CySA+ Chapter 1
Firewall - ANS-Filters network connections based on source, destination, and port
Decompiler - ANS-Attempts to recover source code from binary code
Antivirus - ANS-Scans a system for malicious software
NAC - ANS-Determines what clients may access a wired or wireless network
GPO - ANS-Deploys configuration settings to multiple Windows systems
Hash - ANS-Creates a unique fingerprint of a file
Honeypot - ANS-System intentionally created to appear vulnerable
WAF - ANS-Protects against SQL injection attacks
1) Which one of the following objectives is not one of the three main objectives of CIA
triad?
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality - ANS-Nonrepudiation
2) Tommy is assessing the security of several database servers in his datacenter and
realizes that one of them is missing a critical Oracle security patch. What type of
situation has Tommy detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat - ANS-Vulnerability
3) Ben is preparing to conduct a cybersecurity risk assessment for his organization. If
he chooses to follow the standard process proposed by NIST, which one of the following
steps would come first?
, A. Determine likelihood
B. Determine impact
C. Identify threats
D. Identify vulnerabilities - ANS-Identify threats
4) Cindy is conducted a cybersecurity risk assessment and is considering the impact
that a failure of her city's power grid might have on the organization. What type of threat
is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmental - ANS-Environmental
5) Which one of the following categories of threat requires that cybersecurity analysts
consider the capability, intent, and targeting of the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental - ANS-Adversarial
6) Vincent is responding to a security incident that compromised one of his
organization's web servers. He does not believe that the attackers modified or stole any
information, but they did disrupt access to the organization's web servers. He does not
believe that the attackers modified or stole any information, but they did disrupt access
to the organization's website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability - ANS-Availability
7) Which one of the following is an example of an operational security control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests - ANS-Penetration tests
Firewall - ANS-Filters network connections based on source, destination, and port
Decompiler - ANS-Attempts to recover source code from binary code
Antivirus - ANS-Scans a system for malicious software
NAC - ANS-Determines what clients may access a wired or wireless network
GPO - ANS-Deploys configuration settings to multiple Windows systems
Hash - ANS-Creates a unique fingerprint of a file
Honeypot - ANS-System intentionally created to appear vulnerable
WAF - ANS-Protects against SQL injection attacks
1) Which one of the following objectives is not one of the three main objectives of CIA
triad?
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality - ANS-Nonrepudiation
2) Tommy is assessing the security of several database servers in his datacenter and
realizes that one of them is missing a critical Oracle security patch. What type of
situation has Tommy detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat - ANS-Vulnerability
3) Ben is preparing to conduct a cybersecurity risk assessment for his organization. If
he chooses to follow the standard process proposed by NIST, which one of the following
steps would come first?
, A. Determine likelihood
B. Determine impact
C. Identify threats
D. Identify vulnerabilities - ANS-Identify threats
4) Cindy is conducted a cybersecurity risk assessment and is considering the impact
that a failure of her city's power grid might have on the organization. What type of threat
is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmental - ANS-Environmental
5) Which one of the following categories of threat requires that cybersecurity analysts
consider the capability, intent, and targeting of the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental - ANS-Adversarial
6) Vincent is responding to a security incident that compromised one of his
organization's web servers. He does not believe that the attackers modified or stole any
information, but they did disrupt access to the organization's web servers. He does not
believe that the attackers modified or stole any information, but they did disrupt access
to the organization's website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability - ANS-Availability
7) Which one of the following is an example of an operational security control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests - ANS-Penetration tests
