CySA+ Exam Questions and Answers: Information Security and Network Security, Exams of Cybercrime, Cybersecurity and Data Privacy

The correct answers to various cysa+ exam questions covering information security and network security concepts, including confidentiality, integrity, availability, risk assessment, system controls, firewalls, penetration testing, and incident response.

Typology: Exams

2023/2024

Available from 03/16/2024

Achieverr
Achieverr 🇺🇸

4.2

(14)

20K documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CySA+ exam with correct answers
What are the three key objectives of information security? - correct answersConfidentiality, integrity, and
availability
Risk exists at the intersection of _______ and _________. - correct answersThreats and vulnerabilities.
What type of system controls access to a network based on criteria such as time of day, location, device
type, and system health? - correct answersNetwork access control
What are the three networks typically connected to a triple-homed firewall? - correct answersThe
Internet, an internal network, and a DMZ
What are the four types of firewalls? - correct answersPacket filters
Stateful inspection firewalls
Next-generation firewalls
Web application firewalls.
______ may be used to apply settings to many different Windows systems at the same time. - correct
answersGroup Policy Objects (GPOs)
Four phases of penetration testing - correct answersPlanning, Discovery, Attack, and Reporting
What type of software can you use to enumerate the services that are accepting network connections on
a remote system without probing that system for vulnerabilities? - correct answersPort scanner
What is the most commonly used port scanner? - correct answersnmap
What tool can be used to determine the path between two systems over the Internet? - correct
answersTraceroute or tracert, depending on the operating system
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download CySA+ Exam Questions and Answers: Information Security and Network Security and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CySA+ exam with correct answers

What are the three key objectives of information security? - correct answersConfidentiality, integrity, and availability Risk exists at the intersection of _______ and _________. - correct answersThreats and vulnerabilities. What type of system controls access to a network based on criteria such as time of day, location, device type, and system health? - correct answersNetwork access control What are the three networks typically connected to a triple-homed firewall? - correct answersThe Internet, an internal network, and a DMZ What are the four types of firewalls? - correct answersPacket filters Stateful inspection firewalls Next-generation firewalls Web application firewalls. ______ may be used to apply settings to many different Windows systems at the same time. - correct answersGroup Policy Objects (GPOs) Four phases of penetration testing - correct answersPlanning, Discovery, Attack, and Reporting What type of software can you use to enumerate the services that are accepting network connections on a remote system without probing that system for vulnerabilities? - correct answersPort scanner What is the most commonly used port scanner? - correct answersnmap What tool can be used to determine the path between two systems over the Internet? - correct answersTraceroute or tracert, depending on the operating system

What type of data analysis looks for differences from expected behaviors? - correct answersAnomaly analysis What type of data analysis predicts threats based on existing data? - correct answersTrend analysis What type of vulnerability scan leverages read-only access to the scan target? - correct answersCredentialed scan What term is used to describe an organization's willingness to tolerate risk? - correct answersRisk appetite What type of account should be used to perform credentialed vulnerability scans? - correct answersRead-only account What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS? - correct answersVulnerability scanning What is the purpose of Nikto and Acunetix? - correct answersWeb application scanning Remediation Priority - correct answersCriticality Difficulty Severity Exposure What industry-standard system is used to assess the severity of security vulnerabilities? - correct answersCVSS What is the term used to describe when a scanner reports a vulnerability that does not really exist? - correct answersFalse positive

What type of threat consists of highly skilled and talented attackers focused on a specific objective? - correct answersAdvanced Persistent Threat (APT) What are the types of impact used to describe the scope of a security incident? - correct answersFunctional impact, economic impact, and recoverability effort What are the common attack vectors for security incidents? - correct answersExternal/removable media Attrition Web, email Impersonation Improper usage Loss or theft of equipment What Linux command displays processes, memory utilization, and other detail about running programs?

