Download CompTIA Cybersecurity Analyst (CySA+) - Module 1: Threat Management and more Exams Computer Science in PDF only on Docsity!
CompTIA Cybersecurity Analyst (CySA+) -
Module 1: Threat Management
Which of the following is an alternate name for topology Discovery? Fingerprinting Footprinting Pivotprinting Sniffing - Footprinting What process allows an analyst to discover the operating system and version of a system? Service Discovery Topology Discovery Log Review OS Fingerprinting - OS Fingerprinting In what order is an ACL processed? From top to bottom From bottom to top Most specific entry first Least specific entry first - From top to bottom What is the unwritten rule at the bottom of a firewall's ACL? Implicit Allow Implicit Deny Explicit Deny Explicit Allow - Implicit Deny Attackers may potentially collect company emails by searching Google. True False - True Which process would an attacker use to determine who in a company is most likely to be tricked into giving up company information? Social Engineering Phishing Social Media Profiling Email Harvesting - Social Media Profiling
What type of Phishing is sent over a text message specifically? Vishing Spear Phishing SMiShing Whaling - SMiShing Internal DNS servers need to be protected from an attacker to prevent the leakage of email records within a company. True False - False Due to the amount of a network that is physically wired it is more difficult to prevent access to a physical network than a wireless one. True False - False Which of the following wireless protocols can be used to best supply security for a wireless network? WEP TKIP WPA WPA - WPA A virtual network is more secure network for which of the following reasons? They are easier to patch They can't spread viruses Virtual machines can't compromise their host They're easier to isolate - They're easier to isolate In which way can an IDS protect a network? (Choose all that apply) Reactively Proactively Actively Passively - Reactively & Passively Which of the following methods can be used to delay a scan to avoid detection? Sparse scanning Traceroute scan
False - False Employees need not be trained in current social engineering attacks as plenty of other countermeasures exist to prevent somebody from falling victim to one of these attacks such as email filters. True False - False In which of the following networks types should an analyst hide the network's name in order to help prevent an attacker from finding the network? Wired Wireless Cloud Virtual - Wireless What is the name of the common issues that can affect certain operating systems which can be easily found online? CVEs MitM NMAP CNP - CVEs (CVE - Common Vulnerabilities and Exposures) Which of the following can be used to further tune an IDS or IPS system in order to guarantee more accurate results? IDS IPS Anti-Virus Scanner Firewall - IDS In order to scan for ports capable running NTP or RADIUS which of the following scans would be utilized? TCP half-open scan TCP connect scan UDP scan UDP half-open scan - UDP scan An analyst has discovered that a particular port is blocked by a firewall. What is the port state of that firewall? Open Closed
Filtered Blocked - Filtered An analyst discovered that a particular port is responding to requests. Which of the following port states is the attacker discovering? (Choose all that apply) Closed Open Blocked Filtered - Closed & Open An attacker was able to eavesdrop on network traffic by attaching a device to a core switch. Which of the following is the attacker most likely accomplishing? Network mapping Host Discovery Port scanning Packet capture - Packet capture An attacker will first look for a vulnerable system known as a pivot point to initially breach a network. True False - True Which of the following will allow an analyst to not only view where traffic is flowing on a network but grant a better picture to determine how much traffic is passing over a segment at any given time? Pick the best answer. Packet Analysis Wireless Analysis Protocol Analysis Netflow Analysis - Netflow Analysis Which of the following would an analyst be keeping an eye out for during protocol analysis? Pick two High utilization of a protocol Too few protocols in use A suspicious protocol in use Traffic being routed to a suspicious network - High utilization of a protocol & A suspicious protocol in use
exe txt pcap bat - pcap NMAP is able to display an output directly to a user's screen but not to a file. True False - False Which is an example of a SIEM system? Wireshark Snort Splunk Sourcefire - Splunk Which of the following is an example of a packet analysis tool? Splunk Bro Tcpdump IPFIX - Tcpdump Which of the following is a type of netflow analyzer? IPFIX Snort Dsniff ArcSight - IPFIX An attacker's traffic was redirected to a network designed to produce dummy traffic while researching how an attack is being carried out. What is the name of the countermeasure the attacker hit? Honeypot IDS IPS Honeynet - Honeynet Which of the following security controls are useful for endpoint security? Choose all that apply NIDS 802.1x
Port Security UTM - 802.1x & Port Security Port security uses which of the following to determine which devices can access the network? Username MAC Address IP Address Host name - MAC Address It is more important to add logical security controls like 802.1x and port security than physical security controls. True False - False An admin wants to assign permission centrally on a Windows network. Which of the following should the admin utilize to accomplish this task? Group Policy Objects RADIUS TACACs+ MAC - Group Policy Objects An admin wants to be able to manage any machine in the DMZ through a single secure system. What is this system known as? Pivot Point Management server RADIUS server Jump Box - Jump Box Which of the following access control models is based off of the idea of sensitivity labels and has a focus on security? DAC RBAC MAC TBAC - MAC (Mandatory Access Control) Which of the following access control models is based off of the idea that the owner of the data is in control and is focused on flexibility? DAC RBAC
Physical Production - Virtual Why should a company set up a secure supply chain? To prevent theft of hardware components To ensure vendors are not selling 3rd party products To guarantee all products received have not been tampered with To prevent unwanted access to a supplier's location - To guarantee all products received have not been tampered with A company should never purchase a product without first establishing a secure supply chain. True False - False The DoD has created the _____ program in order to identify suppliers that have proven themselves secure. Trusted Foundry Secure Supply Trusted Supplier Secure Hardware - Trusted Foundry In order to detect a change in a software from a legitimate copy into a malicious one which of the following methods can be used? Code-signing whitelisting MAC User training - Code-signing Which of the following will attempt to reverse engineer the code by running through the program step by step in an interactive manner. A Disassembler A Decompiler A Debugger A Diffuser - A Debugger Which of the following will attempt to reverse engineer code by attempting to deconstruct the original source code? A Disassembler A Decompiler
A Debugger A Diffuser - A Decompiler Which of the following will attempt to reverse engineer some code by reading machine code instructions A Disassembler A Decompiler A Debugger A Diffuser - A Disassembler It is possible to safely test how malware attempts to reach out of the internet by supplying an outbound connection from the lab environment. True False - True Which of the following teams is in control of a war gaming scenario? Red Team Blue Team Grey Team White Team - White Team Which of the following teams acts as the defenders in a war gaming scenario? Red Team Blue Team Grey Team White Team - Blue Team Which of the following are examples of a technical control? Choose all that apply Personnel Security Maintenance Planning Firewalls - Firewalls Which of the following are examples of operational controls. Choose all that apply Incident Response Auditing and accountability Configuration Management Risk Assessment - Incident Response & Configuration Management Which of the following are examples of Management Controls? Choose all that apply.
