CySA+ 2022 Questions and Answers with complete solution

Document Content and Description Below

CySA+ 2022 Questions and Answers with complete solution B. >>>1. The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reporte... d by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files: Locky.js xerty.ini xerty.lib Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices? A. Disable access to the company VPN B. Email employees instructing them not to open the invoice attachment C. Set permissions on file shares to read-only D. Add the URL included in the .js file to the company's web proxy filter B. >>>2. A security analyst is reviewing the following log after enabling key-based authentication. Dec 21 11:00:57 comptia sshd[5657]: Failed password for root from 95.58.255.62 port 38980 ssh2 Dec 21 20:08:26 comptia sshd[5768]: Failed password for root from 91.205.189.15 port 38156 ssh2 Dec 21 20:08:30 comptia sshd[5770]: Failed password for nobody from 91.205.189.15 port 38556 ssh2 Dec 21 20:08:34 comptia sshd[5772]: Failed password for invalid user asterisk from 91.205.189.15 port 38864 ssh2 Dec 21 20:08:38 comptia sshd[5774]: Failed password for invalid user sjobeck from 91.205.18.15 port 39157 ssh2 Dec 21 20:08:42 comptia sshd[5776]: Failed password for root from 91.205.189.15 port 39467 ssh2 Given the above information, which of the following steps should be performed NEXT to secure the system? A. Disable anonymous SSH logins B. Disable password authentication for SSH C. Disable SSHv1 D. Disable remote root SSH logins C. >>>3. A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?A. APT B. DDoS C. Zero Day D. False Positive C. >>>4. A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website? A. VPN B. Honeypot C. Whitelisting D. DMZ E. MAC filtering A. >>>5. An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting? A. Trend analysis B. Behavior analysis C. Availability analysis D. Business analysis C. >>>6. An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied? A. MAC B. TAP C. NAC D. ACL A. >>>7. A reverse engineer was analyzing malware found on a retailer's network and found code extracting track data in memory. Which of the following threats did the engineers MOST likely uncover? A. POS malware B. Rootkit C. Key logger D. RansomwareD. E. >>>8. Based on the above information, which of the following should the system administrator do? (Select TWO). A. Verify the vulnerability using penetration testing tools or proof-of-concept exploits. B. Review the references to determine if the vulnerability can be remotely exploited. C. Mark the result as a false positive so it will show in subsequent scans D. Configure a network-based ACL at the perimeter firewall to protect the MS SOL port E. Implement the proposed solution by installing Microsoft patch 0316333. D. E. >>>A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SOL Server 2012 that is slated to go into production in one week: summary The remote MS SQL server is vulnerable to the Hello overflow Solution Install Microsoft Patch Q316333 or disable the Microsoft SQL Server service or use a firewall to protect the MS SQL port References MSB: MS02-043, MS02-056, MS02-061 CVE: CVE-2002-1123 BID: 5411 Other: IAVA 2002-B-0007 Based on the above information, which of the following should the system administrator do? (Select TWO) A. Verify the vulnerability using penetration testing tools or proof-of-concept exploits B. Review the references to determine if the vulnerability can be remotely exploited C. Mark the result as a false positive so it will show in subsequent scans D. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port E. Implement the proposed solution by installing Microsoft patch Q316333 D. >>>9. Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective? A. Password reuse B. Phishing C. Social engineering D. TailgatingA. >>>10. A security professional is analyzing the results of a network utilization report. The report includes the following information: IP Address Server Name Server Uptime Historical Current 172.20.20.58 web.srvr.03 30D 12H 52M 009S 41.3GB 37.2GB 172.20.1.215 dev.web.srvr.01 30D 12H 52M 009S 1.81GB 2.2GB 172.20.1.22 hr.dbprod.01 30D 12H 17M 009S 2.24GB 29.97GB 172.20.1.26 mrktg.file.srvr.02 30D 12H 41M 009S 1.23GB 0.34GB 172.20.1.28 accnt.file.srvr.01 30D 12H 52M 009S 3.62GB 3.57GB 172.20.1.30 R&D.file.srvr.01 1D 4H 22M 01S 1.24GB 0.764GB Which of the following servers needs further investigation? A. hr.dbprod.01 B. R&D.file.srvr.01 C. mrktg.file.srvr.02 D. web.srvr.03 A. >>>11. Several users have reported that when attempting to save documents in team folders, the following message is received: The File Cannot Be Copied or Moved - Service Unavailable Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which of the following is the MOST likely scenario causing these issues? A. The network is saturated, causing network congestion B. The file server is experiencing high CPU and memory utilization C. Malicious processes are running on the file server D. All the available space on the file server is consumed C. >>>12. A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT? A. The analyst should create a backup of the drive and then hash the drive. B. The analyst should begin analyzing the image and begin to report findings C. The analyst should create a hash of the image and compare it to the original drive's hash D. The analyst should create a chain of custody document and notify stakeholders C. >>>13. After completing a vulnerability scan, the following output was noted: CVE-2011-3389QID 42366 - SSLv3.