Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONcysa+ v23 81-100

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
cysa+ v23 81-100

Description:
cysa+ v23 81-100

Author:
AVATAR

Creation Date:
17/05/2023

Category:
Others

Number of questions: 20
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice. Which of the following configuration changes would improve security and help prevent this from occurring? Configure the DLP transport rules to provide deep content analysis. Put employees' personal email accounts on the mail server on a blocklist. Set up IPS to scan for outbound emails containing names and contact information. Use Group Policy to prevent users from copying and pasting information into emails. Move outbound emails containing names and contact information to a sandbox for further examination.
An organization has the following policy statements: • AlI emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized coolant. •AM network activity will be logged and monitored. • Confidential data will be tagged and tracked • Confidential data must never be transmitted in an unencrypted form. • Confidential data must never be stored on an unencrypted mobile device. Which of the following is the organization enforcing? Acceptable use policy Data privacy policy Encryption policy Data management, policy.
small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control? Deterrent Preventive Compensating Detective.
A development team has asked users to conduct testing to ensure an application meets the needs of the business. Which of the fallowing types of testing docs This describe? Acceptance testing Stress testing Regression testing Penetration testing.
product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution? The use of infrastructure-as-code capabilities leads to an increased attack surface. Patching the underlying application server becomes the responsibility of the client. The application is unable to use encryption at the database level. Insecure application programming interfaces can lead to data compromise.
An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place. Which of the following should be notified for lessons learned? The human resources department Customers Company leadership The legal team.
A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes? Internal management review Control assessment Tabletop exercise Peer review.
A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT? The whitelist The DNS The blocklist The IDS signature.
A company's application development has been outsourced to a third-party development team. Based on the SLA. The development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement? Input validation Security regression testing Application fuzzing User acceptance testing Stress testing.
Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of: vulnerability scanning. threat hunting. red learning. penetration testing.
A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify: detection and prevention capabilities to improve. which systems were exploited more frequently. possible evidence that is missing during forensic analysis. which analysts require more training. the time spent by analysts on each of the incidents.
A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations Which of the following steps in the intelligence cycle is the security analyst performing? Analysis and production Processing and exploitation Dissemination and evaluation Data collection Planning and direction.
When investigating a compromised system, a security analyst finds the following script in the /tmp directory: Which of the following attacks is this script attempting, and how can it be mitigated? This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols. This is a password-spraying attack, and it can be mitigated by using multifactor authentication. This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days. This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.
An internally developed file-monitoring system identified the following except as causing a program to crash often: Which of the following should a security analyst recommend to fix the issue? Open the access.log file ri read/write mode. Replace the strcpv function. Perform input samtizaton Increase the size of the file data buffer.
Which of the following is a reason to use a nsk-based cybersecunty framework? A risk-based approach always requires quantifying each cyber nsk faced by an organization A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities A risk-based approach is driven by regulatory compliance and es required for most organizations A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes.
Security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture." The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will best accomplish the analyst's objectives? tcpdump -w packetCapture tcpdump -a packetCapture tcpdump -n packetCapture nmap -v > packetCapture nmap -oA > packetCapture.
Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO) Message queuing telemetry transport does not support encryption. The devices may have weak or known passwords. The devices may cause a dramatic Increase in wireless network traffic. The devices may utilize unsecure network protocols. Multiple devices may interface with the functions of other loT devices. The devices are not compatible with TLS 12.
Which of the following techniques can be implemented to safeguard the confidentiality of sensitive information while allowing limited access to authorized individuals? Deidentification Hashing Masking Salting.
A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase? Implement port security with one MAC address per network port of the switch. Deploy network address protection with DHCP and dynamic VLANs. Configure 802.1X and EAPOL across the network Implement software-defined networking and security groups for isolation.
security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the BEST recommendation? Require users to sign NDAs Create a data minimization plan. Add access control requirements. Implement a data loss prevention solution.
Report abuse Consent Terms of use