CYSA UPDATED ACTUAL Questions and CORRECT Answers
The IT team reports the EDR software that is installed on
laptops is using a large amount of resources. Which of the
following changes should a security analyst make to the
EDR to BEST improve performance without compromising
security? Whitelist known-good applications
A. Quarantine the infected systems.
B. Disable on-access scanning.
C. Whitelist known-good applications.
D. Sandbox unsigned applications.
A security analyst is reviewing the following requirements
for new time clocks that will be installed in a shipping
warehouse:The clocks must be configured so they do not
respond to ARP broadcasts.The server must be configured
with static ARP entries for each clock.Which of the follow-
Spoofing
ing types of attacks will this configuration mitigate?
A. Spoofing
B. Overflows
C. Rootkits
D. Sniflng
Which of the following sources would a security analyst
rely on to provide relevant and timely threat information
concerning the financial services industry?
A. Real-time and automated firewall rules subscriptions
Information sharing and analysis
B. Open-source intelligence, such as social media and
blogs
C. Information sharing and analysis memberships
D. Common vulnerability and exposure bulletins
An information security analyst discovered a virtual ma-
chine server was compromised by an attacker. Which of
the following should be the FIRST step to confirm and
, respond to the incident?
A. Pause the virtual machine.
B. Shut down the virtual machine. Take a snapshot of the virtual machine.
C. Take a snapshot of the virtual machine.
D. Remove the NIC from the virtual machine.
As part of an organization's information security gover-
nance process, a Chief Information Security Oflcer (CISO)
is working with the compliance oflcer to update policies
to include statements related to new regulatory and legal
requirements. Which of the following should be done to
BEST ensure all employees are appropriately aware of
changes to the policies?
Require all employees to attend updated security aware-
A. Conduct a risk assessment based on the controls de-
ness training and sign an acknowledgement.
fined in the newly revised policies.
B. Require all employees to attend updated security
awareness training and sign an acknowledgement.
C. Post the policies on the organization's intranet and pro-
vide copies of any revised policies to all active vendors.
D. Distribute revised copies of policies to employees and
obtain a signed acknowledgement from them
An analyst wants to identify hosts that are connecting to
the external FTP servers and what, if any, passwords are
being used. Which of the following commands should the
analyst use?
Tcpdump -X dst port 21
A. Tcpdump -X dst port 21
B. ftp ftp.server -p 21
C. nmap -o ftp.server -p 21
D. telnet ftp.server 21
Employees of a large financial company are continuously
being infected by strands of malware that are not detected
by EDR tools. Which of the following is the BEST security
,control to implement to reduce corporate risk while allow-
ing employees to exchange files at client sites?
A. MFA on the workstations
B. Additional host firewall rules
VDI environment
C. VDI environment
D. Hard drive encryption
E. Network access control
F. Network segmentation
While reviewing a packet capture. a security analyst dis-
covers a recent attack used specific ports communicating
across non-standard ports and exchanged a particular set
of files. In addition, forensics determines the files contain
malware and have a specific callback domain within the
files. The MOST appropriate action to take in this situation
would be to implement a change request for an IPS:
rule to block the non-standard ports and update the black-
A. to block the callback domain and another signature
listing of the callback domain
hash to block the files
B. behavioral signature and update the blacklisting on the
domain
C. rule to block the non-standard ports and update the
blacklisting of the callback domain
D. signature for the callback domain and update the fire-
wall settings to block the non-standard ports
During a review of the vulnerability scan results on a server.
an information security analyst notices the following:The
MOST appropriate action for the analyst to recommend to
developers is to charge the web server so:
It no longer accepts the vulnerable cipher suites
A. It only accepts TLSv1.2
B. It only accepts ciphers suites using AES and SHA
C. It no longer accepts the vulnerable cipher suites
D. SSL/TLS is offloaded to a WAF and load balancer
, As part of a merger with another organization, a Chief
Information Security Manager (CISO) is working with an
assessor to perform a risk assessment focused on data
privacy compliance. The CISO is primarily concerned with
the potential legal liability and fines associated with data
privacy. Based on the CISO's concerns, the assessor will quantitative magnitude
MOST likely focus on:
A. qualitative probabilities
B. quantitative probabilities
C. qualitative magnitude
D. quantitative magnitude
concerned developers have too much visibility into cus-
tomer data. Which of the following controls should be
implemented to BEST address these concerns?
A. Data masking Data masking
B. Data loss prevention
C. Data minimization
D. Data sovereignty
Which of the following will allow different cloud instances
to share various types of data with a minimal amount of
complexity?
A. Reverse engineering
API integration
B. Application log collections
C. Workflow or orchestration
D. API integration
E. Scripting
A security analyst is investigating an incident that appears
that appears to have started with SQL injection against a
publicly available web application. Which of the following
is the FIRST step the analyst should take to prevent future
attacks?
