CompTIA CySA+ (CS0-002) Practice Exam 1 Correct 100%

A cybersecurity analyst reviews the logs of a proxy server and saw the following URL, A. Returns no useful results for an attacker B. Returns all web pages containing an email address affiliated with C.Returns all web pages hosted at D. Returns all web pages containing the text - Answer B. Returns all web pages containing an email address affiliated with Google interprets this statement as <anything>@ and understands that the user is searching for email addresses since %40 is the hex code for the @ symbol. The * is a wild card character meaning that any text could be substituted for the * in the query. This type of search would provide an attacker with a list of email addresses associated with , which could be used as part of a spear phishing campaign. To return all web pages hosted at , you should use the "site:" modifier in the query. To return all web pages with the text , enter "" into the Google search bar with no modifiers to return those results. Protected health information (PHI) - Answer is defined as any information that identifies someone as the subject of medical and insurance records, plus their associated hospital and laboratory test results. This type of data is protected by the Health Insurance Portability and Accountability Act (HIPAA). Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach? A. Trade secret information B. Protected health information C. Credit card information D. Personally identifiable information - Answer B. Protected health information OBJ-5.1: Protected health information (PHI) is defined as any information that identifies someone as the subject of medical and insurance records, plus their associated hospital and laboratory test results. This type of data is protected by the Health Insurance Portability and Accountability Act (HIPAA). It requires notification of the individual, the Secretary of the US Department of Health and Human Services (HHS), and the media (if more than 500 individuals are affected) in the case of a data breach. Personally identifiable information (PII) is any data that can be used to identify, contact, or impersonate an individual. Credit card information is protected under the PCI DSS information security standard. Trade secret information is protected by the organization that owns those secrets. Personally identifiable information (PII) is - Answer any data that can be used to identify, contact, or impersonate an individual. Credit card information is - Answer protected under the PCI DSS information security standard. Trade secret information is - Answer protected by the organization that owns those secrets. Fail to Pass Systems has suffered a data breach. Your analysis of suspicious log activity traced the source of the data breach to an employee in the accounting department's personally-owned smartphone connected to the company's wireless network. The smartphone has been isolated from the network now, but the employee refuses to allow you to image their smartphone to complete your investigation forensically. According to the employee, the company's BYOD policy does not require her to give you her device, and it is an invasion of their privacy. Which of the following phases of the incident response process is at fault for creating this situation? A. Detection and analysis phase B . Containment phase C .Preparation Phase D. Eradication and recovery phase - Answer C .Preparation Phase OBJ-5.1: As part of the preparation phase, obtaining authorization to seize devices (including personally owned electronics) should have been made clear and consented to by all employees. If the proper requirements were placed into the BYOD policy before the incident occurred, this would have prevented this situation. Either the employee would be willing to hand over their device for imaging following the BYOD policy, or they would never have connected their device to the company wireless network in the first place if they were concerned with their privacy and understood the BYOD policy. Based on the scenario provided, the detection and analysis phase was conducted properly since the analyst was able to identify the breach and detect the source. The containment phase would be responsible for the segmentation and isolation of the device which has occurred. Eradication and recovery would involve patching, restoring, mitigating, and remediating the vulnerability, which was the employee's smartphone. Evidence retention is conducted in post-incident activities, but this cannot be done due to the lack of proper preparation concerning the BYOD policy. Which of the following techniques would be the most appropriate solution to implementing a multi-factor authentication system? A.Fingerprint and retinal scan B.smartcard and PIN C.Username and password D.Password and security question - Answer B.smartcard and PIN Multi-factor authentication (MFA) creates multiple security layers to help increase the confidence that the user requesting access is who they claim to be by requiring two distinct factors for authentication. These factors can be something you know (knowledge factor), something you have (possession factor), something you are (inheritance factor), something you do (action factor), or somewhere you are (location factor). By selecting a smartcard (something you have) and a PIN (something you know), you have implemented multi-factor authentication. Choosing a fingerprint and retinal scan would instead use only one factor (inheritance). Choosing a username, password, and security question would also be only using one factor (knowledge). For something to be considered multi-factor, you need items from at least two different authentication factor categories: knowledge, possession, inheritance, location, or action. Multi-factor authentication (MFA) creates - Answer multiple security layers to help increase the confidence that the user requesting access is who they claim to be by requiring two distinct factors for authentication. These factors can be something you know (knowledge factor), something you have (possession factor), something you are (inheritance factor), something you do (action factor), or somewhere you are (location factor). By selecting a smartcard (something you have) and a PIN (something you know), you have implemented multi-factor authentication. Choosing a fingerprint and retinal scan would - Answer instead use only one factor (inheritance). Choosing a username, password, and security question would - Answer also be only using one factor (knowledge). Which of the following tools is useful for capturing Windows memory data for forensic analysis? A.Nessus B.Memdump C.dd D.Wireshark - Answer B.Memdump