CYSA EXAM 2023 QUESTIONS AND VERIFIED CORRECT ANSWERS
5 views 0 purchase
Course
CYSA
Institution
CYSA
CYSA EXAM 2023
QUESTIONS AND
VERIFIED CORRECT
ANSWERS
The IT team reports the EDR software that is installed on laptops is using a large
amount of resources. Which of the following changes should a security analyst make to
the EDR to BEST improve performance without compromising security...
CYSA EXAM 2023 QUESTIONS AND VERIFIED CORRECT ANSWERS The IT team reports the EDR software that is installed on laptops is using a large amount of resources. Which of the following changes should a security analyst make to the EDR to BEST improve performance without compromising security? A. Quarantine the in fected systems. B. Disable on -access scanning. C. Whitelist known -good applications. D. Sandbox unsigned applications. - ANSWER Whitelist known -good applications A security analyst is reviewing the following requirements for new time clocks that will be installed in a shipping warehouse:The clocks must be configured so they do not respond to ARP broadcasts.The server must be configured with static ARP entries for each clock.Which of the following types of attacks will this configuration mitigate? A. Spoofing B. Overflows C. Rootkits D. Sniffing - ANSWER Spoofing Which of the following sources would a security analyst rely on to provide relevant and timely threat i nformation concerning the financial services industry? A. Real -time and automated firewall rules subscriptions B. Open -source intelligence, such as social media and blogs C. Information sharing and analysis memberships D. Common vulnerability and exposure bulletins - ANSWER Information sharing and analysis An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident? A. Pause the v irtual machine. B. Shut down the virtual machine. C. Take a snapshot of the virtual machine. D. Remove the NIC from the virtual machine. - ANSWER Take a snapshot of the virtual machine. As part of an organization's information security governance process , a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropria tely aware of changes to the policies? A. Conduct a risk assessment based on the controls defined in the newly revised policies. B. Require all employees to attend updated security awareness training and sign an acknowledgement. C. Post the policies on the organization's intranet and provide copies of any revised policies to all active vendors. D. Distribute revised copies of policies to employees and obtain a signed acknowledgement from them - ANSWER Require all employees to attend updated security awaren ess training and sign an acknowledgement. An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use? A. Tcpdump -X dst port 21 B. ftp ftp.server -p 21 C. nmap -o ftp.server -p 21 D. telnet ftp.server 21 - ANSWER Tcpdump -X dst port 21 Employees of a large financial company are continuously being infected by strands of malware that are not detected by EDR tools. Which of the following is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites? A. MFA on the workstations B. Additional host firewall rules C. VDI environment D. Hard drive encryption E. Network access control F. Network segmentation - ANSWER VDI environment While reviewing a packet capture. a security analys t discovers a recent attack used specific ports communicating across non -standard ports and exchanged a particular set of files. In addition, forensics determines the files contain malware and have a specific callback domain within the files. The MOST appr opriate action to take in this situation would be to implement a change request for an IPS: A. to block the callback domain and another signature hash to block the files B. behavioral signature and update the blacklisting on the domain C. rule to block the non-standard ports and update the blacklisting of the callback domain D. signature for the callback domain and update the firewall settings to block the non -
standard ports - ANSWER rule to block the non -standard ports and update the blacklisting of the c allback domain During a review of the vulnerability scan results on a server. an information security analyst notices the following:The MOST appropriate action for the analyst to recommend to developers is to charge the web server so: A. It only accepts T LSv1.2 B. It only accepts ciphers suites using AES and SHA C. It no longer accepts the vulnerable cipher suites D. SSL/TLS is offloaded to a WAF and load balancer - ANSWER It no longer accepts the vulnerable cipher suites As part of a merger with another organization, a Chief Information Security Manager (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privac y. Based on the CISO's concerns, the assessor will MOST likely focus on: A. qualitative probabilities B. quantitative probabilities C. qualitative magnitude D. quantitative magnitude - ANSWER quantitative magnitude concerned developers have too much visi bility into customer data. Which of the following controls should be implemented to BEST address these concerns? A. Data masking B. Data loss prevention C. Data minimization D. Data sovereignty - ANSWER Data masking Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity? A. Reverse engineering B. Application log collections C. Workflow or orchestration D. API integration E. Scripting - ANSWER API integration A security analyst is investigating an incident that appears that appears to have started with SQL injection against a publicly available web application. Which of the following is the FIRST step the analyst should take to prevent future atta cks? A. Modify the IDS rules to have a signature for SQL injection. B. Take the server offline to prevent continue SQL injection. C. Create a WAF rule in block mode for SQL injection. D. Ask the developers to implement parameterized SQL queries. - ANSWER Ask the developers to implement parameterized SQL queries.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller STUDENTSCORE. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
