CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. Which of the following principles describes how a security analyst should communicate during an incident?
A) The communication should be limited to management only.
B) The communication should be limited to security staff only.
C) The communication should come from law enforcement.
D) The communication should be limited to trusted parties only.
2. An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. Theincident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent thesame attack from occurring in the future?
A) Install and configure NAC services to allow only authorized devices to connect to the network.
B) Implement a separate logical network segment for management interfaces.
C) Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.
D) Remove and replace the managed switch with an unmanaged one.
3. A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate webserver. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the webserver. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BESTdescribes the type of threat being used?
A) XSS
B) APT
C) Man-in-the-middle attack
D) Zero-day attack
4. During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into awebform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?
A) Input validation
B) Application fuzzing
C) Peer review code
D) Static code analysis
5. A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphoneor other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile dataprotection efforts and the business requirements described in this scenario?
A) Develop a minimum security baseline while restricting the type of data that can be accessed.
B) Deploy a kiosk for synchronizing while using an access list of approved users.
C) Implement a wireless network configured for mobile device access and monitored by sensors.
D) Implement a single computer configured with USB access and monitored by sensors.
A) The communication should be limited to management only.
B) The communication should be limited to security staff only.
C) The communication should come from law enforcement.
D) The communication should be limited to trusted parties only.
2. An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. Theincident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent thesame attack from occurring in the future?
A) Install and configure NAC services to allow only authorized devices to connect to the network.
B) Implement a separate logical network segment for management interfaces.
C) Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.
D) Remove and replace the managed switch with an unmanaged one.
3. A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate webserver. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the webserver. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BESTdescribes the type of threat being used?
A) XSS
B) APT
C) Man-in-the-middle attack
D) Zero-day attack
4. During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into awebform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?
A) Input validation
B) Application fuzzing
C) Peer review code
D) Static code analysis
5. A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphoneor other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile dataprotection efforts and the business requirements described in this scenario?
A) Develop a minimum security baseline while restricting the type of data that can be accessed.
B) Deploy a kiosk for synchronizing while using an access list of approved users.
C) Implement a wireless network configured for mobile device access and monitored by sensors.
D) Implement a single computer configured with USB access and monitored by sensors.
1. Right Answer: D
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: C
Explanation:
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
