CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. Which of the following statements that defines the data attributes within a data model, are organized to increase the cohesion of entity type?
A) Statement of Work
B) Data Normalization
C) Executive Summary
D) Methodology
2. Select the finding which is not usually discovered during Penetration Testing
A) Weak Password Complexity
B) No Multifactor Authentication
C) Risk Appetite
D) SQL Injection
3. Which of the following post-report delivery activities is focused on identifying a pattern within different types of vulnerabilities discovered in an organization-s networks during a penetration test, and the identification of broader knowledge that can be gained from the specific details of the penetration test results?
A) Engagement survey
B) Retesting
C) Debriefing/closing meeting
D) Post-engagement clean-up
4. Which of the following findings in a penetration test is the best recommended mitigation technique when encryption is at rest and in transit?
A) Passwords stored in plaintext
B) Shared local administrator credentials
C) SQL injection
D) Single-factor authentication
5. What type of finding enforces minimum password requirements and prevents users from choosing passwords found in common dictionary files?
A) Passwords stored in plaintext
B) Weak password complexity
C) Shared local administrator credentials
D) SQL injection
A) Statement of Work
B) Data Normalization
C) Executive Summary
D) Methodology
2. Select the finding which is not usually discovered during Penetration Testing
A) Weak Password Complexity
B) No Multifactor Authentication
C) Risk Appetite
D) SQL Injection
3. Which of the following post-report delivery activities is focused on identifying a pattern within different types of vulnerabilities discovered in an organization-s networks during a penetration test, and the identification of broader knowledge that can be gained from the specific details of the penetration test results?
A) Engagement survey
B) Retesting
C) Debriefing/closing meeting
D) Post-engagement clean-up
4. Which of the following findings in a penetration test is the best recommended mitigation technique when encryption is at rest and in transit?
A) Passwords stored in plaintext
B) Shared local administrator credentials
C) SQL injection
D) Single-factor authentication
5. What type of finding enforces minimum password requirements and prevents users from choosing passwords found in common dictionary files?
A) Passwords stored in plaintext
B) Weak password complexity
C) Shared local administrator credentials
D) SQL injection
1. Right Answer: B
Explanation: The concept of data normalization in which data attributes within a data model are organized to increase the cohesion of entity types.
2. Right Answer: C
Explanation: Risk appetite is not a finding that gets discovered during penetration tests because specific coverage of remediation strategies for six different findings
3. Right Answer: C
Explanation: Of the choices presented, debriefing/closing meeting is the best fit. The -closing meetingΓΒ can often take the form of an After-Action Review (AAR), where the overall timeline of the engagement is analyzed in its entirety. The goal here is to identify key lessons learned, which can be taken to the client organization and used to drive needed changes in its security program.
4. Right Answer: A
Explanation: The best recommended mitigation strategy for encryption (at rest and in transit) is the passwords being stored in plaintext. Storing passwords in plaintext weakens an organization-s security posture through both simplification of lateral movement for a theoretical adversary and the elimination of the concept of non-repudiation and verification of individuals responsible for actions under a given username.
5. Right Answer: B
Explanation: Enforcement of minimum password requirements and preventing users from choosing passwords in common dictionary files would best mitigate the discovery of weak password complexity requirements in a target system or environment.
Explanation: The concept of data normalization in which data attributes within a data model are organized to increase the cohesion of entity types.
2. Right Answer: C
Explanation: Risk appetite is not a finding that gets discovered during penetration tests because specific coverage of remediation strategies for six different findings
3. Right Answer: C
Explanation: Of the choices presented, debriefing/closing meeting is the best fit. The -closing meetingΓΒ can often take the form of an After-Action Review (AAR), where the overall timeline of the engagement is analyzed in its entirety. The goal here is to identify key lessons learned, which can be taken to the client organization and used to drive needed changes in its security program.
4. Right Answer: A
Explanation: The best recommended mitigation strategy for encryption (at rest and in transit) is the passwords being stored in plaintext. Storing passwords in plaintext weakens an organization-s security posture through both simplification of lateral movement for a theoretical adversary and the elimination of the concept of non-repudiation and verification of individuals responsible for actions under a given username.
5. Right Answer: B
Explanation: Enforcement of minimum password requirements and preventing users from choosing passwords in common dictionary files would best mitigate the discovery of weak password complexity requirements in a target system or environment.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
