CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
ComptiA CySA+ 2023 Questions and answer - Part 68
1. A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing thenetwork while still conducting a credentialed scan, which of the following is the BEST choice?
A) Deploy scanners with administrator privileges on each endpoint
B) Encrypt all of the traffic between the scanner and the endpoint
C) Provide each endpoint with vulnerability scanner credentials
D) Install agents on the endpoints to perform the scan
2. During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into awebform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?
A) Input validation
B) Static code analysis
C) Application fuzzing
D) Peer review code
3. The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that supportthem. Which of the following meets the criteria?
A) PHP
B) OWASP
C) Ajax
D) SANS
4. The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromisedworkstation?
A) Implement the incident response plan
B) Perform evidence acquisition
C) Activate the escalation checklist
D) Analyze the forensic image
5. A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the localmachine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A) Spoofing
B) Replay
C) Transitive access
D) Man-in-the-middle
A) Deploy scanners with administrator privileges on each endpoint
B) Encrypt all of the traffic between the scanner and the endpoint
C) Provide each endpoint with vulnerability scanner credentials
D) Install agents on the endpoints to perform the scan
2. During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into awebform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?
A) Input validation
B) Static code analysis
C) Application fuzzing
D) Peer review code
3. The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that supportthem. Which of the following meets the criteria?
A) PHP
B) OWASP
C) Ajax
D) SANS
4. The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromisedworkstation?
A) Implement the incident response plan
B) Perform evidence acquisition
C) Activate the escalation checklist
D) Analyze the forensic image
5. A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the localmachine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A) Spoofing
B) Replay
C) Transitive access
D) Man-in-the-middle
1. Right Answer: D
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: B
Explanation: Reference: https://www.synopsys.com/software-integrity/resources/knowledge-database/owasp-top-10.html
4. Right Answer: B
Explanation: Reference: https://staff.washington.edu/dittrich/misc/forensics/
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: B
Explanation: Reference: https://www.synopsys.com/software-integrity/resources/knowledge-database/owasp-top-10.html
4. Right Answer: B
Explanation: Reference: https://staff.washington.edu/dittrich/misc/forensics/
5. Right Answer: D
Explanation:
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment