverse impact on citizens served by his agency. How should Bill rate the confidentiality impact?LowModerateHighCriticalQuestion 45 of 50 46. Most vulnerability scanners allow admins to use credentials for specific softwares for maximum effectiveness. This type of scanning is called:authorized scanningauthenticated scanningcredentialed scanningadmin scanningQuestion 46 of 50 47. The vulnerability management lifecycle is composed of detection, remediation and:assessmentscanningpatchingtestingQuestion 47 of 50 48. The standard nomenclature used to describe security-related software flaws is called:CPECVECVSSSOXQuestion 48 of 50 49. The scoring standard nomenclature used to grade security-related software flaws is called:CPECVECVSSSOXQuestion 49 of 50 50. 'md5sum' is a command that can be used as part of a forensic image preparation. What operation does it perform?EncryptionImagingDrive blockingHashingQuestion 50 of 50 Loading...
