Test Bank for Ciampa’s CompTIA CySA+ Guide to Cybersecurity Analyst 1st Edition

Test Bank for Ciampa’s CompTIA CySA+ Guide to Cybersecurity Analyst 1st Edition Multiple Choice 1. Kendra has a very limited budget, but has three critical servers that she needs to secure against data breaches within her company’s infrastructure. She knows that she won’t be able to protect the entire network, but she has started searching for a solution to secure the most critical assets. Which of the following options would she most likely choose? a. UTM appliance b. NIPS c. Proxy server d. HIPS ANSWER: d FEEDBACK: a. Incorrect. A unified threat management, or UTM, appliance is used to perform antivirus, spam filtering, and IDS/IPS functions within a single networked device. As such, it would be useful for an entire network or network segment, not just a few servers. b. Incorrect.A network intrusion prevention system would meet all of the requirements listed in the scenario, except that it is network-based. c. Incorrect.A proxy server can perform certain types of traffic filtering, but it is used at a network or network segment level and thus does not meet the requirements of the scenario. d. Correct. A host intrusion prevention system is installed on individual hosts to detect an intrusion, log the event, alert administrators, and attempt to stop the intrusion. It is the only host-based solution described in the answer choices. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 6/17/2020 6:02 AM DATE MODIFIED: 6/17/2020 6:05 AM 2. Talia has just been hired as the first security employee at an organization. Until this point, security has been everyone’s responsibility, but she knows that the IT staff have different skill sets and may not be aware of certain weaknesses within various platforms. Which of the following tools might Talia use to help her determine the state of the existing infrastructure? a. NIDS b. Vulnerability scanner c. OS fingerprinting d. syslog ANSWER: b FEEDBACK: a. Incorrect. A network intrusion detection system is a good tool to use, but before making any changes to the infrastructure, it would be a better idea to get an overall status update and determine where the weakest points are. From there, Talia could determine the best solutions for resolving any outstanding issues, prioritize which systems are most critical, and work within a budget to implement the changes. b. Correct. A vulnerability scanner is a generic term for a range of products that look for different vulnerabilities, or weaknesses, within networks or systems. A comprehensive scan of the network and systems would be a good starting point before suggesting or implementing any new technologies or changes. c. Incorrect. OS fingerprinting is a type of network scan that determines which operating system(s) are running. This scan should be incorporated as a part of comprehensive vulnerability scanning. d. Incorrect. Syslog is a universal standard for system messages, and Talia would be well served to review the log files on various devices. However, manual log analysis could be a very time-consuming process across an unknown number of servers or systems. The right vulnerability scanner can be configured to scan an entire network or network segment and detect any vulnerabilities that might exist. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 6/17/2020 6:06 AM DATE MODIFIED: 6/17/2020 6:07 AM 3. Malik has received a call from an employee about suspicious activity on her computer. He’s not sure if it’s being controlled remotely or if any other remote network connections are contributing to this issue. Which of the following tools might he initially use as part of his investigation? a. netstat b. ping c. traceroute d. nslookup ANSWER: a FEEDBACK: a. Correct. The netstat command can be used to show current network connections on a computer. From there, Malik can look up information on the IP addresses to determine where the traffic is coming from. b. Incorrect. The ping command might be used with the results of the netstat command, but until Malik has a list of active network connections, he won’t have a target or destination IP address to ping. c. Incorrect. The traceroute command might be used with the results of the netstat command, but until Malik has a list of active network connections, he won’t have a target or destination IP address to use. d. Incorrect. The nslookup command is used to look up DNS records. It would not be useful to determine a list of active network connections with remote networks. POINTS: 1 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 6/17/2020 6:07 AM DATE MODIFIED: 6/17/2020 6:09 AM