  • correct answersTop or ps What term is used to describe traffic sent to a command and control system by a PC that is part of a botnet? - correct answersBeaconing What Windows tool provides information on memory, CPU, and disk use? - correct answersPerfmon What protocol is used to gather information about and manage network devices? - correct answersSNMP What Linux command allows you to list the files that are open by processes on a system? - correct answerslsof What type of information is found in network flow data? - correct answersFlow data provides information about the source and destination IP address, protocol, and total data sent. What tool can administrators use to determine the maximum bandwidth available on a network connection? - correct answersiPerf

What type of device is designed to copy drives for forensic investigation, and then provide validation that the original drive and the content of the new drive match? - correct answersForensic drive duplicator Where can forensic analysts turn to find point-in-time information from prior actions on a Windows system? - correct answersVolume shadow copies Where can forensic analysts turn to find information about logins, service start/stop events, and evidence of applications being run on a Windows system? - correct answersEvent logs What Linux utility is commonly used to clone drives in RAW format? - correct answersdd What type of device can ensure that attaching a drive to a forensic copy device or workstation does not result in modifications being made to drive, thus destroying the forensic integrity of the process? - correct answersWrite blocker What Linux kernel modules allow forensic access to physical memory? - correct answersfmem and LiME What tool provides a list of USB devices that have been connected to a Windows system? - correct answersUSB Historian What is the first action that incident responders should take after identifying a potential incident? - correct answersContain the damage Network segmentation, isolation, and removal of affected systems are examples of ___________ strategies - correct answersContainment Once responders have contained the damage caused by an incident they should move on to __________ and ________ steps. - correct answersEradication and recovery At the conclusion of a cybersecurity incident response effort, CSIRT members should conduct a formal ____________ session. - correct answersLessons learned

__________ provides the same level of protection to all systems or networks. - correct answersUniform protection What type of controls include firewalls, intrusion detection and prevention systems, network segmentation, and authentication and authorization systems? - correct answersTechnical (or logical) controls What type of controls involve processes and procedures like those found in incident response plans, account creation and management, as well as awareness and training efforts? - correct answersAdministrative (or managerial) controls What type of controls include locks, fences, and other controls that control or limit physical access, as well as controls like fire extinguishers that can help to prevent harm to property? - correct answersPhysical controls _____________ are intended to stop an incident from occurring by taking proactive measures to stop the threat - correct answersPreventive controls A _______ is often used when services or systems need to be exposed to lower trust areas - correct answersDMZ ___________ is important to ensure continuity for roles, regardless of the reason a person leaves your organization. - correct answersSuccession planning What are the three types of views that can commonly be taken to review a security architecture design?

  • correct answersOperational views, technical views, and logical views What term is used to describe the set of claims made about an individual or account holder that are made about one party to another party? - correct answersIdentities What are the three elements of the AAA framework? - correct answersAuthentication, authorization, and accounting

What authorization standard is used by many websites to allow users to share elements of their identity or account information while authenticating via the original identity provider? - correct answersOAuth In Kerberos, what type of ticket allows complete access to the Kerberos connected systems, including creation of new tickets, account changes, and even falsification of accounts or services? - correct answersTicket Granting Ticket (TGT) What service is the core identity store and AAA service in most Windows-centric organizations? - correct answersActive Directory __________ is the steady accrual of additional rights over time as account owners change roles, positions, or responsibilities. - correct answersPrivilege creep What are the steps of the account life cycle? - correct answersCreate account and set password Provision services Modify and maintain account Disable account Retire and deprovision account. What are the stages of the software development life cycle? - correct answersPlanning, Requirements Design, Coding, Testing, Training and Transition, Ongoing Operations and Maintenance, End-of-Life Decommissioning The _______ phase of the SDLC includes actual coding of the application. - correct answersDevelopment What are the three types of system environments commonly used in organizations? - correct answersDevelopment, Test, and Production

COBIT's Activity Domains - correct answersPlan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate nmap flags - correct answers-sV flag reports banner and version information. -O -oG flag generates greppable output. -sS flag requests a TCP SYN scan. -sA - acknowledgement scan -sT - full connect TCP scan (3-way handshake) -b flag is used to detect servers supporting FTP bounce. Measures to determine an organization's tier in the NIST framework: - correct answersRisk management process maturity whether there is an integrated risk management program, effectively participating with external partners. SANS Software Issue Categories - correct answersInsecure Interaction Between Components Risky Resource Management Porous Defenses SCAP: Describes security related software flaws - correct answersCommon Vulnerability and Exposures (CVE) SCAP: Measures and describe severity of security related software flaws - correct answersCommon Vulnerability Scoring System (CVSS)