Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CompTIA CySA+ Practice Test - Final Exam Questions and Answers, Exams of Computer Fundamentals

A comprehensive set of practice questions and answers for the comptia cysa+ certification exam. It covers a wide range of cybersecurity topics, including network security, incident response, and cloud security. The questions are designed to test your understanding of key concepts and best practices in cybersecurity.

Typology: Exams

2023/2024

Available from 11/13/2024

expertee
expertee 🇺🇸

3.3

(28)

1.5K documents

1 / 5

Toggle sidebar

Related documents


Partial preview of the text

Download CompTIA CySA+ Practice Test - Final Exam Questions and Answers and more Exams Computer Fundamentals in PDF only on Docsity!

CompTIA CySA+ Practice Test – Final Exam Questions and

Correct Answers.

An engineer uses enumeration tools to identify hosts on a network. Which description relates to a footprinting approach? - Correct Answer IP address usage, routing topology, and DNS namespace Identify the Software Development Life Cycle (SDLC) step where developers perform "black box" or "grey box" analysis to test for vulnerabilities in the published application, as well as in its publication environment. - Correct Answer Testing A cloud access security broker (CASB) appliance uses connection brokers between the cloud service and the cloud consumer to mediate access to services. What mode is the CASB operating? - Correct Answer Application Programming Interface (API) mode Following the general principle in capturing evidence in the order of volatility, which of the following is the most non-volatile option available? - Correct Answer Archival media The company deployed a new intrusion prevention system (IPS) at the network edge as well as a host-based IPS. USB devices are now immediately blocked at the client endpoint. What can the team do to ensure the effectiveness of the network IPS? Select all that apply. - Correct Answer Ghost an incident scenario, Utilize Metasploit's framework. A server crashed abruptly and there were no logs or indication of a system failure. Before connecting the server to the network, an admin installed Memoryze to monitor its activity. How can this application benefit the system's security? - Correct Answer Image the full system memory. Which business impact metric describes the period following a disaster where an individual IT system may remain offline? - Correct Answer RTO How can someone securely dispose of documents with classified information? - Correct Answer Burning A corporate network finds itself undergoing a large-scale breach. The cybersecurity team can't identify the sources of attack fast enough. Assess the situation and recommend an immediate solution. - Correct Answer Setup a whitelist

When governing data in a company, which role is responsible for maintaining the confidentiality, integrity, and availability of the information asset? - Correct Answer Data owner The team deployed a new security monitoring application and backup solution because the legacy applications were out-of-date. A recent incident response revealed that the team was not able to meet their recovery time objective. What are some actions that can improve future recovery times? Select all that apply. - Correct Answer Update the documentation, Follow the change control process. A network security analyst is attempting to identify a threat on a potentially malware infected host. The analyst isolated the host and limited it to a basic Linux command line. What default Linux command used to list running processes did the analyst use to identify a program or service opening the connection? - Correct Answer ps Select the categories of Event Logs in Windows. Select all that apply. - Correct Answer Setup logs, Application logs, Security logs Which of the following is an indicator of compromise within a server? Select all that apply.

  • Correct Answer Regular user account with admin privileges, Unauthorized software installed A drone pilot experiences difficulty remote controlling the aircraft. The pilot feels that a questionable firmware update is to blame. Which technology refers to the type the drone uses? - Correct Answer CAN bus A security expert finishes bringing a system online after a breach. When writing a report on the incident, the expert documents aspects of the exploit interaction. These aspects outline how the incident utilized a category of cyber related approaches including social media messaging. Which of the following security related terms does the expert refers to? - Correct Answer Attack vector A security key is required from the CPU vendor to make buffer overflow attacks impossible. This allows application processes to be identified as trusted. Define the security method that accomplishes this goal. - Correct Answer Secure enclave

