CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
ComptiA CySA+ 2023 Questions and answer - Part 47
1. The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scanreports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should thecybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?
A) Use Wireshark to export a list
B) Execute the ver command
C) Use credentialed configuration
D) Execute the nmap p command
2. A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kitwith tools to support chip-off analysis. Which of the following tools would BEST meet this requirement?
A) Last-level cache readers
B) Write-blockers
C) ZIF adapters
D) JTAG adapters
3. A system administrator recently deployed and verified the installation of a critical patch issued by the companys primary OS vendor. This patch was supposed toremedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerabilityassessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?
A) The vulnerability assessment returned false positives.
B) The patch did not remediate the vulnerability.
C) The administrator entered the wrong IP range for the assessment.
D) The administrator did not wait long enough after applying the patch to run the assessment.
4. Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendorpatch schedules and the organizations application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerabilityscan?
A) False positives identified in production
B) A vendor releases a critical patch update
C) Newly discovered PII on a server
D) A critical bug fix in the organizations application
5. A security analyst is concerned that unauthorized users can access confidential data stored in the production server environment. All workstations on a particularnetwork segment have full access to any server in production. Which of the following should be deployed in the production environment to prevent unauthorizedaccess? (Choose two.)(Select 2answers)
A) DLP system
B) Jump box
C) Firewall
D) Honeypot
E) IPS
A) Use Wireshark to export a list
B) Execute the ver command
C) Use credentialed configuration
D) Execute the nmap p command
2. A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kitwith tools to support chip-off analysis. Which of the following tools would BEST meet this requirement?
A) Last-level cache readers
B) Write-blockers
C) ZIF adapters
D) JTAG adapters
3. A system administrator recently deployed and verified the installation of a critical patch issued by the companys primary OS vendor. This patch was supposed toremedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerabilityassessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?
A) The vulnerability assessment returned false positives.
B) The patch did not remediate the vulnerability.
C) The administrator entered the wrong IP range for the assessment.
D) The administrator did not wait long enough after applying the patch to run the assessment.
4. Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendorpatch schedules and the organizations application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerabilityscan?
A) False positives identified in production
B) A vendor releases a critical patch update
C) Newly discovered PII on a server
D) A critical bug fix in the organizations application
5. A security analyst is concerned that unauthorized users can access confidential data stored in the production server environment. All workstations on a particularnetwork segment have full access to any server in production. Which of the following should be deployed in the production environment to prevent unauthorizedaccess? (Choose two.)(Select 2answers)
A) DLP system
B) Jump box
C) Firewall
D) Honeypot
E) IPS
1. Right Answer: B
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: B,C
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: B,C
Explanation:
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment