CySA+ 100

Question 1

What are the three key objectives of information security?

Answer 1

Confidentiality, integrity, and availability (CIA)

Question 2

Risk exists at the intersection of _______ and _________.

Answer 2

Threats and vulnerabilities.

Question 3

What is the overall risk rating for a risk that has medium likelihood and high impact?

Answer 3

High

Question 4

What type of system controls access to a network based on criteria such as time of day, location, device type, and system health?

Answer 4

Network access control (NAC)

Question 5

What are the three networks typically connected to a triple-homed firewall?

Answer 5

The Internet, an internal network, and a DMZ

Question 6

What is the TCP port for the HTTP protocol?

Answer 6

80

Question 7

What is the TCP port for the HTTPS protocol?

Answer 7

443

Question 8

What are the four types of firewalls?

Answer 8

Packet filters, stateful inspection firewalls, next-generation firewalls, and web application firewalls.

Question 9

______ may be used to apply settings to many different Windows systems at the same time.

Answer 9

Group Policy Objects (GPOs)

Question 10

What are the four phases of penetration testing?

Answer 10

Planning, Discovery, Attack, and Reporting

Question 11

What type of software can you use to enumerate the services that are accepting network connections on a remote system without probing that system for vulnerabilities?

Answer 11

Port scanner

Question 12

What is the range of well-known ports?

Answer 12

0–1023

Question 13

What is the range of registered ports?

Answer 13

1024–49151

Question 14

What is the most commonly used port scanner?

Answer 14

nmap

Question 15

What Cisco logging level indicates a critical event?

Answer 15

2

Question 16

What service is responsible for resolving domain names to IP addresses?

Answer 16

DNS

Question 17

What tool can be used to determine the path between two systems over the Internet?

Answer 17

Traceroute or tracert, depending on the operating system

Question 18

What service allows you to look up the registered owner of a domain name?

Answer 18

whois

Question 19

What type of data analysis looks for differences from expected behaviors?

Answer 19

Anomaly analysis

Question 20

What type of data analysis predicts threats based on existing data?

Answer 20

Trend analysis

Question 21

What regulation requires vulnerability scans for organizations involved in credit card processing?

Answer 21

PCI DSS

Question 22

What regulation requires vulnerability scanning for federal government agencies?

Answer 22

FISMA

Question 23

What type of vulnerability scan leverages read-only access to the scan target?

Answer 23

Credentialed scan

Question 24

What term is used to describe an organization’s willingness to tolerate risk?

Answer 24

Risk appetite

Question 25

What type of account should be used to perform credentialed vulnerability scans?

Answer 25

Read-only account

Question 26

What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS?

Answer 26

Vulnerability scanning

Question 27

What is the purpose of Nikto and Acunetix?

Answer 27

Web application scanning

Question 28

What criteria should be used in prioritizing the remediation of vulnerabilities?

Answer 28

Criticality, difficulty, severity, and exposure

Question 29

What industry-standard system is used to assess the severity of security vulnerabilities?

Answer 29

CVSS

Question 30

What are the CVSS score ranges?

Answer 30

Under 4.0 is low, 4.0–5.9 is medium, 6.0–9.9 is high, and 10.0 is critical.

Question 31

What is the term used to describe when a scanner reports a vulnerability that does not really exist?

Answer 31

False positive

Question 32

What type of vulnerability allows an attacker to place more data into an area of memory than is allocated for a specific purpose?

Answer 32

Buffer overflow

Question 33

What type of attack seeks to increase the level of access that an attacker has to a targeted system?

Answer 33

Privilege escalation

Question 34

What type of attack allows an attacker to run software of his or her choice on the targeted system?

Answer 34

Arbitrary code execution

Question 35

What is the current secure standard for providing HTTPS encryption?

Answer 35

TLS 1.2 or later

Question 36

In what type of attack does the attacker sends spoofed DNS requests to a DNS server that are carefully designed to elicit responses that are much larger in size than the original requests?

