CYSA EXAM TEST 2023
LATEST UPDATE
Q1
A Chief Information Security Officer (CISO) is concerned developers have too much
visibility into customer data. Which of the following controls should be implemented to
BEST address these concerns?
A. Data masking
B. Data loss prevention
C. Data mini...
CYSA EXAM TEST 2023 LATEST UPDATE Q1 A Chief Information Security Officer (CI SO) is concerned developers have too much visibility into customer data. Which of the following controls should be implemented to BEST address these concerns? A. Data masking B. Data loss prevention C. Data minimization D. Data sovereignty - ANSWER A 2 A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activi ties. Which of the following would be BEST to implement to alleviate the CISO's concern? 2 A. DLP B. Encryption C. Test data D. NDA - ANSWER A 3 A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats. Which of the following is the MOST proactive tool or technique tha t feeds incident response capabilities? 2 A. Development of a hypothesis as part of threat hunting B. Log correlation, monitoring, and automated reporting through a SIEM platform C. Continuous compliance monitoring using SCAP dashboards D. Quarterly vulne rability scanning using credentialed scans - ANSWER A 4 A company recently experienced a break -in, whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this typ e of theft from occurring in the future? A. Motion detection B. Perimeter fencing (hàng rào theo chu vi=> bao bọc bên ngoài cty) C. Monitored security cameras D. Badged entry - ANSWER D 5 A company wants to establish a threat -hunting team. Which of the following BEST describes the rationale for integrating intelligence into hunt operation? A. It enables the learn to prioritize the focus areas and tactics within the company's environment. B. It provides criticality analyses for key enterprise servers and services. C. It allows analysts to receive routine updates on newly discovered software vulnerabilities. D. It supports rapid response and recovery during and following an incident. - ANSWER A 6 A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT. Which of the following threat modelling methodologies would be the MOST appropriate to use during this analysis? 2 A. Attack v ectors B. Adversary capability C. Diamond Model of Intrusion Analysis D. Kill chain E. Total attack surface - ANSWER B 7 A company's incident response team is handling a threat that was identified on the network. Security analysts have determined a web s erver is making multiple connections from TCP port 445 outbound to servers inside its subnet as well as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan? A. Quarantine the web server (cách ly máy chủ) . B. Deploy virtual firewalls (triển khai tường lửa ảo hóa). C. Capture a forensic image of the memory and disk. D. Enable web server containerization. - ANSWER A 8 A company's marketing emails are either being found in a spam folder or not being deliver ed at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third part, mail.marketingpartners.com. Below is the existing SPF record: V=spfl a mx -all Which of the following updat es to the SPF record will work BEST to prevent the emails from being marked as spam or blocked? A. v=spfl a mx redirect:mail.marketingpartners.com ?all B. v=spfl a mx include:mail.marketingpartners.com -all C. v=spfl a mx +all D. v=spfl a mx include:mail. marketingpartners.com ~all - ANSWER D 9 A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Select TWO). 2 A. Executing vendor compliance assessments against the o rganization's security controls B. Executing NDAs prior to sharing critical data with third parties C. Soliciting third -party audit reports on an annual basis D. Maintaining and reviewing the organization risk assessment on a quarterly basis E. Completing a business impact assessment for all critical service providers F. Utilizing DLP capabilities at both the endpoint and perimeter levels - ANSWER A E 10 A critical server was compromised by malware, and all functionality was lost. Backups of the server we re taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly? A. Work backward, restoring each backup until the server is clean. B. Resto re the previous backup and scan with a live boot anti -malware scanner. C. Stand up a new server and restore critical data from backups. D. Offload the critical data to a new server and continue operations. - ANSWER C 11 A custom script currently monitors real-time logs of a SAML authentication servicer to mitigate brut -force attacks. Which of the following is a concern when moving authentication to a cloud service? A. Logs may contain incorrect information. B. SAML logging is not supported for cloud -base d authentication. C. Access to logs may be delayed for some time. D. Log data may be visible to other customers. - ANSWER D 12 A cyber -incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the followi ng is the FIRST step the analyst should take? A. Create a full disk image of the server's hard drive to look for the file containing the malware. B. Run a manual antivirus scan on the machine to look for known malicious software. C. Take a memory snapshot of the machine to capture volatile information stored in memory. D. Start packet capturing to look for traffic that could be indicative of command and control from the miner. - ANSWER D 13 A cybersecurity analyst has access to s everal threat feeds and wants to organize them while simultaneously comparing intelligence against network traffic. Which of the following would BEST accomplish this goal? 2 A. Continuous integration and deployment B. Automation and orchestration C. Stati c and dynamic analysis D. Information sharing and analysis - ANSWER B ThreatConnect for Automation & Orchestration. Reduce workload and make better security and business decisions with ThreatConnect's intelligence -driven automation and orchestration. Ach ieve faster, smarter, and repeatable processes with easily accessible intelligence and customizable workflows in one platform. 14 A cybersecurity analyst in investigating a potential incident multiple systems on a company's internal network. Although ther e is a negligible impact to performance, the following systemoms are present on each of the affected systems: Existence of a new and unexpected svchost.exe process Persistent, outbound TCP/IP connections to an unknown external host with routine keep - alives transferred DNS query logs showing successful name resolution for an Internet - resident dynamic DNS domain .If this situation remains unresolved, which of the following will MOST likely occur? A. The affected hosts may participate in a coordinated DDoS attack upon command B. An adversary may leverage the affected hosts to reconfigure the company's router ACLs.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TheExamMaestro. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
