CYSA EXAM TEST 2023 LATEST UPDATE

CYSA EXAM TEST 2023 LATEST UPDATE Q1 A Chief Information Security Officer (CISO) is concerned developers have too much visibility into customer data. Which of the following controls should be implemented to BEST address these concerns? A. Data masking B. Data loss prevention C. Data minimization D. Data sovereignty - ANSWER A 2 A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of the following would be BEST to implement to alleviate the CISO's concern? 2 A. DLP B. Encryption C. Test data D. NDA - ANSWER A 3 A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats. Which of the following is the MOST proactive tool or technique that feeds incident response capabilities? 2 A. Development of a hypothesis as part of threat hunting B. Log correlation, monitoring, and automated reporting through a SIEM platform C. Continuous compliance monitoring using SCAP dashboards D. Quarterly vulnerability scanning using credentialed scans - ANSWER A 4 A company recently experienced a break-in, whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future? A. Motion detection B. Perimeter fencing (hàng rào theo chu vi= bao bọc bên ngoài cty) C. Monitored security cameras D. Badged entry - ANSWER D 5 A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integrating intelligence into hunt operation? A. It enables the learn to prioritize the focus areas and tactics within the company's environment. B. It provides criticality analyses for key enterprise servers and services. C. It allows analysts to receive routine updates on newly discovered software vulnerabilities. D. It supports rapid response and recovery during and following an incident. - ANSWER A 6 A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT. Which of the following threat modelling methodologies would be the MOST appropriate to use during this analysis? 2 A. Attack vectors B. Adversary capability C. Diamond Model of Intrusion Analysis D. Kill chain E. Total attack surface - ANSWER B 7 A company's incident response team is handling a threat that was identified on the network. Security analysts have determined a web server is making multiple connections from TCP port 445 outbound to servers inside its subnet as well as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan? A. Quarantine the web server (cách ly máy chủ). B. Deploy virtual firewalls (triển khai tường lửa ảo hóa). C. Capture a forensic image of the memory and disk. D. Enable web server containerization. - ANSWER A 8 A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third part, . Below is the existing SPF record: V=spfl a mx -all Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked? A. v=spfl a mx redirect: ?all B. v=spfl a mx include: -all C. v=spfl a mx +all D. v=spfl a mx include: ~all - ANSWER D 9 A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Select TWO). 2 A. Executing vendor compliance assessments against the organization's security controls B. Executing NDAs prior to sharing critical data with third parties C. Soliciting third-party audit reports on an annual basis D. Maintaining and reviewing the organization risk assessment on a quarterly basis E. Completing a business impact assessment for all critical service providers F. Utilizing DLP capabilities at both the endpoint and perimeter levels - ANSWER A E 10 A critical server was compromised by malware, and all functionality was lost. Backups of the server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly? A. Work backward, restoring each backup until the server is clean. B. Restore the previous backup and scan with a live boot anti-malware scanner. C. Stand up a new server and restore critical data from backups. D. Offload the critical data to a new server and continue operations. - ANSWER C