CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. A software patch has been released to remove vulnerabilities from companys software. A security analyst has been tasked with testing the software to ensure thevulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT?
A) Fuzzing
B) User acceptance testing
C) Regression testing
D) Penetration testing
2. An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kalis latestdistribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of thefollowing techniques did the analyst use to perform these unauthorized activities?
A) Input injection
B) Directory traversal
C) Privilege escalation
D) Impersonation
3. Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).(Select 2answers)
A) Payment terms
B) Schedule
C) Authorization
D) Business justification
E) List of system administrators
4. A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?
A) A website using a self-signed SSL certificate.
B) An HTTP response that reveals an internal IP address.
C) A buffer overflow that allows remote code execution.
D) A cipher that is known to be cryptographically weak.
5. A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as rootand browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following securityarchitecture areas should the administrator recommend review and modification? (Select TWO).(Select 2answers)
A) Password complexity
B) Software assurance
C) Log aggregation and analysis
D) Acceptable use policies
E) Network isolation and separation
F) Encryption
A) Fuzzing
B) User acceptance testing
C) Regression testing
D) Penetration testing
2. An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kalis latestdistribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of thefollowing techniques did the analyst use to perform these unauthorized activities?
A) Input injection
B) Directory traversal
C) Privilege escalation
D) Impersonation
3. Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).(Select 2answers)
A) Payment terms
B) Schedule
C) Authorization
D) Business justification
E) List of system administrators
4. A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?
A) A website using a self-signed SSL certificate.
B) An HTTP response that reveals an internal IP address.
C) A buffer overflow that allows remote code execution.
D) A cipher that is known to be cryptographically weak.
5. A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as rootand browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following securityarchitecture areas should the administrator recommend review and modification? (Select TWO).(Select 2answers)
A) Password complexity
B) Software assurance
C) Log aggregation and analysis
D) Acceptable use policies
E) Network isolation and separation
F) Encryption
1. Right Answer: C
Explanation: Reference: https://en.wikipedia.org/wiki/Regression_testing
2. Right Answer: B
Explanation:
3. Right Answer: B,C
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: C,D
Explanation:
Explanation: Reference: https://en.wikipedia.org/wiki/Regression_testing
2. Right Answer: B
Explanation:
3. Right Answer: B,C
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: C,D
Explanation:
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