The IT team reports the EDR software that is installed on
laptops is using a large amount of resources. Which of the
following changes should a security analyst make to the
EDR to BEST improve performance without compromising
security? Whitelist known-good applications
A. Quarantine the infected systems.
B. Disable on-access scanning.
C. Whitelist known-good applications.
D. Sandbox unsigned applications.
A security analyst is reviewing the following requirements
for new time clocks that will be installed in a shipping
warehouse:The clocks must be configured so they do not
respond to ARP broadcasts.The server must be configured
with static ARP entries for each clock.Which of the follow-
Spoofing
ing types of attacks will this configuration mitigate?
A. Spoofing
B. Overflows
C. Rootkits
D. Sniflng
Which of the following sources would a security analyst
rely on to provide relevant and timely threat information
concerning the financial services industry?
A. Real-time and automated firewall rules subscriptions
Information sharing and analysis
B. Open-source intelligence, such as social media and
blogs
C. Information sharing and analysis memberships
D. Common vulnerability and exposure bulletins
An information security analyst discovered a virtual ma-
chine server was compromised by an attacker. Which of
the following should be the FIRST step to confirm and
, respond to the incident?
A. Pause the virtual machine.
B. Shut down the virtual machine. Take a snapshot of the virtual machine.
C. Take a snapshot of the virtual machine.
D. Remove the NIC from the virtual machine.
As part of an organization's information security gover-
nance process, a Chief Information Security Oflcer (CISO)
is working with the compliance oflcer to update policies
to include statements related to new regulatory and legal
requirements. Which of the following should be done to
BEST ensure all employees are appropriately aware of
changes to the policies?
Require all employees to attend updated security aware-
A. Conduct a risk assessment based on the controls de-
ness training and sign an acknowledgement.
fined in the newly revised policies.
B. Require all employees to attend updated security
awareness training and sign an acknowledgement.
C. Post the policies on the organization's intranet and pro-
vide copies of any revised policies to all active vendors.
D. Distribute revised copies of policies to employees and
obtain a signed acknowledgement from them
An analyst wants to identify hosts that are connecting to
the external FTP servers and what, if any, passwords are
being used. Which of the following commands should the
analyst use?
Tcpdump -X dst port 21
A. Tcpdump -X dst port 21
B. ftp ftp.server -p 21
C. nmap -o ftp.server -p 21
D. telnet ftp.server 21
Employees of a large financial company are continuously
being infected by strands of malware that are not detected
by EDR tools. Which of the following is the BEST security
,control to implement to reduce corporate risk while allow-
ing employees to exchange files at client sites?
A. MFA on the workstations
B. Additional host firewall rules
VDI environment
C. VDI environment
D. Hard drive encryption
E. Network access control
F. Network segmentation
While reviewing a packet capture. a security analyst dis-
covers a recent attack used specific ports communicating
across non-standard ports and exchanged a particular set
of files. In addition, forensics determines the files contain
malware and have a specific callback domain within the
files. The MOST appropriate action to take in this situation
would be to implement a change request for an IPS:
rule to block the non-standard ports and update the black-
A. to block the callback domain and another signature
listing of the callback domain
hash to block the files
B. behavioral signature and update the blacklisting on the
domain
C. rule to block the non-standard ports and update the
blacklisting of the callback domain
D. signature for the callback domain and update the fire-
wall settings to block the non-standard ports
During a review of the vulnerability scan results on a server.
an information security analyst notices the following:The
MOST appropriate action for the analyst to recommend to
developers is to charge the web server so:
It no longer accepts the vulnerable cipher suites
A. It only accepts TLSv1.2
B. It only accepts ciphers suites using AES and SHA
C. It no longer accepts the vulnerable cipher suites
D. SSL/TLS is offloaded to a WAF and load balancer
, As part of a merger with another organization, a Chief
Information Security Manager (CISO) is working with an
assessor to perform a risk assessment focused on data
privacy compliance. The CISO is primarily concerned with
the potential legal liability and fines associated with data
privacy. Based on the CISO's concerns, the assessor will quantitative magnitude
MOST likely focus on:
A. qualitative probabilities
B. quantitative probabilities
C. qualitative magnitude
D. quantitative magnitude
concerned developers have too much visibility into cus-
tomer data. Which of the following controls should be
implemented to BEST address these concerns?
A. Data masking Data masking
B. Data loss prevention
C. Data minimization
D. Data sovereignty
Which of the following will allow different cloud instances
to share various types of data with a minimal amount of
complexity?
A. Reverse engineering
API integration
B. Application log collections
C. Workflow or orchestration
D. API integration
E. Scripting
A security analyst is investigating an incident that appears
that appears to have started with SQL injection against a
publicly available web application. Which of the following
is the FIRST step the analyst should take to prevent future
attacks?
