CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities.Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier toimplement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve managements objective?
A) (CVSS Score) / Difficulty = PriorityWhere Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement
B) (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement
C) (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement
D) ((CVSS Score) * 2) / Difficulty = PriorityWhere CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement
2. A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and theinternal perimeter of the environment. During which of the following processes is this type of information normally gathered?
A) Enumeration
B) Scoping
C) Timing
D) Authorization
3. A cybersecurity analyst was hired to resolve a security issue within a company after it was reported that many employee account passwords had beencompromised. Upon investigating the incident, the cybersecurity analyst found that a brute force attack was launched against the company.Which of the following remediation actions should the cybersecurity analyst recommend to senior management to address these security issues?
A) Deploy multifactor authentication.
B) Prohibit password reuse using a GPO.
C) Require security awareness training.
D) Implement DLP solution.
4. A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?
A) Notify the Chief Privacy Officer (CPO)
B) Put an ACL on the gateway router
C) Contact the Office of Civil Rights (OCR) to report the breach
D) Activate the incident response plan
5. A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be theBEST action for the cybersecurity analyst to perform?
A) Inform management of the incident.
B) Continue monitoring critical systems.
C) Inform users regarding the affected systems.
D) Shut down all server interfaces.
A) (CVSS Score) / Difficulty = PriorityWhere Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement
B) (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement
C) (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement
D) ((CVSS Score) * 2) / Difficulty = PriorityWhere CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement
2. A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and theinternal perimeter of the environment. During which of the following processes is this type of information normally gathered?
A) Enumeration
B) Scoping
C) Timing
D) Authorization
3. A cybersecurity analyst was hired to resolve a security issue within a company after it was reported that many employee account passwords had beencompromised. Upon investigating the incident, the cybersecurity analyst found that a brute force attack was launched against the company.Which of the following remediation actions should the cybersecurity analyst recommend to senior management to address these security issues?
A) Deploy multifactor authentication.
B) Prohibit password reuse using a GPO.
C) Require security awareness training.
D) Implement DLP solution.
4. A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?
A) Notify the Chief Privacy Officer (CPO)
B) Put an ACL on the gateway router
C) Contact the Office of Civil Rights (OCR) to report the breach
D) Activate the incident response plan
5. A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be theBEST action for the cybersecurity analyst to perform?
A) Inform management of the incident.
B) Continue monitoring critical systems.
C) Inform users regarding the affected systems.
D) Shut down all server interfaces.
1. Right Answer: A
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: A
Explanation:
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
