Which one of the following objectives is not one of the three main objectives that
information security professionals must achieve to protect their organizations against
cybersecurity threats? Correct answer- nonrepudiation
Tommy is assessing the security database servers in his datacenter and r...
which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizat
Written for
CySA
All documents for this subject (480)
Seller
Follow
EvaTee
Reviews received
Content preview
CySA Exam
Which one of the following objectives is not one of the three main objectives that
information security professionals must achieve to protect their organizations against
cybersecurity threats? Correct answer- nonrepudiation
Tommy is assessing the security database servers in his datacenter and realizes that
one of them is missing a critical Oracle security patch. What type of situation has
Tommy detected? Correct answer- vulnerability
Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he
chooses to follow the standard process proposed by NIST, which one of the following
steps would come first? Correct answer- Identify threats
Cindy is conducting a cybersecurity risk assessment and is considering the impact that
a failure of her city's power grid might have on the organization. What type of threat is
she considering? Correct answer- environmental
Which one of the following categories of threat requires that cybersecurity analysts
consider the capability, intent and targeting of the threat source? Correct answer-
adversarial
Vincent is responding to a security incident that compromised one of his organization's
web servers. He does not believe that the attackers modified or stole any information,
but they did disrupt access to the organization's website. What cybersecurity objective
did this attack violate? Correct answer- availability
Which one of the following is an example of an operational security control? Correct
answer- penetration tests
Encryption software, network firewalls, and antivirus software are all examples of
_________________ security controls. Correct answer- technical
Paul recently completed a risk assessment and determined that his network was
vulnerable to hackers connecting to open ports on servers. He implemented a network
firewall to reduce the likelihood of a successful attack. What risk management strategy
did Paul choose to pursue? Correct answer- risk mitigation
Robert's organization has a BYOD policy, and he would like to ensure that devices
connected to the network under this policy have current antivirus software. What
technology can best assist him with this goal? Correct answer- network access control
,When performing 802.1x authentication, what protocol does the authenticator use to
communicate with the authentication server? Correct answer- RADIUS
Juan is configuring a new device that will join his organization's wireless network. The
wireless network uses 802.1x authentication. What type of agent must be running on
the device for it to join this network? Correct answer- 802.1x supplicant
Rick is preparing a firewall rule that will allow network traffic from external systems to a
web server running the HTTPS protocol. What TCP port must he allow to pass through
the firewall? Correct answer- 443
What type of firewall provides the greatest degree of contextual information and can
include information about users and applications in its decision-making process?
Correct answer- Next Generation Firewalls
Wayne is configuring a jump box server that system administrators will connect to from
their laptops. Which port should definitely not be open on the jump box? Correct
answer- 23
Tom would like to deploy consistent security settings to all of his Windows settings
simultaneously. What technology can he use to achieve this goal? Correct answer-
group policy object
During what phase of a penetration test should the testers obtain written authorization to
conduct the test? Correct answer- planning
Which step occurs first during the attack phase of a penetration test? Correct answer-
gaining access
Barry is participating in a cybersecurity wargame exercise. His role is to attempt to
break into adversary systems. What team is he on? Correct answer- red
Which one of the following techniques might be used to automatically detect and block
malicious software that does not match known malware signatures? Correct answer-
sandboxing
Kevin would like to implement a specialized firewall that can protect against SQL
injection, cross-site scripting, and similar attacks. What technology should he choose?
Correct answer- WAF
What method is used to replicate DNS information for DNS servers but is also a
tempting exploit target for attackers? Correct answer- zone transfers
____________ is a suite of DNS security specifications. Correct answer- DNSSEC
What flag does nmap use to enable operating system identification? Correct answer- -o
,What command line tool can be used to determine the path that traffic takes to a remote
system? Correct answer- traceroute
Traceroute is a command-line tool that uses __________ to trace the route that a
packet takes to a host. Correct answer- ICMP
What type of data can frequently be gathered from images taken on smartphones?
Correct answer- EXIF
EXIF or Exchangeable Image Format data often includes ________________, allowing
the images to be mapped and identified to a specific device or type of camera. Correct
answer- location and camera data
Which Cisco log level is the most critical? Correct answer- 0
Which Cisco log level is used for debugging information and is at the bottom of the
scale? Correct answer- 7
During passive intelligence gathering, you are able to run netstat on a workstation
located at your target's headquarters. What information would you not be able to find
using netstat on a Windows system? Correct answer- Active IPX connections
Active TCP connections and the executables that are associated with them, and route
table information are all available via ____________. Correct answer- Netstat
Which type of Windows log is most likely to contain information about a file being
deleted? Correct answer- security logs
What organization manages the global IP address space? Correct answer- IANA
Before Ben sends a Word document, he uses the built-in Document Inspector to verify
that the file does not contain hidden content. What is this process called? Correct
answer- metadata purging
What type of analysis is best suited to identify a previously unknown malware package
operating on a compromised system? Correct answer- heuristic analysis
Which of the following is not a common DNS anti-harvesting technique? Correct
answer- registering manually
CAPTCHAs, rate limiting, and blacklisting systems or networks that are gathering data
are all common ___________ techniques. Correct answer- anti-DNS harvesting
The __________ flag indicates a zone transfer in both the dig and host utilities. Correct
answer- axfr
, Which of the following is not a reason that penetration testers often perform packet
capture while conducting port and vulnerability scanning? Correct answer- plausible
deniability
A ____________ is often used to document work, including the time that a given scan
or process occurred, and it can also be used to provide additional data for further
analysis. Correct answer- packet capture
What process uses information such as the way that a system's TCP stack responds to
queries, what TCP options it supports, and the initial window size it uses? Correct
answer- OS detection
What tool would you use to capture IP traffic information to provide flow and volume
information about a network? Correct answer- netflow
__________ provides information about local connections, which applications have
made them, and other useful local system information. Correct answer- netstat
What method used to replicate DNS information between DNS servers can also be
used to gather large amounts of information about an organization's systems? Correct
answer- zone transfer
Selah believes that an organization she is penetration testing may have exposed
information about their systems on their website in the past. What site might help her
find an older copy of their website? Correct answer- The Internet Archive
During an information gathering exercise, Chris is asked to find out detailed personal
information about his target's employees. What is frequently the best place to find this
information? Correct answer- social media
Which lookup tool provides information about a domain's registrar and physical
location? Correct answer- Whois
____________ will provide IP address or hostname information. Correct answer-
nslookup
__________ will provide IPv4 and IPv6 information as well as email service information.
Correct answer- host
___________ attempts to identify the path to a remote host as well as the systems
along the route. Correct answer- traceroute
What federal law requires the use of vulnerability scanning on information systems
operated by federal government agencies? Correct answer- FISMA
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EvaTee. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
