CYSA + 02

A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?. A. Static analysis. B.Dynamic analysis. C.Regression testing. D. User acceptance testing.

An organization is concerned about the security posture of vendors with access to its facilities and systems. The organization wants to implement a vendor review process to ensure the policies implemented by vendors are in line with its own. Which of the following will provide the highest assurance of compliance?. A. An in-house red-team report. B. A vendor self-assessment report. C. An independent third-party audit report. D. Internal and external scans from an approved third-party vulnerability vendor.

A security technician is testing a solution that will prevent outside entities from spoofing the company’s email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?. A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record. B. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the email server. C. Add TXT @ "v=spfl mx include:_spf.comptia.org +all" to the domain controller. D. Add TXT @ "v=spfl mx include:_spf.comptia.org +all" to the web server.

A security analyst recently observed evidence of an attack against a company’s web server. The analyst investigated the issue but was unable to find an exploit that adequately explained the observations. Which of the following is the most likely cause of this issue?. A. The security analyst needs updated forensic analysis tools. B. The security analyst needs more training on threat hunting and research. C. The security analyst has potentially found a zero-day vulnerability that has been exploited. D. The security analyst has encountered a polymorphic piece of malware.

A manufacturing company has joined the information sharing and analysis center for its sector. As a benefit, the company will receive structured IoC data contributed by other members. Which of the following best describes the utility of this data?. A. Other members will have visibility into instances of positive IoC identification within the manufacturing company’s corporate network. B. The manufacturing company will have access to relevant malware samples from all other manufacturing sector members. C. Other members will automatically adjust their security postures to defend the manufacturing company’s processes. D. The manufacturing company can ingest the data and use tools to autogenerate security configurations for all of its infrastructure.

While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be best to prevent this type of attack from being successful?. A. Create a new rule in the IDS that triggers an alert on repeated login attempts. B. Implement MFA on the email portal using out-of-band code delivery. C. Alter the lockout policy to ensure users are permanently locked out after five attempts. D. Leverage password filters to prevent weak passwords on employee accounts from being exploited. E. Configure a WAF with brute-force protection rules in block mode.

As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO’s concerns, the assessor will most likely focus on: A. qualitative probabilities. B. quantitative probabilities. C. qualitative magnitude. D. quantitative magnitude.

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution?. A. The use of infrastructure-as-code capabilities leads to an increased attack surface. B. Patching the underlying application server becomes the responsibility of the client. C. The application is unable to use encryption at the database level. D.Insecure application programming interfaces can lead to data compromise.

A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation?. A. Develop a dashboard to track the indicators of compromise. B. Develop a query to search for the indicators of compromise. C. Develop a new signature to alert on the indicators of compromise. D. Develop a new signature to block the indicators of compromise.

A security analyst scanned an internal company subnet and discovered a host with the following Nmap output: Nmap -Pn 10.233.117.0/24 Host is up (0.0021s latency) Not shown: 967 filtered ports PORT STATE SERVICE 22/tcp open ssh 135/tcp open msrpc 445/tcp open microsoft-ds 137/tcp open netbios-ns 3389/tcp open ms-term-serv Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?. A. Port 22. B. Port 135. C. Port 445. D. Port 3389.