Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONcysa+ v23 41-60

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
cysa+ v23 41-60

Description:
cysa+ v23 41-60

Author:
AVATAR

Creation Date:
16/05/2023

Category:
Others

Number of questions: 20
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server: Which of the following ports should be closed? 22 80 443 1433.
Some hard disks need to be taken as evidence for further analysis during an incident response. Which of the following procedures must be completed FIRST for this type of evidence acquisition? Extract the hard drives from the compromised machines and then plug them into a forensics machine to apply encryption over the stored data to protect it from nonauthorized access. Build the chain-of-custody document, noting the media model, serial number, size, vendor, date, and time of acquisition. Perform a disk sanitization using the command #dd if=/dev/zero of=/dev/sdc bs=1M over the media that will receive a copy of the collected data. Execute the command #dd if-/dev/sda of=/dev/sdc bs=512 to clone the evidence data to external media to prevent any further change.
After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using? Header analysis File carving Metadata analysis Data recovery.
A company’s Chief Information Security Officer (CISO) published an Internet usage policy that prohibits employees from accessing unauthorized websites. The IT department whitelisted websites used for business needs. The CISO wants the security analyst to recommend a solution that would improve security and support employee morale. Which of the following security recommendations would allow employees to browse non-business-related websites? Implement a virtual machine alternative. Develop a new secured browser. Configure a personal business VLAN. Install kiosks throughout the building.
While observing several host machines, a security analyst notices a program is overwriting data to a buffer. Which of the following controls will best mitigate this issue? Data execution prevention DEP Output encoding Prepared statements Parameterized queries.
A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes? Internal management review Control assessment Tabletop exercise Peer review.
In web application scanning, static analysis refers to scanning: the system for vulnerabilities before installing the application. the compiled code of the application to detect possible issues. an application that is installed and active on a system. an application that is installed on a system that is assigned a static IP.
The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization: Which of the following should the organization consider investing in first due to the potential impact of availability? Hire a managed service provider to help with vulnerability management. Build a warm site in case of system outages. Invest in a failover and redundant system, as necessary. Hire additional staff for the IT department to assist with vulnerability management and log review.
According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found. Which of the following actions is the BEST option to fix the vulnerability in the source code? Delete the vulnerable section of the code immediately. Create a custom rule on the web application firewall. Validate user input before execution and interpretation. Use parameterized queries.
A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst recommend to best meet all the requirements? EDR Port security NAC Segmentation.
During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information? Set the web page to redirect to an application support page when a bad password is entered. Disable error messaging for authentication Recognize that error messaging does not provide confirmation of the correct element of authentication Avoid using password-based authentication for the application.
During the threat modeling process for a new application that a company is launching, a security analyst needs to define methods and items to take into consideralion Wtiich of the following are part of a known threat modeling method? Threat profile, infrastructure and application vulnerabilities, security strategy and plans Purpose, objective, scope, (earn management, cost, roles and responsibilities Spoofing tampering, repudiation, information disclosure, denial of service elevation of privilege Human impact, adversary's motivation, adversary's resources, adversary's methods.
An organization has the following risk mitigation policy: Risks with a probability of 95% or greater will be addressed before all others regardless of the impact. All other prioritization will be based on risk value. The organization has identified the following risks: Which of the following is the order of priority for risk mitigation from highest to lowest? A, B, D, C A, B, C, D D, A, B, C D, A, C, B.
analyst is reviewing the following output as part of an incident: Which of the following is MOST likely happening? The hosts are part of a reflective denial -of -service attack. Information is leaking from the memory of host 10.20 30.40 Sensitive data is being exfilltrated by host 192.168.1.10. Host 291.168.1.10 is performing firewall port knocking.
A Chief Information Secunty Officer has asked for a list of hosts that have critical and high-seventy findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request? Nessus Nikto Fuzzer Wireshark Prowler.
A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below: Office 365 User. It looks like you account has been locked out Please click this <a href=Tittp7/accountfix-office356 com/login php">link</a> and follow the pfompts to restore access Regards. Security Team Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT? telnet office365.com 25 tracert 122.167.40.119 curl http:// accountfix-office365.com/login. php nslookup accountfix-office365.com.
security analyst reviews SIEM logs and discovers the following error event: Which of the following environments does the analyst need to examine to continue troubleshooting the event? Proxy server SQL server Windows domain controller WAF appliance DNS server .
A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to respond? Report this activity as a false positive, as the activity is legitimate. Isolate the system and begin a forensic investigation to determine what was compromised. Recommend network segmentation to the management team as a way to secure the various environments. Implement host-based firewalls on all systems to prevent ping sweeps in the future.
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity: • Successful administrator login reporting priority - high • Failed administrator login reporting priority - medium • Failed temporary elevated permissions - low • Successful temporary elevated permissions - non-reportable A security analyst is reviewing server syslogs and sees the following: Which of the following events is the HIGHEST reporting priority? A. <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 - BOM 'sudo vi users.txt' success B. <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 - BOM 'sudo more /etc/passwords' success C. <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 - BOM 'su' success D. <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 - BOM 'su vi syslog.conf failed for joe Option A Option B Option C Option D.
As part of the senior leadership team's ongoing nsk management activities the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data Which of the following would be appropnate for the security analyst to coordinate? A black-box penetration testing engagement A tabletop exercise Threat modeling A business impact analysis.
Report abuse Consent Terms of use