- / TLSv1.0 Protocol weak CBC mode Server side vulnerability Check with: openssl s_client -connect qualys.jive.mobile.com:443 - tlsl -cipher "AES:CAMELLA:SEED:3DES:DES" Which of the following vulnerabilities has been identified? A. PKI transfer vulnerability B. Active Directory encryption vulnerability C. Web application cryptography vulnerability D. VPN tunnel vulnerability C. >>>14. A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement? A. Self-service password reset B. Single sign-on C. Context-based authentication D. Password complexity A. >>>15. The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server. The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that support them. Which of the following meets the criteria? A. OSASP B. SANS C. PHP D. Ajax C. >>>16. A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied? A. TCP B. SMTP C. ICMP D. ARP A. >>>17. A system administrator has reviewed the following output:#nmap server.local Nmap scan report for server.local (10.10.2.5) Host is up (0.3452354s latency) Not shown:997 closed ports PORT STATE Service 22/tcp open ssh 80/tcp open http #nc server.local 80 220 server.local Company SMTP server (Postfix/2.3.3) #nc server.local 22 SSH-2.0-OpenSSH_7.1p2 Debian-2 # Which of the following can a system administrator infer from the above output? A. The company email server is running a non-standard port B. The company email server has been compromised C. The company is running a vulnerable SSH server D. The company web server has been compromised B. C. D. >>>18. Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE) A. VLANs B. OS C. Trained operators D. Physical access restriction E. Processing power F. Hard Drive capacity A. C. >>>19. A software assurance lab is performing a dynamic assessment of an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? A. Fuzzing B. Behavior modeling C. Static code analysis D. Prototyping phase E. Requirements phaseF. Planning phase A. >>>20. A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate? A. Threat intelligence reports B. Technical constraints C. Corporate minutes D. Governing regulations A. >>>21. A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT? A. Start the change control process B. Rescan to ensure the vulnerability still exists C. Implement continuous monitoring D. Begin the incident response process A. >>>22. Law enforcement has contacted a corporations legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach? A. Security awareness about incident communication channels B. Request all employees verbally commit to an NDA about the breach C. Temporarily disable employee access to social media D. Law enforcement meeting with employees B. >>>23. An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future? A. Remove and replace the managed switch with an unmanaged one. B. Implement a separate logical network segment for management interfaces. C. Install and configure NAC services to allow only authorized devices to connect to the network D. Analyze normal behavior on the network and configure the IDS to alert on deviation from normal.B. >>>24. A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report? A. Kali B. Splunk C. Syslog D. OSSIM A. B. >>>25. Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO) A. Schedule B. Authorization C. List of system administrators D. Payment terms E. Business justification B. C. >>>26. An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO) A. Drive adapters B. Chain of custody form C. Write blockers D. Crime tape E. Hashing utilities F. Drive imager B. >>>27. A threat intelligence analyst who works for a technology firm received this report from a vendor. "There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector." Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity? A. Polymorphic malware and secure code analysis B. Insider threat and indicator analysisC. APT and behavioral analysis D. Ransomware and encryption A. >>>28. A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, whcih of the following is the BEST choice? A. Install agents on the endpoints to perform the scan B. Provide each endpoint with vulnerability scanner credentials C. Encrypt all of the traffic between the scanner and the endpoint D. Deploy scanners with administrator privileges on each endpoint B. >>>29. An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation? A. Packet of death B. Zero-day malware C. PII exfiltration D. Known virus A. >>>30. An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users that the application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analyst during their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reported problems? A. The security analyst should perform security regression testing during each application development cycle B. The security analyst should perform end user acceptance security testing during each application development cycle C. The security analyst should perform secure coding practices during each application life cycle D. The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle A. >>>31. A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and production is affected. Which of the following sources would be used to evaluate which network service was interrupted? A. SyslogB. Network mapping C. Firewall logs D. NIDS E. >>>32. Given the following output from a Linux machine: file2cable -i eth0 -f file.pcap Which of the following BEST describes what a security analyst is trying to accomplish? A. The analyst is attempting to measure bandwidth utilization on interface eth0 B. The analyst is attempting to capture traffic on interface eth0 C. The analyst is attempting to replay captured data from a PCAP file D. The analyst is attempting to capture traffic for a PCAP file E. The analyst is attempting to use a protocol analyzer to monitor network traffic [Show More]

Last updated: 1 year ago

Preview 1 out of 42 pages