ComptiA CySA+ 2023 Questions and answer - Part 25
1. An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing theresults. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of thefollowing would be an indicator of a likely false positive?
A) Reports show the scanner compliance plug-in is out-of-date.
B) Any items labeled low are considered informational only.
C) HTTPS entries indicate the web page is encrypted securely.
D) The scan result version is different from the automated asset inventory.
2. A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?
A) Polymorphic malware and secure code analysis
B) Ransomware and encryption
C) APT and behavioral analysis
D) Insider threat and indicator analysis
3. Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization'sworkstation devices?
A) Remove local administrator privileges.
B) Install a secondary virus protection application.
C) Enforce a system state recovery after each device reboot.
D) Configure a BIOS-level password on the device.
4. Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).(Select 2answers)
A) To determine frequency of team communication and reporting
B) To ensure tests have measurable impact to operations
C) To schedule personnel resources required for test activities
D) To avoid conflicts with real intrusions that may occur
E) To mitigate unintended impacts to operations
5. A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means tolimit the risks related to the application?
A) A compensating control
B) Encrypting authentication traffic
C) Creating new account management procedures
D) Altering the password policy
A) Reports show the scanner compliance plug-in is out-of-date.
B) Any items labeled low are considered informational only.
C) HTTPS entries indicate the web page is encrypted securely.
D) The scan result version is different from the automated asset inventory.
2. A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?
A) Polymorphic malware and secure code analysis
B) Ransomware and encryption
C) APT and behavioral analysis
D) Insider threat and indicator analysis
3. Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization'sworkstation devices?
A) Remove local administrator privileges.
B) Install a secondary virus protection application.
C) Enforce a system state recovery after each device reboot.
D) Configure a BIOS-level password on the device.
4. Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).(Select 2answers)
A) To determine frequency of team communication and reporting
B) To ensure tests have measurable impact to operations
C) To schedule personnel resources required for test activities
D) To avoid conflicts with real intrusions that may occur
E) To mitigate unintended impacts to operations
5. A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means tolimit the risks related to the application?
A) A compensating control
B) Encrypting authentication traffic
C) Creating new account management procedures
D) Altering the password policy
1. Right Answer: B
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: C,E
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: C,E
Explanation:
5. Right Answer: B
Explanation:
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