Answer 36

DNS amplification

Question 37

What term is used to describe any observable occurrence in a system or network that relates to a security function?

Answer 37

Security event

Question 38

What term is used to describe a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices?

Answer 38

Security incident

Question 39

What are the phases of incident response?

Answer 39

Preparation; Detection & Analysis; Containment, Eradication, & Recovery; and Post-Incident Activity

Question 40

What type of documents provide the detailed, tactical information that CSIRT members need when responding to an incident?

Answer 40

Procedures

Question 41

What document serves as the cornerstone of an organization’s incident response program?

Answer 41

Incident Response Policy

Question 42

What type of threat consists of highly skilled and talented attackers focused on a specific objective?

Answer 42

Advanced Persistent Threat (APT)

Question 43

What are the types of impact used to describe the scope of a security incident?

Answer 43

Functional impact, economic impact, and recoverability effort

Question 44

What are the common attack vectors for security incidents?

Answer 44

Common attack vectors for security incidents include external/removable media, attrition, the web, email, impersonation, improper usage, loss or theft of equipment, and other/unknown sources.

Question 45

What Linux command displays processes, memory utilization, and other detail about running programs?

Answer 45

top or ps

Question 46

What term is used to describe traffic sent to a command and control system by a PC that is part of a botnet?

Answer 46

Beaconing

Question 47

What Windows tool provides information on memory, CPU, and disk use?

Answer 47

Perfmon

Question 48

What protocol is used to gather information about and manage network devices?

Answer 48

SNMP

Question 49

What Linux command allows you to list the files that are open by processes on a system?

Answer 49

lsof

Question 50

What type of information is found in network flow data?

Answer 50

Flow data provides information about the source and destination IP address, protocol, and total data sent.

Question 51

What protocol is used to ensure that all security devices on a network have synchronized clocks?

Answer 51

NTP

Question 52

What tool can administrators use to determine the maximum bandwidth available on a network connection?

Answer 52

iPerf

Question 53

What is the purpose of FTK, EnCase, SIFT, and the Sleuth Kit (TSK)?

Answer 53

Forensic toolkits

Question 54

What type of device is designed to copy drives for forensic investigation, and then provide validation that the original drive and the content of the new drive match?

Answer 54

Forensic drive duplicator

Question 55

Where can forensic analysts turn to find point-in-time information from prior actions on a Windows system?

Answer 55

Volume shadow copies

Question 56

Where can forensic analysts turn to find information about logins, service start/stop events, and evidence of applications being run on a Windows system?

Answer 56

Event logs

Question 57

What Linux utility is commonly used to clone drives in RAW format?

Answer 57

dd

Question 58

What type of device can ensure that attaching a drive to a forensic copy device or workstation does not result in modifications being made to drive, thus destroying the forensic integrity of the process?

Answer 58

Write blocker

Question 59

What Linux kernel modules allow forensic access to physical memory?

Answer 59

fmem and LiME

Question 60

What tool provides a list of USB devices that have been connected to a Windows system?

Answer 60

USB Historian

Question 61

What is the first action that incident responders should take after identifying a potential incident?

Answer 61

Contain the damage

Question 62

Network segmentation, isolation, and removal of affected systems are examples of ___________ strategies

Answer 62

Containment

Question 63

Once responders have contained the damage caused by an incident they should move on to __________ and ________ steps.

Answer 63

Eradication and recovery

Question 64

At the conclusion of a cybersecurity incident response effort, CSIRT members should conduct a formal ____________ session.

Answer 64

Lessons learned

Question 65

What activities should always occur to validate an incident recovery effort?

Answer 65

Verify user accounts, verify permissions, verify logging, and conduct vulnerability scans.

Question 66

What are the three options available for the secure disposition of media containing sensitive information?

Answer 66

Clear, purge, and destroy

Question 67

What is the focus of the recovery phase of incident response?

Answer 67

Restoring normal operations

Question 68

____________ is a time-consuming investigative task that often distracts incident responders and results in dead ends.

Answer 68

Identifying the attackers

Question 69

________ are high-level statements of management intent.

Answer 69

Policies

Question 70

_______ outline what information the organization will maintain and the length of time different categories of information will be retained prior to destruction.

Answer 70

Data retention policies

Question 71

________ provide mandatory requirements describing how an organization will carry out its information security policies.

Answer 71

Standards

Question 72

__________ are detailed, step-by-step processes that individuals and organizations must follow in specific circumstances.

Answer 72

Procedures

Question 73

_________ provide best practices and recommendations related to a given concept, technology, or task.

Answer 73

Guidelines

Question 74

Many exception processes require the use of ___________________ to mitigate the risk associated with exceptions to security standards.

Answer 74

Compensating controls

Question 75

What law includes security and privacy rules for protected health information?

Answer 75

HIPAA

Question 76

What law applies to the financial records of publicly traded companies?

Answer 76

Sarbanes–Oxley

Question 77

__________ provides the same level of protection to all systems or networks.

Answer 77

Uniform protection

Question 78

What type of controls include firewalls, intrusion detection and prevention systems, network segmentation, and authentication and authorization systems?

Answer 78

Technical (or logical) controls

Question 79

What type of controls involve processes and procedures like those found in incident response plans, account creation and management, as well as awareness and training efforts?

Answer 79

Administrative (or managerial) controls

Question 80

What type of controls include locks, fences, and other controls that control or limit physical access, as well as controls like fire extinguishers that can help to prevent harm to property?

Answer 80

Physical controls

Question 81

_____________ are intended to stop an incident from occurring by taking proactive measures to stop the threat

Answer 81

Preventive controls

Question 82

A _______ is often used when services or systems need to be exposed to lower trust areas

Answer 82

DMZ

Question 83

___________ is important to ensure continuity for roles, regardless of the reason a person leaves your organization.

Answer 83

Succession planning

Question 84

What are the three types of views that can commonly be taken to review a security architecture design?

Answer 84

Operational views, technical views, and logical views

Question 85

What term is used to describe the set of claims made about an individual or account holder that are made about one party to another party?

Answer 85

Identities

Question 86

What are the three elements of the AAA framework?

Answer 86

Authentication, authorization, and accounting

Question 87

What is the purpose of TACACS+, RADIUS, and Kerberos?

Answer 87

Authentication

Question 88

What authorization standard is used by many websites to allow users to share elements of their identity or account information while authenticating via the original identity provider?

Answer 88

OAuth

Question 89

In Kerberos, what type of ticket allows complete access to the Kerberos connected systems, including creation of new tickets, account changes, and even falsification of accounts or services?

Answer 89

Ticket Granting Ticket (TGT)

Question 90

What service is the core identity store and AAA service in most Windows-centric organizations?

Answer 90

Active Directory

Question 91

__________ is the steady accrual of additional rights over time as account owners change roles, positions, or responsibilities.

Answer 91

Privilege creep

Question 92

What are the steps of the account life cycle?

Answer 92

Create account and set password; provision services; modify and maintain account; disable account; retire and deprovision account.

Question 93

What are the stages of the software development life cycle?

Answer 93

Planning, Requirements, Design, Coding, Testing, Training and Transition, Ongoing Operations and Maintenance, End-of-Life Decommissioning

Question 94

The _______ phase of the SDLC includes actual coding of the application.

Answer 94

Development

Question 95

What are the three types of system environments commonly used in organizations?

Answer 95

Development, Test, and Production

Question 96

In the _______ software development model, each phase follows sequentially and phases do not overlap.

Answer 96

Waterfall

Question 97

The _______ software development model is an iterative and incremental process.

Answer 97

Agile

Question 98

During the _______ phase of software development, security practitioners may be asked to participate in initial assessments or cost evaluations.

Answer 98

Feasibility

Question 99

____________ is a form of structured, formal code review intended to find a variety of problems during the development process.

Answer 99

Fagan inspection

Question 100

What testing technique involves sending invalid or random data to an application to test its ability to handle unexpected data?

Answer 100

Fuzz testing or fuzzing