ERASED TEST, YOU MAY BE INTERESTED ON CYSA+ Practice
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
CYSA+ Practice Description: 002 Review Questions Author: Pencilerman Other tests from this author Creation Date: 16/03/2025 Category: Computers Number of questions: 20 |
Share the Test:
New Comment
No comments about this test.
Content:
|
Which of the following is the software development process by which function, usability, and scenarios are tested
against a known set of base requirements? Security regression testing Code review User acceptance testing Stress testing . A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations. To help mitigate this risk, the Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement? Data masking procedures Enhanced encryption functions Regular business impact analysis functions Geographic access requirements . Massivelog.log has grown to 40GB on a Windows server. At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10,000 lines of the log for review? tail -10000 Massivelog.log > extract.txt info tail n -10000 Massivelog.log | extract.txt; get content './Massivelog.log' -Last 10000 | extract.txt get-content './Massivelog.log' -Last 10000 > extract.txt; . A cybersecurity analyst is establishing a threat-hunting and intelligence group at a growing organization. Which of the following is a collaborative resource that would MOST likely be used for this purpose? IoC feeds CVSS scores Scrum ISAC. Which of the following are considered PI I by themselves? Government ID and Birth Certificate Job title and Employment start date Mother's maiden name and Birth Certificate Employer Address and Job title. A security analyst needs to provide the development team with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks. Which of the following technologies should the analyst implement to provide secure transport? CASB VPC Federation VPN. A security analyst reviews a recent network capture and notices that encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port? The server is configured to communicate on the secure database standard listener port. Someone has configured an unauthorized SMTP application over SSL. A connection from the database to the web front end is communicating on the port. The server is receiving a secure connection using the new TLS 1.3 standard. . The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often submit requests for new users at the last minute, causing the help desk to scramble to create accounts across many different interconnected systems. Which of the following solutions would work BEST to assist the help desk with the onboarding and offboarding process while protecting the company's assets? MFA CASB SSO RBAC. Which of the following is MOST important when developing a threat hunting program? Understanding penetration testing techniques Understanding how to build correlation rules within a SIEM Understanding security software technologies Understanding assets and categories of assets . A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security. To BEST complete this task, the analyst should place the: firewall behind the VPN server. VPN server parallel to the firewall VPN server behind the firewall. VPN on the firewall. . An executive assistant wants to onboard a new cloud-based product to help with business analytics and dashboarding. Which of the following would be the BEST integration option for this service? Manually log in to the service and upload data files on a regular basis. Have the internal development team script connectivity and file transfers to the new service. Create a dedicated SFTP site and schedule transfers to ensure file transport security Utilize the cloud product's API for supported and ongoing integrations. . Which of the following is a difference between SOAR and SCAP? SOAR can be executed faster and with fewer false positives than SCAP because of advanced heuristics. SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope. SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does. SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts. . An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST steps to confirm and respond to the incident? Pause the virtual machine and Take a snapshot of the virtual machine. Take a snapshot of the virtual machine and remove the NIC from the virtual machine Review host hypervisor log of the virtual machine and execute a migration of the virtual machine Take a snapshot of the virtual machine and Review host hypervisor log of the virtual machine. The security team decides to meet informally to discuss and test their response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform? Tabletop exercise Red-team attack System assessment implementation Blue-team training White-team training. Which of the following BEST explains the function of TPM? To provide hardware-based security features using unique keys To ensure platform confidentiality by storing security measurements To improve management of the OS Installations To Implement encryption algorithms for hard drives . A security analyst is investigating an incident related to an alert from the threat detection platform on a host (10.0.1.25) in a staging environment that could be running a cryptomining tool because it is sending traffic to an IP address that is related to Bitcoin. The network rules for the instance are the following: Which of the following is the BEST way to isolate and triage the host? Remove rules 1, 2, and 3. Remove rules 1, 2, 4, and 5. Remove rules 1, 2, 3, 4, and 5. Remove rules 1. 2, and 5. Remove rules 1, 4, and 5. Remove rules 4 and 5. . Which of the following BEST describes what an organization's incident response plan should cover regarding how the organization handles public or private disclosures of an incident? The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident. The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures. The disclosure section should include the names and contact information of key employees who are needed for incident resolution. The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening in the future. . An organization has the following policy statements: ✑ All emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized content. ✑ All network activity will be logged and monitored. ✑ Confidential data will be tagged and tracked. ✑ Confidential data must never be transmitted in an unencrypted form. ✑ Confidential data must never be stored on an unencrypted mobile device. Which of the following is the organization enforcing? Acceptable use policy Data privacy policy Encryption policy Data management policy . After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using? Header analysis File carving Metadata analysis Data recovery. In SIEM software, a security analyst detected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers. Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise? Fully segregate the affected servers physically in a network segment, apart from the production network. Collect the network traffic during the day to understand if the same activity is also occurring during business hours. Check the hash signatures, comparing them with malware databases to verify if the files are infected. Collect all the files that have changed and compare them with the previous baseline. . |
Report abuse