CompTIA Cybersecurity CySA+ (CS0-001): Practice Test #1 of 2 - Results

CompTIA Cybersecurity CySA+ (CS0-001): Practice Test #1 of 2 - Results Which of the following statements best describes an audit file? A.It updates lists of scanned hosts, to avoid unnecessarily rescanning these hosts. B.It produces a list of vulnerabilities found on scanned hosts. C.It produces a list of the hosts that are scanned. D.It gives instructions used to assess the configuration of endpoints and network devices against a compliance policy. Correct answer- 1D.It gives instructions used to assess the configuration of endpoints and network devices against a compliance policy. Explanation Correct Answer: An audit file in Nessus gives the scan instructions used to assess the configuration of endpoints and network devices against a compliance policy. Incorrect Answers: An audit file is used prior to the scan and does not produce any lists or results after a scan. Which of the following are two types of requirements in the SDLC model? A.Nonfunctional and performance requirements B.Functional and nonfunctional requirements C.Functional and performance requirements D.Functional and security requirements Correct answer- B.Functional and nonfunctional requirements Explanation Correct Answer: Functional requirements describe what the software must do, and nonfunctional requirements describe how the software must do these things—or what the software must be like. Incorrect Answers: A.Performance requirements are nonfunctional requirements. Performance requirements dictate how well the software must function, which is a nonfunctional requirement. D.A security requirement defines the behaviors and characteristics a system must possess in order to achieve and maintain an acceptable level of security by itself, and in its interactions with other systems. Security requirements are also nonfunctional requirements. Which of the following is an effective way that attackers can use an organization's bandwidth to hide data exfiltration? A.By exfiltrating data during periods of low use. B.By hiding data exfiltration during periods of peak use. C.By attaching sensitive data to otherwise innocuous data while exfiltrating it. D.By downloading information quickly before getting caught Correct answer- B.By hiding data exfiltration during periods of peak use. Explanation Correct Answer: Patient attackers can hide data exfiltration during periods of peak use by using a low-and-slow approach that can make them exceptionally difficult to detect if administrators are just looking at network traffic. Most attackers, however, will attempt to download sensitive information quickly and thus generate distinctive signals. Incorrect Answers: Each of these other methods will typically trigger alarms and alert administrators to data leaving the network. All of the following are common vulnerabilities that plague most systems within an organization, EXCEPT: A.Weak passwords B.Misconfigured firewall rules C.Missing patches or updates D.Need for compensating controls Correct answer- D.Need for compensating controls Explanation Correct Answer: The need for compensating controls is not a vulnerability; it is actually a mitigation for vulnerabilities that are not adequately addressed. A compensating control is added to compensate for a weakness in an existing control, to make the control stronger. Incorrect Answers: All of these other choices are common vulnerabilities found in most organizations and affect a variety of systems. During a penetration test exercise, which type of team is responsible for defending the network against the penetration testers and simulated attacks? A.Red team B.Green team C.Blue team D.White team Correct answer- C.Blue team Explanation Correct Answer: The blue team is the focus of the exercise, as they are defending the network being tested. Their response capabilities and procedures reflect how effective the penetration testing team, also known as the red team, is in its attacks. Incorrect Answers: The red team is the penetration testing team, the blue team the defenders, the white team is composed of the exercise planners and coordinators, and green team is not a valid answer. A large number of ARP queries might indicate which of the following type of attack? A.TCP SYN flood B.Cross-site scripting (XSS) attack C.Ping sweep D.Man-in-the-middle (MITM) attack Correct answer- C.Ping sweep Explanation Correct Answer: A large amount of ARP queries could indicate that the organization's systems are being scanned, such as during a ping sweep, so the hosts' MAC addresses can be resolved to IP addresses. This is merely a reconnaissance activity designed to map out the network. Incorrect Answers: These other choices are active attacks not related to reconnaissance. D. A man-in-the-middle (MITM) attack involves an attacker inserting himself into an active conversation. A cross-site scripting (XSS) attack is a web-based attack and does not involve generating ARP traffic. A TCP SYN flood involves sending a large amount of TCP segments with the synchronize (SYN) flag set but never completing the three-way TCP handshake. This causes a denial of service (DoS) condition for some hosts. A routine vulnerability scan conducted weekly on different network segments is most likely to be performed by which the following? A.Blue team B.Red team C.White team D.Green team Correct answer- A.Blue team Explanation Correct Answer: A blue team consists of network defenders and security administrators, who would be responsible for routine security tasks such as patching and vulnerability scanning. Incorrect Answers: A red team is a penetration testing team, and a white team is responsible for planning and coordinating the penetration test. D.Finally, green team is an invalid answer.