






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The correct answers to various cysa+ exam questions covering information security and network security concepts, including confidentiality, integrity, availability, risk assessment, system controls, firewalls, penetration testing, and incident response.
Typology: Exams
1 / 10
This page cannot be seen from the preview
Don't miss anything!







What are the three key objectives of information security? - correct answersConfidentiality, integrity, and availability Risk exists at the intersection of _______ and _________. - correct answersThreats and vulnerabilities. What type of system controls access to a network based on criteria such as time of day, location, device type, and system health? - correct answersNetwork access control What are the three networks typically connected to a triple-homed firewall? - correct answersThe Internet, an internal network, and a DMZ What are the four types of firewalls? - correct answersPacket filters Stateful inspection firewalls Next-generation firewalls Web application firewalls. ______ may be used to apply settings to many different Windows systems at the same time. - correct answersGroup Policy Objects (GPOs) Four phases of penetration testing - correct answersPlanning, Discovery, Attack, and Reporting What type of software can you use to enumerate the services that are accepting network connections on a remote system without probing that system for vulnerabilities? - correct answersPort scanner What is the most commonly used port scanner? - correct answersnmap What tool can be used to determine the path between two systems over the Internet? - correct answersTraceroute or tracert, depending on the operating system
What type of data analysis looks for differences from expected behaviors? - correct answersAnomaly analysis What type of data analysis predicts threats based on existing data? - correct answersTrend analysis What type of vulnerability scan leverages read-only access to the scan target? - correct answersCredentialed scan What term is used to describe an organization's willingness to tolerate risk? - correct answersRisk appetite What type of account should be used to perform credentialed vulnerability scans? - correct answersRead-only account What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS? - correct answersVulnerability scanning What is the purpose of Nikto and Acunetix? - correct answersWeb application scanning Remediation Priority - correct answersCriticality Difficulty Severity Exposure What industry-standard system is used to assess the severity of security vulnerabilities? - correct answersCVSS What is the term used to describe when a scanner reports a vulnerability that does not really exist? - correct answersFalse positive
What type of threat consists of highly skilled and talented attackers focused on a specific objective? - correct answersAdvanced Persistent Threat (APT) What are the types of impact used to describe the scope of a security incident? - correct answersFunctional impact, economic impact, and recoverability effort What are the common attack vectors for security incidents? - correct answersExternal/removable media Attrition Web, email Impersonation Improper usage Loss or theft of equipment What Linux command displays processes, memory utilization, and other detail about running programs?
What type of device is designed to copy drives for forensic investigation, and then provide validation that the original drive and the content of the new drive match? - correct answersForensic drive duplicator Where can forensic analysts turn to find point-in-time information from prior actions on a Windows system? - correct answersVolume shadow copies Where can forensic analysts turn to find information about logins, service start/stop events, and evidence of applications being run on a Windows system? - correct answersEvent logs What Linux utility is commonly used to clone drives in RAW format? - correct answersdd What type of device can ensure that attaching a drive to a forensic copy device or workstation does not result in modifications being made to drive, thus destroying the forensic integrity of the process? - correct answersWrite blocker What Linux kernel modules allow forensic access to physical memory? - correct answersfmem and LiME What tool provides a list of USB devices that have been connected to a Windows system? - correct answersUSB Historian What is the first action that incident responders should take after identifying a potential incident? - correct answersContain the damage Network segmentation, isolation, and removal of affected systems are examples of ___________ strategies - correct answersContainment Once responders have contained the damage caused by an incident they should move on to __________ and ________ steps. - correct answersEradication and recovery At the conclusion of a cybersecurity incident response effort, CSIRT members should conduct a formal ____________ session. - correct answersLessons learned
__________ provides the same level of protection to all systems or networks. - correct answersUniform protection What type of controls include firewalls, intrusion detection and prevention systems, network segmentation, and authentication and authorization systems? - correct answersTechnical (or logical) controls What type of controls involve processes and procedures like those found in incident response plans, account creation and management, as well as awareness and training efforts? - correct answersAdministrative (or managerial) controls What type of controls include locks, fences, and other controls that control or limit physical access, as well as controls like fire extinguishers that can help to prevent harm to property? - correct answersPhysical controls _____________ are intended to stop an incident from occurring by taking proactive measures to stop the threat - correct answersPreventive controls A _______ is often used when services or systems need to be exposed to lower trust areas - correct answersDMZ ___________ is important to ensure continuity for roles, regardless of the reason a person leaves your organization. - correct answersSuccession planning What are the three types of views that can commonly be taken to review a security architecture design?
What authorization standard is used by many websites to allow users to share elements of their identity or account information while authenticating via the original identity provider? - correct answersOAuth In Kerberos, what type of ticket allows complete access to the Kerberos connected systems, including creation of new tickets, account changes, and even falsification of accounts or services? - correct answersTicket Granting Ticket (TGT) What service is the core identity store and AAA service in most Windows-centric organizations? - correct answersActive Directory __________ is the steady accrual of additional rights over time as account owners change roles, positions, or responsibilities. - correct answersPrivilege creep What are the steps of the account life cycle? - correct answersCreate account and set password Provision services Modify and maintain account Disable account Retire and deprovision account. What are the stages of the software development life cycle? - correct answersPlanning, Requirements Design, Coding, Testing, Training and Transition, Ongoing Operations and Maintenance, End-of-Life Decommissioning The _______ phase of the SDLC includes actual coding of the application. - correct answersDevelopment What are the three types of system environments commonly used in organizations? - correct answersDevelopment, Test, and Production
COBIT's Activity Domains - correct answersPlan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate nmap flags - correct answers-sV flag reports banner and version information. -O -oG flag generates greppable output. -sS flag requests a TCP SYN scan. -sA - acknowledgement scan -sT - full connect TCP scan (3-way handshake) -b flag is used to detect servers supporting FTP bounce. Measures to determine an organization's tier in the NIST framework: - correct answersRisk management process maturity whether there is an integrated risk management program, effectively participating with external partners. SANS Software Issue Categories - correct answersInsecure Interaction Between Components Risky Resource Management Porous Defenses SCAP: Describes security related software flaws - correct answersCommon Vulnerability and Exposures (CVE) SCAP: Measures and describe severity of security related software flaws - correct answersCommon Vulnerability Scoring System (CVSS)