CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents shouldinclude these details?
A) Acceptable use policy
B) Rules of engagement
C) Service level agreement
D) Master service agreement
E) Memorandum of understanding
2. The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analystnotices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adversereactions, server functionality does not seem to be affected, and no malware was found after a scan.Which of the following actions should the analyst take?
A) Monitor the web application service for abnormal bandwidth consumption.
B) Monitor the web application for service interruptions caused from the patching.
C) Reschedule the automated patching to occur during business hours.
D) Create an incident ticket for anomalous activity.
3. Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?
A) The organizations mobile devices
B) The organizations VPN
C) The organizations virtual infrastructure
D) The organizations physical routers
4. A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connectionsutilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of thefollowing threats has the security analyst uncovered?
A) APT
B) Ransomware
C) Software vulnerability
D) DDoS
5. A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution toaddress the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of thefollowing is the MOST important security control for the manager to invest in to protect the facility?
A) Install the agent for a week on a test system and monitor the activities.
B) Require that the solution provider make the agent source code available for analysis.
C) Run a penetration test on the installed agent.
D) Require through guides for administrator and users.
A) Acceptable use policy
B) Rules of engagement
C) Service level agreement
D) Master service agreement
E) Memorandum of understanding
2. The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analystnotices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adversereactions, server functionality does not seem to be affected, and no malware was found after a scan.Which of the following actions should the analyst take?
A) Monitor the web application service for abnormal bandwidth consumption.
B) Monitor the web application for service interruptions caused from the patching.
C) Reschedule the automated patching to occur during business hours.
D) Create an incident ticket for anomalous activity.
3. Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?
A) The organizations mobile devices
B) The organizations VPN
C) The organizations virtual infrastructure
D) The organizations physical routers
4. A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connectionsutilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of thefollowing threats has the security analyst uncovered?
A) APT
B) Ransomware
C) Software vulnerability
D) DDoS
5. A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution toaddress the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of thefollowing is the MOST important security control for the manager to invest in to protect the facility?
A) Install the agent for a week on a test system and monitor the activities.
B) Require that the solution provider make the agent source code available for analysis.
C) Run a penetration test on the installed agent.
D) Require through guides for administrator and users.
1. Right Answer: B
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
