CompTIA Cybersecurity Analyst (CySA+) - Module 1: Threat Management

CompTIA Cybersecurity Analyst (CySA+) - Module 1: Threat Management Document Content and Description Below CompTIA Cybersecurity Analyst (CySA+) - Module 1: Threat Management Which of the following is an alternate name for topology Discovery? Fingerprinting Footprinting Pivotprinting Sniffing -Answer - Footprinting What process allows an analyst to discover the operating system and version of a system? Service Discovery Topology Discovery Log Review OS Fingerprinting -Answer- OS Fingerprinting In what order is an ACL processed? From top to bottom From bottom to top Most specific entry first Least specific entry first -Answer- From top to bottom What is the unwritten rule at the bottom of a firewall's ACL? Implicit Allow Implicit Deny Explicit Deny Explicit Allow -Answer- Implicit Deny Attackers may potentially collect company emails by searching Google. True False -Answer- True Which process would an attacker use to determine who in a company is most likely to be tricked into giving up company information? Social Engineering Phishing Social Media Profiling Email Harvesting -Answer- Social Media ProfilingWhat type of Phishing is sent over a text message specifically? Vishing Spear Phishing SMiShing Whaling -Answer- SMiShing Internal DNS servers need to be protected from an attacker to prevent the leakage of email records within a company. True False -Answer- False Due to the amount of a network that is physically wired it is more difficult to prevent access to a physical network than a wireless one. True False -Answer- False Which of the following wireless protocols can be used to best supply security for a wireless network? WEP TKIP WPA2 WPA -Answer- WPA2 A virtual network is more secure network for which of the following reasons? They are easier to patch They can't spread viruses Virtual machines can't compromise their host They're easier to isolate -Answer- They're easier to isolate In which way can an IDS protect a network? (Choose all that apply) Reactively Proactively Actively Passively -Answer- Reactively & Passively Which of the following methods can be used to delay a scan to avoid detection? Sparse scanning Traceroute scan half-open scanRandomized scan -Answer- Sparse scanning Which tool can be used to test many different port states on a Linux or Windows device? Firewall Packet Analyze Netstat Syslog -Answer- Netstat Of the IDS/ IPS systems which will have the best ability to prevent an attack on a network scale? HIDS HIPS NIDS NIPS -Answer- NIPS Of the IDS/ IPS systems which will be best at protecting a system while minimizing service interruptions? HIDS HIPS NIDS NIPS -Answer- HIDS When reviewing a Syslog report which of the following severities would have the highest priority? 0 4 7 10 -Answer- 0 Which of the following Windows commands would allow the user to determine the path that traffic takes through the network. Traceroute Netstat NMAP Tracert -Answer- Tracert Spear phishing is when an attacker goes after corporate data by calling up the CEO or other upper-level employees. TrueFalse -Answer- False Employees need not be trained in current social engineering attacks as plenty of other countermeasures exist to prevent somebody from falling victim to one of these attacks such as email filters. True False -Answer- False In which of the following networks types should an analyst hide the network's name in order to help prevent an attacker from finding the network? Wired Wireless Cloud Virtual -Answer- Wireless What is the name of the common issues that can affect certain operating systems which can be easily found online? CVEs MitM NMAP CNP -Answer- CVEs (CVE - Common Vulnerabilities and Exposures) Which of the following can be used to further tune an IDS or IPS system in order to guarantee more accurate results? IDS IPS Anti-Virus Scanner Firewall -Answer- IDS In order to scan for ports capable running NTP or RADIUS which of the following scans would be utilized? TCP half-open scan TCP connect scan UDP scan UDP half-open scan -Answer- UDP scan An analyst has discovered that a particular port is blocked by a firewall. What is the port state of that firewall? Open ClosedFiltered Blocked -Answer- Filtered An analyst discovered that a particular port is responding to requests. Which of the following port states is the attacker discovering? (Choose all that apply) Closed Open Blocked Filtered -Answer- Closed & Open An attacker was able to eavesdrop on network traffic by attaching a device to a core switch. Which of the following is the attacker most likely accomplishing? Network mapping Host Discovery Port scanning Packet capture -Answer- Packet capture An attacker will first look for a vulnerable system known as a pivot point to initially breach a network. True False -Answer- True Which of the following will allow an analyst to not only view where traffic is flowing on a network but grant a better picture to determine how much traffic is passing over a segment at any given time? Pick the best answer. Packet Analysis Wireless Analysis Protocol Analysis Netflow Analysis -Answer- Netflow Analysis Which of the f