CYSA EXAM TEST 2023 LATEST UPDATE

CYSA EXAM TEST 2023 LATEST UPDATE An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform. Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment? - ANSWER CAN Bus A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take? - ANSWER Start packet capturing to look for traffic that could be indicative of command and control from the miner. A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability Company policy prohibits using portable media or mobile storage The security analyst is trying to determine which use caused the malware to get onto the system Which of the following registry keys would MOST likely have this information? - ANSWER HKEY_USERSuser SIDSoftwareMicrosoftWindowsexplorerMountPoints2 Which of the following MOST accurately describes an HSM? - ANSWER An HSM can be networked based or a removable USB A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do? - ANSWER Shut down the computer Which of the following technologies can be used to house the entropy keys for disk encryption on desktops and laptops? - ANSWER Self-encrypting drive A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system Which of the following describes the type of control that is being used - ANSWER Data loss prevention or Data masking A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action? - ANSWER Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output. 1301 ? Ss 0:00 ./usr/sbin/sshd -D Which of the following commands should the administrator run NEXT to further analyze the compromised system? - ANSWER A. strace /proc/1301 A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment Which of the following is the BEST solution? - ANSWER Virtualize the system and decommission the physical machine. Which of the following attacks can be prevented by using output encoding? - ANSWER Cross-site scripting A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS. Which of the following is them FIRST step the analyst should take to evaluate this potential indicator of compromise? - ANSWER Run an anti-malware scan on the system to detect and eradicate the current threat An information security analyst is compiling data from a recent penetration test and reviews the following output: 443/tcp open https? The analyst wants to obtain more information about the web-based services that are running on the target. - ANSWER telnet 10.79.95.173 443 A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentially protection. Which of the following is the BEST technical security control to mitigate this risk? - ANSWER Switch to TACACS+ technology. A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement - ANSWER federated authentication A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.) - ANSWER Executing vendor compliance assessments against the organization's security controls. Soliciting third-party audit reports on an annual basis. An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems. As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue? - ANSWER Minutes from meetings in which risk assessment activities addressing the servers were discussed A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following: 10.1.1.10.47789 128.50.100.3.53:48202+ A? - ANSWER Data is being exfiltrated over DNS.