CompTIA CySA+ (Cybersecurity Analyst) Exam Questions With Verified Answers

- Answer Word pool: Procedures, Guidelines, Policies, Standards ___________ contain high-level statements of management intent ___________ provide mandatory requirements for how policies are carried out ___________ are a step-by-step process ___________ describes a best practice or recommendation - Answer "Policies" contain high-level statements of management intent "Standards" provide mandatory requirements for how policies are carried out "Procedures" are a step-by-step process "Guidelines" describes a best practice or recommendation What authentication protocol is best suited for untrusted networks? - Answer Kerberos- it is designed to run on untrusted networks and encrypts traffic by default With 802.1x (port-based auth.), what is the name for the special piece of client software that resides on the device requesting to join the network? - Answer "Supplicant" With 802.1x, what is the service that passes the authentication request along from the supplicant (client device) to the authentication protocol (usually RADIUS)? - Answer "Authenticator" What is the port for SQL Server? - Answer TCP 1443 What is the port for Oracle? - Answer TCP 1521 What are the 4 stages of a penetration test (in order)? - Answer Planning, Discover, Attack, Reporting In a workplace "wargame" exercise, which team is defending and which team is attacking? (HINT- there are 2 main teams, Red Team and Blue Team) - Answer -The Blue Team is defending. -The Red Team is attacking ***-The white/purple team acts as the referee Any action that an organization takes to reduce the likelihood or impact of a risk is an example of risk ___________ - Answer "mitigation" What are the 4 different categories of threats that an organization may face? (NIST) - Answer Adversarial, Accidental, Structural, and Environmental What is the difference between a Technical control and an Operational control? - Answer A Technical control is a system, device, software, or setting that enforces security. An Operational control is a practice/procedure that enforces security. What are the 4 steps to a risk assessment? (NIST 800-30) - Answer 1) Prepare for assessment 2) Conduct assessment 3) Communicate results 4) Maintain assessment ______________ is used to create a map of an organizations networks, systems, and infrastructure - Answer "Footprinting" What functions do the following flags perform with nmap? -O -sV -P0 [# not letter] -sS - Answer -O ... Attempts OS identification -sV ... Grabs banners to detect detailed service info -P0 ... Skips pinging prior to scanning -sS ... Sends connection attempts to verify port response (using a TCP SYN packet) What is the difference between active footprinting and passive footprinting? - Answer Active footprinting uses tools such as port scanners and network mappers to create a reconnaissance topology, while passive footprinting uses logs and available data to perform the same function __________ is a Cisco network protocol that collects IP traffic information, allowing network monitoring (generally used for creating baselines and identifying unexpected behavior - Answer "Netflow" What command can be used to see detailed info about open ports on a local host [on Windows, Linux and Unix]? - Answer netstat What functions do the following flags perform with netstat? -o -e -nr - Answer -o ... Identified the process numbers associated with the ports (used to reference Task Manager) -e ... Provides interface statistics (sent/received bytes on each port, as well as errors, discards, etc.) -nr ... Displays detailed route table info What directory do Linux systems generally store their logs in? - Answer /var/log What command is used [on Win, Linux, & MacOS] to resolve a domain name to an IP or perform other DNS queries? - Answer nslookup _____ _________ are intended to be used to replicate DNS databases between DNS servers, which makes them a good tool to gather information. - Answer "Zone transfers" *** Best practice- Turn off the zone transfer function on DNS servers!!! _____ allows you to search databases of registered users of domains and IP address blocks. - Answer "Whois" _____________ analysis looks for differences from established patterns or expected behaviors - Answer "Anomaly" __________ analysis focuses on predicting behaviors based on existing data - Answer "Trend" _______________ analysis uses a fingerprint or signature to detect threats or other events - Answer "Signature" _______________/______________ analysis is used to detect threats based on their behavior. This method can detect unknown threats (no known signature) - Answer "Heuristic/Behavioral" ___________ analysis uses human expertise and instict to analyze threats - Answer "Manual" An organization's ______ __________ is its willingness to tolerate risk within the environment - Answer "risk appetite" What are the 3 steps in the vulnerability management life cycle? - Answer Detection, Remediation, and Testing What is the SCAP (Security Content Automation Protocol) standard that "provides a standard nomenclature for describing security-related software flaws"? - Answer CVE (Common Vulnerabilities and Exposures) What is the SCAP (Security Content Automation Protocol) standard that "provides a standardized approach for measuring & describing the severity of security-related software flaws"? - Answer CVSS (Common Vulnerability Scoring System) What is the SCAP (Security Content Automation Protocol) standard that "provides a standard nomenclature for discussing system configuration issues"? - Answer CCE (Common Configuration Enumeration) What is the SCAP (Security Content Automation Protocol) standard that "provides a standard nomenclature for describing product names and versions"? - Answer CPE (Common Platform Enumeration) ____ _____ prescribes specific secuirty controls for merchants who handle credit card transactions and service providers who assist merchants with these transactions - Answer "PCI DSS" (Payment Card Industry Data Security Standard) The _______ requires that government agencies and other organizations operating systems on behalf of government agencies comply with a series of security standards. - Answer "FISMA" (Federal Information Security Management Act) The ______ governs how financial institutions may handle customer financial records - Answer "GLBA" (Gramm-Leach-Bliley Act) For PCI DSS compliance, what is the minimum frequency with which you must conduct scans? - Answer Quarterly TRUE OR FALSE: You do not have to conduct a vulnerability scan after a significant change in network/hardware for PCI DSS compliance - Answer FALSE! -You DO need to conduct a vulnerability scan after a significant network/hardware change in order to be PCI DSS compliant TRUE OR FALSE: For FISMA compliance, only High and Moderate impact systems must be covered in vulnerability scans - Answer FALSE! -ALL systems must be covered in vulnerability scans to be FISMA compliant Who can complete an internal vulnerability scan for PCI DSS compliance? - Answer Any qualified individual Under FISMA requirements, what special step do you have to take if a system is considered High impact? - Answer You must determine what information is discoverable by adversaries With CVSS (Common Vulnerability Scoring System), what is the AV metric? What are the possible values & scores for this metric? - Answer The AV (access vector) metric describes how an attacker would exploit the vulnerability L (Local)- Attacker needs physical/logical access to the system [Score=0.395] A (Adjacent Network)- Attacker needs LAN access [Score=0.646]