CSA+ Review Questions

Study online at quizlet.com/_3qw621

1. After discovering a network is vulnerable to 1. Risk 8. In a cybersecurity wargame exercise, what 1. Red team
attack on open ports on servers, a network mitigation team attempts to break into the adversary's
firewall is implemented to reduce the systems?
likelihood of a successful attack. What risk 1. Red team
management strategy was pursued? 2. Blue team
1. Risk mitigation 3. White team
2. Risk avoidance 4. Black team
3. Risk transference
9. The last PCI DSS compliance scan for a 1.
4. Risk acceptance
system was last completed in March. In April, Immediately
2. After running an nmap scan of a system, you SSH, the organization upgraded their point-of-
receive scan data that indicated the following HTTPS, sale system, and the system administrator is
three ports are open: 22/TCP, 443/TCP, Oracle preparing to conduct a new scan. When must
1521/TCP the scan be completed by?
What services commonly run on these ports? 1. Immediately
2. June
3. A CVSS 3.0 score reads : 3. Network,
3. December
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H High
4. No scans are required
What is the attack vector and impact to
integrity based on this rating? 10. Looking for slack space on a drive. Where to 4. At unused
1. System, 9, 8 look and was is likely to be found? space left
2. Browser, High 1. Look at unallocated space, and likely to when a file
3. Network, High find file fragments from deleted files is written,
4. None, High 2. Unused space where files were deleted, and likely to
and likely to find complete files hidden find file
4. During passive intelligence gathering, you are 3. Active
there fragments
able to run netstat on a workstation located at IPX
3. In the space reserved on the drive for from
your target's headquarters. What information connections
spare blocks, likely to find complete files deleted
would you not be able to find using netstat on
duplicated there. files.
a Windows system?
4. At unused space left when a file is written,
1. Active TCP connections
and likely to find file fragments from
2. A List of executables by connection
deleted files.
3. Active IPX connections
4. Route table information 11. Missing a critical security patch on a 2.
database would be which type of situation? Vulnerability
5. During which phase of a penetration test 1. Planning
1. Risk
should the testers obtain written authorization
2. Vulnerability
to conduct the test?
3. Hacker
1. Planning
4. Threat
2. Attack
3. Discovery 12. An organization's credit card processing 2. Systems
4. Reporting systems are on an isolated network on the
dedicated to card processing. Appropriate isolated
6. A fire suppression system is an example of 2. Physical
segmentation controls have been used to network
what type of control?
limit the scope of PCI DSS to those systems
1. Logical
through the use of VLANs and firewalls.
2. Physical
What systems must be scanned for the
3. Administrative
purpose of PCI DSS compliance?
4. Operational
1. Customer systems
7. A firewall rue that will allow network traffic 4. 443 2. Systems on the isolated network
from external systems to a web server running 3. Systems on the general enterprise
the HTTPS protocol will allow which TCP port network
access through the firewall? 4. Both 2 and 3.
1. 25
2. 80
3. 143
4. 443
26. What level of secure media disposition as 2. Purge 33. What process uses information such as the way 4. OS
defined by NIST SP-800-88 is best suited to a that a system's TCP stack responds to queries, detection
hard drive from a high-security system that will what TCP option it supports, and the initial
be reused in the same company by an window size it uses?
employee of a different level or job type? 1. Service identification
1. Clear 2. Fuzzing
2. Purge 3. Application scanning
3. Destroy 4. OS detection
4. Reinstall
34. What specialized firewall can protect against 2. WAF
27. What method is used to replicate DNS 4. Zone SQL injection, cross-site scripting, and similar
information for DNS servers but is also a transfer attacks?
tempting exploit target for attackers? 1. NGFW
1. DNSSEC 2. WAF
2. AXR 3. Packet filter
3. DNS registration 4. Stateful inspection
4. Zone transfer
35. What technique is being used in this command? 4. Zone
28. What method used to replicate DNS info 2. Zone dig axfr @dns-serverexample.com transfer
netween DNS servers can also be used to transfer 1. DNS query
gather large amounts of info about an 2. nslookup
organization's systems? 3. dig scan
1. Traceroute 4. Zone transfer
2. Zone transfer
36. What technology would best assist with 2.
3. DNS sync
ensuring that devices connected to a network Network
4. dig
have the current antivirus software? Access
29. What minimum level of impact must a system 3. High 1. Network firewall Control
have under FISMA before the organziation is 2. Network Access Control
required to determine what information about 3. Network segmentation
the system is discoverable by adversaries? 4. Virtual Private Network
1. Low
37. What term describes an organization's 2. Risk
2. Moderate
willingness to tolerate risk in their computing appetite
3. High
environment?
4. Severe
1. Risk landscape
30. What organization manages the global IP 4. IANA 2. Risk appetite
address space? 3. Risk level
1. NASA 4. Risk adaptation
2. ARIN
38. What tool can administrators use to hlep 1. Asset
3. WorldNIC
identify the systems present on a network prior inventory
4. IANA
to conducting vulnerability scans?
