CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. A security operations team was alerted to abnormal DNS activity coming from a users machine. The team performed a forensic investigation and discovered a hosthad been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecurepublic Internet site. Which of the following BEST describes the attack?
A) Phishing
B) Cache poisoning
C) Data exfiltration
D) Pharming
2. Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).(Select 2answers)
A) To avoid conflicts with real intrusions that may occur
B) To ensure tests have measurable impact to operations
C) To mitigate unintended impacts to operations
D) To schedule personnel resources required for test activities
E) To determine frequency of team communication and reporting
3. A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents shouldinclude these details?
A) Service level agreement
B) Rules of engagement
C) Master service agreement
D) Memorandum of understanding
E) Acceptable use policy
4. The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that supportthem. Which of the following meets the criteria?
A) PHP
B) Ajax
C) SANS
D) OWASP
5. Law enforcement has contacted a corporations legal counsel because correlated data from a breach shows the organization as the common denominator from allindicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on socialmedia. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure ofinformation about the breach?
A) Have law enforcement meet with employees.
B) Request all employees verbally commit to an NDA about the breach.
C) Perform security awareness training about incident communication.
D) Temporarily disable employee access to social media
A) Phishing
B) Cache poisoning
C) Data exfiltration
D) Pharming
2. Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).(Select 2answers)
A) To avoid conflicts with real intrusions that may occur
B) To ensure tests have measurable impact to operations
C) To mitigate unintended impacts to operations
D) To schedule personnel resources required for test activities
E) To determine frequency of team communication and reporting
3. A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents shouldinclude these details?
A) Service level agreement
B) Rules of engagement
C) Master service agreement
D) Memorandum of understanding
E) Acceptable use policy
4. The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that supportthem. Which of the following meets the criteria?
A) PHP
B) Ajax
C) SANS
D) OWASP
5. Law enforcement has contacted a corporations legal counsel because correlated data from a breach shows the organization as the common denominator from allindicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on socialmedia. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure ofinformation about the breach?
A) Have law enforcement meet with employees.
B) Request all employees verbally commit to an NDA about the breach.
C) Perform security awareness training about incident communication.
D) Temporarily disable employee access to social media
1. Right Answer: C
Explanation:
2. Right Answer: C,D
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: D
Explanation: Reference: https://www.synopsys.com/software-integrity/resources/knowledge-database/owasp-top-10.html
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: C,D
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: D
Explanation: Reference: https://www.synopsys.com/software-integrity/resources/knowledge-database/owasp-top-10.html
5. Right Answer: C
Explanation:
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