What phishing technique implements exploits within an email allowing them to run malicious code or obtain information under false pretenses? Select all that apply. - Correct Answer Embedded links, "sender" address fields, Attachments Which classification best describes the security control function of a security camera? - Correct Answer Physical In terms of systems vulnerability scanning, which example fits that of a false negative? - Correct Answer Exposed to threats without being aware of them Proactive threat hunting often leads to the discovery of previously unknown vulnerabilities which can then be secured. Choose the description that fits this process. - Correct Answer Reducing the attack surface area A company must first assess their systems to design a risk assessment process. An inventory will include systems that support mission essential functions (MEF) or primary business functions (PBF). From this inventory, which tangible asset is essential to PBF? - Correct Answer Public web server An analyst at a popular antivirus software development company is reverse engineering malicious virus code. The antivirus arrived as a payload in an email. The analyst is searching for malicious strings that will help identify the exploit techniques used by the virus. The malware code executes with a script or a small piece of shellcode to drop a system memory process in a suspended state, allowing it to rewrite the memory locations containing the process code with malware code. What method of code injection is the virus using as an exploit technique? - Correct Answer Process Hallowing The dropper exploits a vulnerability in a legitimate program's manifest to load a malicious DLL at runtimecode - Correct Answer DLL sideloading Masquerading - Correct Answer exploit technique where a legitimate executable file or process is replaced by a malicious one. Living off the land - Correct Answer Exploit techniques that use standard system tools and packages to perform intrusions A hospital hired a forensic analyst to investigate a security breach that involved thousands of patient health records. The company computer security incident response team (CSIRT) provided a report that details everything that happened. As the

investigation proceeds, who should the forensic analyst directly report to in this case? - Correct Answer Company counsel A security engineer reviews event logs and discovers a malicious command and control implementation on a server that involves port forwarding. Jumping into action, the engineer promptly removes which threat type? - Correct Answer Advanced persistent threat _______ may include insurance records along with a person's name, birth date, and email. - Correct Answer Personal Health Information (PHI) Identify the type of application vulnerable to a lack of security involving not knowing, or not being in control of, software running alongside the application's frontend. - Correct Answer Client/Server Applications Evaluate the technology Digital Rights Management (DRM) software that will most effectively prevent content from playing on TVs that are not High-bandwidth Digital Content Protection (HDCP) compatible. - Correct Answer Bus encryption A recent audit of a gaming application revealed the application broke basic privacy laws. The company is making revenue from a third-party marketing company. The European Union (EU) General Data Protection Regulation (GDPR) requires companies to follow strict guidelines pertaining to user data. Which steps must the company take to be compliant? Select all that apply. - Correct Answer Keep data within jurisdiction., Request consent from users. Identify the algorithmic component of machine learning that takes inputs and uses them to generate outputs, often using complex internode feedback loops. - Correct Answer Artificial neural networks (ANN) A company has a computer security incident response team (CSIRT) that includes the IT department, customer support team, and public relations. How may the company benefit from including an internal forensic analyst? - Correct Answer To support audit processes and record maintenance An incident involving a crashed server halted SharePoint services for 30 minutes while the secondary server took over as primary. The server is hosting proprietary information that employees use often for research and development. Incident notification should be limited to whom? Select all that apply. - Correct Answer IT managers, SharePoint users

Identify the category of machine learning (ML) techniques that does not need explicit rules or variables to accomplish its task. - Correct Answer Deep learning the science of developing computer systems capable of simulating or demonstrating a similar general intelligence to humans. - Correct Answer Artificial intelligence a type of software system using static information based on a specific domain to use if- then rules to draw inferences from this limited set of data (knowledge base). - Correct Answer Expert systems Identify the category of machine learning (ML) techniques that does not need explicit rules or variables to accomplish its task. - Correct Answer Linear regression A security key is required from the CPU vendor to make buffer overflow attacks impossible. This allows application processes to be identified as trusted. Define the security method that accomplishes this goal. - Correct Answer Secure enclave A security key is required from the CPU vendor to make buffer overflow attacks impossible. This allows application processes to be identified as trusted. Define the security method that accomplishes this goal. - Correct Answer Unified Extensible Firmware Interface (UEFI) the capability to transmit an attestation report containing a boot log to an external server, such as a network access control server. - Correct Answer Measured boot attestation ensures that the device at the end of the bus is trusted to decrypt the data when the data is transferred to another device over a bus, such as PCIe, USB, or HDMI. - Correct Answer Bus encryption