31. What personnel control would allow review of 2. 1. Asset inventory
employee actions suspected of conspiring to Separation 2. Web application assessment
defraud an organization to find any issues? of duties 3. Router
1. Dual control 4. DLP
2. Separation of duties
39. What tool can be used to deploy consistent 1. GPO
3. Background checks
security settings to multiple Windows systems
4. Cross training
simultaneously?
32. What port should definitely not be open on a 2. 23 1. GPO
jump box server which allows system 2. HIPS
administrators to connect from their laptops? 3. IPS
1. 22 4. DNS
2. 23
3.443
4. 3389
40. What tool would you use to capture IP traffic 2. Netflow 48. What type of threat is a power grid failure 4.
info to provide flow and volume info about a to an organization? Environmental
network? 1. Adversarial
1. libpcap 2. Accidental
2. Netflow 3. Structural
3. Netstat 4. Environmental
4. pflow
49. When assigning remediation resources, 1. CVSS
41. What type of account should be provided to a 4. Read- what SCAP component covers prioritizing
scanner performing credentialed scans of only issues from different sources after a
servers on a network? vulnerability scan has been run thoughout
1. Domain administrator an organization using different products?
2. Local administrator 1. CVSS
3. Root 2. CVE
4. Read-only 3. CPE
4. XCCDF
42. What type of agent must be running on a 1.
device for it to join a wireless network running Supplicant 50. When performing 802.1x authentication, 4. RADIUS
802.1x authentication? what protocol does the authenticator use
1. Supplicant to communicate with the authentication
2. Authenticator server?
3. Authentication server 1. 802.11g
4. Command and control 2. EAP
3. PEAP
43. What type of analysis is best suited to identify 3.
4. RADIUS
a previously unknown malware package Heuristic
operating on a compromised system? analysis 51. When planning to conduct a vulnerability 3. Run the
1. Trend analysis scan of a business critical system using scan in a test
2. Signature analysis dangerous plugins, what would be the best environment
3. Heuristic analysis approach for the initial scan?
4. Regression analysis 1. Run the scan against production systems
to achieve the most realistic results
44. What type of data can frequently be gathered 2. Exif
possible
from images taken on smartphones?
2. Run the scan during business hours
1. Extended Graphics Format
3. Run the scan in a test environment
2. Exif
4. Do not run the scan to avoid disrupting
3. JPIF
the business
4. PNGrams
52. When seeking to determine the 2. Moderate
45. What type of firewall provides the greatest 1. NGFW
appropriate impact categorization for a impact
degree of contextual information and can
federal information system when planning
include information about suers and
vulnerability scanning for that system, it is
applications in its decision-making process.
discovered that the system contains
1. NGFW
information that, if disclosed improperly,
2. WAF
would have a serious adverse impact on the
3. Packet filter
organization. How should this system be
4. Stateful inspection
categorized?
46. What type of system allows attackers to honeypot 1. Low impact
believe they have succeeded with their attack, 2. Moderate impact
thus providing defenders with the info about 3. High impact
their attack method and tools? 4. Severe impact
47. What type of system is used to contain an 2. a 53. Where can an older copy of a website be 1. The Internet
attacker to allow them to be monitored? sandbox found? Archive
1. a white box 1. The Internet Archive
2. a sandbox 2. Wikileaks
3. a network jail 3. The Internet Rewinder
4. a VLAN 4. TimeTurner
54. Which Cisco log level is the most critical? 1. 0 61. Which of the following is an example of 4. Penetration
1. 0 an operational security control? tests
2. 1 1. Encryption software
3. 7 2. Network Firewall
4. 10 3. Antivirus software
4. Penetration tests
55. Which lookup tool provides info about a 3. Whois
domain's registrar and physical location? 62. Which of the following is not a common 2. Registering
1. nslookup DNS anti-harvesting technique? manually
2. host 1. Blacklisting systems or networks
3. Whois 2. Registering manually
4. traceroute 3. Rate limiting
4. CAPTCHAs
56. Which of the following actions is not a 1. Reviewing
common activity during the recovery account and 63. Which of the following is not an example 2. Snort
phase of an incident response process? adding of a vulnerability scanning tool?
1. Reviewing account and adding privileges 1. QualysGuard
privileges 2. Snort
2. Validating that only authorized user 3. Nessus
accounts are on the systems 4. OpenVAS
3. Verifying that all systems are logging
64. Which of the following is not a reason 3. Plausible
properly
that penetration testers often perform deniability
4. Perform vulnerability scans of all
packet capture while conducting port and
systems
vulnerability scanning?
