CYSA Test QUESTIONS AND 100% VERIFIED SOLUTIONS

CYSA Test QUESTIONS AND 100% VERIFIED SOLUTIONS Stephanie believes that her computer had been compromised because her computer suddenly slows down and often freezes up. Worried her computer was infected with malware, she immediately unplugged the network and power cables from her computer. Per the company procedures, she contacts the help desk, fills out the appropriate forms, and is sent to a cybersecurity analyst for further analysis. The analyst was not able to confirm or deny the presence of possible malware on her computer. Which of the following should have been performed during the incident response preparation phase to prevent this issue? - ANSWER Train users not to unplug their computer if an incident has ocurred. The issue presented in this scenario is that Stephanie unplugged the computer before anyone had a chance to investigate it. During the preparation phase of the incident response process, the company should train its users on what to do in an anomaly or suspected malware intrusion. Many years ago, it was commonly assumed that unplugging the computer is the best thing to do when a system is suspected to be infected with malware. This is no longer true because many malware types are installed when the computer is running, but when you power off and reboot the machine, they can encrypt the hard drive, infect the boot sector, or corrupt the operating system. Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest's wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement? - ANSWER Sponsored authentication of guest wireless devices requires a guest user to provide valid identification when registering their wireless device for use on the network. This requires that an employee validates the guest's need for access, known as sponsoring the guest. While setting a strong password or using 802.1x are good security practices, these alone do not meet the question's sponsorship requirement. An open authentication standard only requires that the guest know the Service-Set Identifier (SSID) to gain access to the network. Therefore, this does not meet the sponsorship requirement. You are reviewing the latest list of important web application security controls published by OWASP. Which of these items is LEAST likely to appear on that list? - ANSWER Obscure web interface locations; The least likely option to appear in the list is to obscure web interface locations. This recommendation is based on security through obscurity and is not considered a good security practice. The other options are all considered best practices in designing web application security controls and creating software assurance in our programs. What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes? - ANSWER Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques. Clearing involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings. Which of the following would NOT be useful in defending against a zero-day threat? - ANSWER Patching; While patching is a great way to combat threats and protect your systems, it is not effective against zero-day threats. By definition, a zero-day threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. Which of the following options places the correct phases of the Software Development Lifecycle's waterfall method in the correct order? - ANSWER The waterfall method moves through seven phases: planning, requirements, design, implementation, testing, deployment, and maintenance. Which of the following will an adversary do during the delivery phase of the Lockheed Martin kill chain? - ANSWER 1. Direct action against public facing servers 2. Deliberate social media interactions with the targets personnel 3. Release of malicious email -- During the delivery phase, the adversary is firing whatever exploits they have prepared during the weaponization phase. Which of the following is NOT a host-related indicator of compromise? - ANSWER Beaconing is considered a network-related indicator of compromise -- Memory consumption, processor consumption, and drive capacity consumption are all classified as host-related indicators of compromise. A cybersecurity analyst just finished conducting an initial vulnerability scan and is reviewing their results. To avoid wasting time on results that are not really a vulnerability, the analyst wants to remove any false positives before remediating the findings. Which of the following is an indicator that something in their results would be a false positive? - ANSWER OBJ-1.3: When conducting a vulnerability scan, it is common for the report to include some findings that are classified as "low" priority or "for informational purposes only." These are most likely false positives and can be ignored by the analyst when starting their remediation efforts. You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization's normal business operations? - ANSWER A honeypot is a host set up to lure attackers away from the actual network components and/or discover attack strategies and weaknesses in the security configuration. You are a cybersecurity analyst and your company has just enabled key-based authentication on its SSH server. Review the following log file: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BEGIN LOG ------------- Sep 09 13:15:24 diontraining sshd[3423]: Failed password for root from 192.168.3.2 port 45273 ssh2 Sep 09 15:43:15 diontraining sshd[3542]: Failed password for root from 192.168.2.24 port 43543 ssh2 Sep 09 15:43:24 diontraining sshd[3544]: Failed password for jdion from 192.168.2.24 port 43589 ssh2 Sep 09 15:43:31 diontraining sshd[3546]: Failed password for tmartinez from 192.168.2.24 port 43619 ssh2Sep 09 15:43:31 diont