Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CySA+ Exam
All Areas
| Question | Answer |
|---|---|
| Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent and targeting of the threat source? | Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent and targeting of the threat source? |
| Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering? | Environmental |
| Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first? | Identify threats |
| Tommy is assessing the security database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected? | Vulnerability |
| Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats? | Nonrepudiation |
| security incident that compromised one of his organization's web servers, but believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate? | Availability |
| Which one of the following is an example of an operational security control? | penetration tests |
| Encryption software, network firewalls, and antivirus software are all examples of _________________ security controls. | Technical |
| A risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue? | risk mitigation |
| Robert's organization has a BYOD policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal? | network access control |
| When performing 802.1x authentication, what protocol does the authenticator use to communicate with the authentication server? | RADIUS |
| Juan is configuring a new device that will join his organization's wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network? | 802.1x supplicant |
| Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall? | 443 |
| What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process? | Next Generation Firewalls |
| Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which port should definitely not be open on the jump box? | 23 |
| Kevin would like to implement a specialized firewall that can protect against SQL injection, cross-site scripting, and similar attacks. What technology should he choose? | WAF |
| Which one of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures? | Sandboxing |
| What is the BEST tool to use when an organization experience a data breach and a legacy web server was not being used in over year also was not regularly patched? | Nmap |
| A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network and name the compensating controls that prevent the scans from providing value? | Detailed and Tested Firewall rules that effectively prevent outside access of the SCADA devices? |
| During and investigation a computer is being seized and what is the next step analyst should take? | Power off the computer and remove it from the network |
| A company has ongoing vulnerability management program and procured latest technology to support, However the program is failing due to several vulnerabilities not being detected and how can you reduce false negatives? | Perform credential scans |
| The security analyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of the following would be the BEST course of action for the outbound SFTP process? | Investigate a potential incident |
| A forensically sound copy of an employee's hard drive was received an analyst needs to get suspects inappropriate images which may have been deleted from the hard drive what tool can help recover deleted evidence? | File carving tool |
| A laptop has degraded performance and investigated the issue and discovered that CPU utilization, memory utilization, and outbound network traffic are consuming the laptop resources. Name the BEST course of actions to resolve the problem? | Identify and remove malicious processes |
| A company has implemented WPA2, a 20-character minimum for the WiFi passphrase, and a new WiFi passphrase every 30 days, and has disabled SSID broadcast on all wireless access points. Which of the following is the company trying to mitigate? | Downgrade attacks |
Created by:
CPrice1978