57. Which of the following activities is not 3. Reporting 1. Work process documentation
part of the vulnerability management life 2. To capture additional data for analysis
cycle? 3. Plausible deniability
1. Detection 4. To provide a timeline
2. Remediation
65. Which of the following is not one of the 2.
3. Reporting
three main objectives that information Nonrepudiation
4. Testing
security professionals must achieve to
58. Which of the following categories of 1. Adversarial protect their organizations against
threat requires that cybersecurity cybersecurity threats?
analysts consider the capability, intent, 1. Integrity
and targeting of the threat source? 2. Nonrepudiation
1. Adversarial 3. Availability
2. Accidental 4. Confidentiality
3. Structural
66. Which of the following laws concern 4. FERPA
4. Environmental
compliance with U.S. federal law covering
59. Which of the following descriptions 2. Sensitive of student educational records?
explains integrity loss? proprietary 1. HIPAA
1. Systems were taken offline, resulting information was 2. GLBA
in a loss of business income changed or 3. SOX
2. Sensitive of proprietary information deleted. 4. FERPA
was changed or deleted.
67. Which of the following options is best 1. Kerberos
3. Protected information was accessed or
suited as an authentication protocol in an
exfiltrated.
untrusted network in its default state?
4. Sensitive personally identifiable info
1. Kerberos
was accessed or exfiltrated
2. RADIUS
60. Which of the following factors is least 4. Staff 3. LDAP
likely to impact vulnerability scanning availability 4. TACACS+
schedules?
1. Regulatory requirements
2. Technical constraints
3. Business constraints
4. Staff availability
68. Which of the following options is the most 4. Microsoft 74. Which of the following vulnerability 2.
likely used for the host listed in the SQL server scanning methods will provide the most Authenticated
dhcp.conf entry? accurate detail during a scan?
host db1 { 1. Black Box
option host-name 2. Authenticated
"sqldb1.example.com"; 3. Internal view
hardware ethernet 4. External view
8a:00:83:aa:21:9f
75. Which phase of the incident response 3.
fixed address 10.1.240.10
process is the most likely to include Containment,
gathering additional evidence such as Eradication,
1. Active directory server
information that would support legal and
2. Apache web server
action? Recovery
3. Oracle database server
1. Preparation
4. Microsoft SQL server
2. Detection and Analysis
69. Which of the following techniques is an 1. ping 3. Containment, Eradication, and Recovery
example of active monitoring? 4. Post Incident Activity and Reporting
1. ping
76. Which SCAP component covers 3. CPE
2. RMON
standardized product names?
3. Netflows
1. CVSS
4. A network tap
2. CVE
70. Which of the following techniques migh tbe 4. 3. CPE
used to automatically detect and block Sandboxing 4. OVAL
malicious software that does not match
77. Which software development life cycle 4. Spiral
known signatures?
model uses linear development in an
1. MAC
iterative, four-phase process?
2. Hashing
1. Waterfall
3. Decompiling
2. Agile
4. Sandboxing
3. RAD
71. Which of the following tools cannot be used 1. xcopy 4. Spiral
to make a forensic disk image?
78. Which step occurs first during the attack 1. Gaining
1. xcopy
phase of a penetration test? access
2. FTK
1. Gaining access
3. dd
2. Escalating privileges
4. EnCase
3. System browsing
72. Which of the following tools is best suited to 4. whois 4. Install additional tools
querying data provided by organizations like
79. Which systems must be covered by 4. High-,
the American Registry for Internet Numbers
vulnerability scanning programs for a moderate-, or
(ARIN) as part of a footprinting or
federal agency? low-impact
reconnaissance exercise?
1. Only high-impact systems systems
1. nmap
2. Only systems containing classified
2. traceroute
information
3. regmon
3. High- or moderate-impact systems
4. whois
4. High-, moderate-, or low-impact systems
73. Which of the following tools is not useful for 1. df
80. Which type of organization is the most 3.
monitoring memory usage in linux?
likely to face a regulatory requirement to Government
1. df
conduct vulnerability scans? agency
2. top
1. Bank
3. ps
2. Hospital
4. free
3. Government agency
4. Doctor's office
81. Which type of Windows log is most likely to contain information about a file 2. Security logs
being deleted?
1. httpd logs
2. Security logs
3. System logs
4. Configuration logs
82. Who is authorized to complete an external vulnerability scan on a system for PCI 2. An approved scanning vendor
DSS compliance purposes?
1. Any employee of the organization
2. An approved scanning vendor
3. A PCI DSS service provider
4. Any qualified individual
83. Who is authorized to run an internal vulnerability scan for PCI DSS compliance 4. Any qualified individual
purposes?
1. Any employee of the organization
2. An approved scanning vendor
3. A PCI DSS service provider
4. Any qualified individual
84. You encounter a false positive error on a vulnerability scan. What should you do 1. Verify that it is a false positive, then
about this? document the exception
1. Verify that it is a false positive, then document the exception
2. Implement a work around
3. Update the vulnerability scanner
4. Use an authenticated scan, and then document the vulnerability