CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
ComptiA CySA+ 2023 Questions and answer - Part 57
1. While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor maynot use offensive software during the audit. This is an example of:
A) organizational control.
B) rules of engagement.
C) risk appetite
D) service-level agreement.
2. A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connectionsutilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of thefollowing threats has the security analyst uncovered?
A) Software vulnerability
B) APT
C) DDoS
D) Ransomware
3. An investigation showed a worm was introduced from an engineers laptop. It was determined the company does not provide engineers with company-ownedlaptops, which would be subject to company policy and technical controls.Which of the following would be the MOST secure control implement?
A) Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
B) Utilize a jump box that is only allowed to connect to clients from the management network.
C) Implement role-based group policies on the management network for client access.
D) Deploy a company-wide approved engineering workstation for management access.
4. Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).(Select 3answers)
A) OS
B) Hard drive capacity
C) VLANs
D) Physical access restriction
E) Processing power
F) Trained operators
5. A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it isdeployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of thefollowing vulnerability options would BEST create the process requirements?
A) Utilizing a non-credential scan
B) Utilizing an authorized credential scan
C) Utilizing a known malware plugin
D) Utilizing an operating system SCAP plugin
A) organizational control.
B) rules of engagement.
C) risk appetite
D) service-level agreement.
2. A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connectionsutilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of thefollowing threats has the security analyst uncovered?
A) Software vulnerability
B) APT
C) DDoS
D) Ransomware
3. An investigation showed a worm was introduced from an engineers laptop. It was determined the company does not provide engineers with company-ownedlaptops, which would be subject to company policy and technical controls.Which of the following would be the MOST secure control implement?
A) Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
B) Utilize a jump box that is only allowed to connect to clients from the management network.
C) Implement role-based group policies on the management network for client access.
D) Deploy a company-wide approved engineering workstation for management access.
4. Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).(Select 3answers)
A) OS
B) Hard drive capacity
C) VLANs
D) Physical access restriction
E) Processing power
F) Trained operators
5. A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it isdeployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of thefollowing vulnerability options would BEST create the process requirements?
A) Utilizing a non-credential scan
B) Utilizing an authorized credential scan
C) Utilizing a known malware plugin
D) Utilizing an operating system SCAP plugin
1. Right Answer: B
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A,D,F
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A,D,F
Explanation:
5. Right Answer: D
Explanation:
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment