CySA+ Concepts

Question 1

Answer 1

Question 2

Answer 2

Question 3

Answer 3

Question 4

Answer 4

Question 5

Answer 5

Question 6

Answer 6

Question 7

Answer 7

Question 8

Answer 8

Question 9

Answer 9

Question 10

Answer 10

Question 11

Answer 11

Question 12

Answer 12

Question 13

Answer 13

Question 14

Answer 14

Question 15

Answer 15

Question 16

Answer 16

Question 17

Answer 17

Question 18

Answer 18

Question 19

Answer 19

The “redirect” domain acts as a pointer to another domain. As soon as you access a web page on the redirect domain, the URL in your browser changes to the domain to which you are being redirected. There many times when there are reports of users receiving phishing emails which contain links that redirect to a fake login page after successful authentication; you should mitigate this vulnerability by ensuring that the redirection domains are properly configured

Question 20

Answer 20

Question 21

Answer 21

An example of risk acceptance is when a device is discovered, which has an OS that will no longer be maintain or updated for the foreseeable future. A risk-based policy decision is made by the security committee prior to the end of life of a critical device to review and reinforce the vendor upgrade.

Question 22

Answer 22

Question 23

Answer 23

When updating infrastructure in phases (monthly upgrades of the infrastructure, biweekly upgrades of the workstations) the best way to manage company-wide changes is to perform a monthly topology scan, a biweekly host discovery scan, and a monthly vulnerabilities scan.

Question 24

Answer 24

Among the options for validating and input on incoming web forms, server-side whitelisting is the most secure and manageable. And example of server-side whitelisting is accepting only known good input. Before excepting input for further processing, it may be necessary to validate that it matches the expected type, length, or size, numeric range, or other format standards

Question 25

Answer 25

Question 26

Answer 26

To verify whether the scan device meets security policies, “unauthenticated” vulnerability scans would be the ideal vulnerability scan in system hardening. A vulnerability exploration process is performed without logging in as an authorized user on a network or networked system. An unauthentified vulnerability scan, a system is inspected from the outside, in order to assess its security from an outsider perspective.

Question 27

Answer 27

In the case of EDR tools failing to detect malware, virtual desktop infrastructure (VDI) is the most effective security control that can be implemented when EDR tools failed to detect malware, creating a risk to the organization and its employees. Moreover, employees are able to exchange files without fear of malware at client sites.