CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
ComptiA CySA+ 2023 Questions and answer - Part 66
1. Which of the following is MOST effective for correlation analysis by log for threat management?
A) PCAP
B) SIEM
C) IPS
D) SCAP
2. An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Managementdirected the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome isunchanged. Which of the following is the BEST logical control to address the failure?
A) Configure vulnerability scans to run in credentialed mode.
B) Manually validate that the existing update is being performed.
C) Configure a script to automatically update the scanning tool.
D) Test vulnerability remediation in a sandbox before deploying.
3. Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?
A) Lessons learned report
B) Incident response plan
C) Chain of custody documentation
D) Reverse engineering process
4. A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, andthe software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?
A) The security analyst should recommend this device be included in regular vulnerability scans.
B) The security analyst should recommend this device regularly export the web logs to a SIEM system.
C) The security analyst should recommend an IDS be placed on the network segment.
D) The security analyst should recommend this device be placed behind a WAF.
5. While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened inthis situation?
A) The analyst is not using the standard approved browser.
B) The analyst accidently clicked a link related to the indicator.
C) The alert in unrelated to the analysts search.
D) The analyst has prefetch enabled on the browser in use.
A) PCAP
B) SIEM
C) IPS
D) SCAP
2. An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Managementdirected the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome isunchanged. Which of the following is the BEST logical control to address the failure?
A) Configure vulnerability scans to run in credentialed mode.
B) Manually validate that the existing update is being performed.
C) Configure a script to automatically update the scanning tool.
D) Test vulnerability remediation in a sandbox before deploying.
3. Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?
A) Lessons learned report
B) Incident response plan
C) Chain of custody documentation
D) Reverse engineering process
4. A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, andthe software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?
A) The security analyst should recommend this device be included in regular vulnerability scans.
B) The security analyst should recommend this device regularly export the web logs to a SIEM system.
C) The security analyst should recommend an IDS be placed on the network segment.
D) The security analyst should recommend this device be placed behind a WAF.
5. While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened inthis situation?
A) The analyst is not using the standard approved browser.
B) The analyst accidently clicked a link related to the indicator.
C) The alert in unrelated to the analysts search.
D) The analyst has prefetch enabled on the browser in use.
1. Right Answer: B
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: D
Explanation:
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment