CompTIA CySA+ Practice Tests. Mike Chapple. Читать онлайн. Newlib. NEWLIB.NET

Автор: Mike Chapple
Издательство: John Wiley & Sons Limited
Серия:
Жанр произведения: Зарубежная компьютерная литература
Год издания: 0
isbn: 9781119684046
Скачать книгу
to detect?Incorrect firewall rulesUnvalidated inputMissing operating system patchesUnencrypted data transmission

      31 Kobe wants to provide access to a jump box in a secured network. What technology should he deploy to allow a secure connection to the system through untrusted intermediary networks?VPCAn air gapA VPNPhysical segmentation

      32 Mia would like to ensure that her organization's cybersecurity team reviews the architecture of a new ERP application that is under development. During which SDLC phase should Mia expect the security architecture to be completed?Analysis and Requirements DefinitionDesignDevelopmentTesting and Integration

      33 Which one of the following security activities is not normally a component of the Operations and Maintenance phase of the SDLC?Vulnerability scansDispositionPatchingRegression testing

      34 Which hardware device is used on endpoint devices to store RSA encryption keys specific to that device to allow hardware authentication?A SSDA hard driveA MFA tokenA TPM

      35 Which one of the following testing techniques is typically the final testing done before code is released to production?Unit testingIntegration testingUser acceptance testingSecurity testingUse the following scenario for questions 36–38.Olivia has been put in charge of performing code reviews for her organization and needs to determine which code analysis models make the most sense based on specific needs her organization has. Use your knowledge of code analysis techniques to answer the following questions.

      36 Olivia's security team has identified potential malicious code that has been uploaded to a webserver. If she wants to review the code without running it, what technique should she use?Dynamic analysisFagan analysisRegression analysisStatic analysis

      37 Olivia's next task is to test the code for a new mobile application. She needs to test it by executing the code and intends to provide the application with input based on testing scenarios created by the development team as part of their design work. What type of testing will Olivia conduct?Dynamic analysisFagan analysisRegression analysisStatic analysis

      38 After completing the first round of tests for her organization's mobile application, Olivia has discovered indications that the application may not handle unexpected data well. What type of testing should she conduct if she wants to test it using an automated tool that will check for this issue?Fault injectionFagan testingFuzzingFailure injection

      39 Which one of the following characters would not signal a potential security issue during the validation of user input to a web application?<`>$

      40 The Open Web Application Security Project (OWASP) maintains a listing of the most important web application security controls. Which one of these items is least likely to appear on that list?Implement identity and authentication controlsImplement appropriate access controlsObscure web interface locationsLeverage security frameworks and libraries

      41 Kyle is developing a web application that uses a database backend. He is concerned about the possibility of an SQL injection attack against his application and is consulting the OWASP proactive security controls list to identify appropriate controls. Which one of the following OWASP controls is least likely to prevent a SQL injection attack?Parameterize queriesValidate all inputEncode dataImplement logging and intrusion detection

      42 Jill's organization has adopted an asset management tool. If she wants to identify systems on the network based on a unique identifier per machine that will not normally change over time, which of the following options can she use for network-based discovery?IP addressHostnameMAC addressNone of the above

      43 Barcodes and RFID tags are both frequently used for what asset management practice?Asset dispositionAsset taggingAsset acquisitionAsset lifespan estimation

      44 What type of secure boot process is shown in the following image?Remote attestationMeasured bootLogged loaderUEFI

      45 Ian has been asked to deploy a secure wireless network in parallel with a public wireless network inside his organization's buildings. What type of segmentation should he implement to do so without adding additional costs and complexity?SSID segmentationLogical segmentationPhysical segmentationWPA segmentation

      46 Barbara has segmented her virtualized servers using VMware to ensure that the networks remain secure and isolated. What type of attack could defeat her security design?VLAN hopping802.1q trunking vulnerabilitiesCompromise of the underlying VMware hostBGP route spoofing

      47 What major issue would Charles face if he relied on hashing malware packages to identify malware packages?Hashing can be spoofed.Collisions can result in false positives.Hashing cannot identify unknown malware.Hashing relies on unencrypted malware samples.

      48 Noriko wants to ensure that attackers cannot access his organization's building automation control network. Which of the following segmentation options provides the strongest level of assurance that this will not happen?Air gapVLANsNetwork firewallsHost firewalls

      49 What type of network device is most commonly used to connect two or more networks to forward traffic between them?A switchA firewallA routerAn IPSUse the following scenario for questions 50–53.Angela is a security practitioner at a mid-sized company that recently experienced a serious breach due to a successful phishing attack. The company has committed to changing their security practices across the organization and has assigned Angela to determine the best strategy to make major changes that will have a significant impact right away.

      50 Angela's company has relied on passwords as their authentication factor for years. The current organizational standard is to require an eight-character, complex password, and to require a password change every 12 months. What recommendation should Angela make to significantly decrease the likelihood of a similar phishing attack and breach in the future?Increase the password length.Shorten the password lifespan.Deploy multifactor authentication.Add a PIN to all logins.

      51 Angela has decided to roll out a multifactor authentication system. What are the two most common factors used in MFA systems?Location and knowledgeKnowledge and possessionKnowledge and biometricKnowledge and location

      52 As part of the investigation after the breach, Angela's team noticed that some staff were using organizational resources after hours when they weren't supposed to be logged in. What type of authentication model could she deploy to use information about an employee's role and work hours to manage when they can be logged in?Location factorsBiometric factorsContext based authenticationMultifactor authentication

      53 Angela's multifactor deployment includes the ability to use text (SMS) messages to send the second factor for authentication. What issues should she point to?VoIP hacks and SIM swappingSMS messages are logged on the recipient's phonesPIN hacks and SIM swappingVoIP hacks and PIN hacks

      54 Keith needs to manage digital keys, and he wants to implement a hardware security module in his organization. What U.S. government standard are hardware security modules often certified against?PCI-DSSHSM-2015FIPS 140-2CA-Check

      55 What purpose does the OpenFlow protocol serve in software-defined networks?It captures flow logs from devices.It allows software-defined network controllers to push changes to devices to manage the network.It sends flow logs to flow controllers.It allows devices to push changes to SDN controllers to manage the network.

      56 What type of access control system relies on the operating system to control the ability of subjects to perform actions on objects through a set of policies controlled by a policy administrator?RBACMACDACABAC

      57 What term is used to describe an isolated pool of cloud resources for a specific organization or user allocated inside of a public cloud environment?VPNVPCCDACCA

      58 Rick's security research company wants to gather data about current attacks and sets up a number of intentionally vulnerable systems that allow his team to log and analyze exploits and attack tools. What type of environment has Rick set up?A tarpitA honeypotA honeynetA blackhole

      59 Kalea wants to prevent DoS attacks against her serverless application from driving up her costs when using a cloud service. What technique is not an appropriate solution for her need?Horizontal scalingAPI keysSetting a cap on API invocations for a given timeframeUsing timeouts

      60 What is the purpose of change management in an organization?Ensuring changes are scheduledEnsuring