Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Packet Cyber
CySA+ New
| Question | Answer |
|---|---|
| Results of a worm was introduced from an engineer's laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to company policy and technical controls. Name the MOST secure way implement? | Deploy a company-wide approved engineering workstation for management access |
| An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic? | Packet capture |
| A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the eradication of the malware? | The workstations should be patched and scanned |
| All patches must undergo testing procedures before going live into production and if there are no apparent adverse reactions and no malware found what is the next step? | Create an incident ticket for anomalous activity |
| Who is the best facilitator for a post-incident lessons-learned session? | Independent facilitator |
| During a Fagan code inspection, which process can redirect to the planning stage? | Rework |
| A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of "password" grants elevated access to the application over the Internet. Name Best method? | Input validation |
| Which of the following policies BEST explains the purpose of a data ownership policy? | The policy should outline the organization's administration of accounts for authorized users to access the appropriate data. |
| Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Select two.) | Root cause analysis of the incident and the impact it had on the organization. 2.Enhancements to the policies and practices that will improve business responses |
| A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Name the policy which is still accurate? | Threat intelligence reports |
| Which of the following is MOST effective for correlation analysis by log for threat management? | SIEM |
| Computer has a virus and is sending out a beacon to command and control server by unknown service. Name the step implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs? | Sinkhole |
| Which one of the following is an example of a computer security incident | Former employee crashes a server |
| How many phases does the Spiral model cycle through | four |
| Analyst performs review of Active Directory and finds two user accounts and neither of the users has elevated permissions, but accounts in the group are given access to the company's sensitive financial management application by default. | Confirm the accounts are valid and ensure role-based permissions are appropriate |
| A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Name what to add additional security to this device? | The security analyst should recommend this device be place behind a WAF. |
| Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network? | Lessons learned report |
| An analyst is preparing for a technical security compliance check on all Apache servers. Which of the following will be the BEST to use? | CIS benchmark |
| A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has identified that the systems administrator accidentally deleted some log files. Name next step from reoccurring? | Backup server |
| A logistics company’s vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZIn order of risk, which of the following should be patched FIRST? | Microsoft Office Remote Code Execution |
| A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value? | Detailed and tested firewall rules that effectively prevent outside access of the SCADA devices |
| A security administrator recently deployed a virtual honeynet. The honeynet is not protected by the company's firewall, while all production networks are protected by a stateful firewall. BEST next step for external pen tester to see honeynet network? | TCP ACK scan |
| Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization's application deployment schedule. BEST out of cycle scan? | A vendor releases a critical patch update |
| After an internal audit, it was determined that administrative logins need to use multifactor authentication or a 15-character key with complexity enabled. Which of the following policies should be updates to reflect this change? (Choose two.) | Password policy and Account management policy |
| A company allows employees to work remotely. The security administration is configuring services that will allow remote help desk personnel to work secure outside the company's headquarters. Name the BEST solution to meet this goal? | Configure a VPN concentrator to terminate in the DMZ to allow help desk personnel access to resources |
| Joe, an analyst, has received notice that a vendor who is coming in for a presentation will require access to a server outside the network. Currently, users are only able to access remote sites through a VPN connection. Name BEST accommodate vendor? | Set up a VPN account for the vendor, allowing access to the remote site |
| Security infrastructure was designed for on-premise implementation. A critical application that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid cloud deployment model | Review current security controls |
| After implementing and running an automated patching tool, a security administrator ran a vulnerability scan that reported no missing patches found. Name BEST describes why tool was used? | To harden the servers against new attacks |
| A company has established an ongoing vulnerability management program and procured the latest technology to support it. However, the program is failing because several vulnerabilities have not been detected. Name what decrease false negatives? | Perform credentialed scans |
Created by:
CPrice1978