WGU D483 CompTia SysA+ Study Questions and
Correct Detailed Answers| Latest Update
An organization recently had an attack that resulted in system data loss. The
system administrator must now restore the system with a data backup. What
functional security control was the system administrator able to implement?
A. Preventative
B.Responsive
C.Corrective
D.Compensating
C.Corrective
The system administrator used a corrective control after the attack. A good
example of a corrective control is a backup system that can restore data that an
attacker damages during an intrusion.
Preventative controls act to eliminate or reduce the likelihood that an attack can
succeed. A preventative control operates before an attack can take place.
Responsive controls serve to direct corrective actions enacted after the
organization confirms the incident. They often document these actions in a
playbook.
The compensating control is a substitute for a principal control, as recommended
by a security standard, and affords the same (or better) level of protection but
uses a different methodology or technology.
,A security engineer installs a next-generation firewall on the perimeter of a
network. This installation is an example of what type of security control class?
A.Managerial
B.Operational
C.Detective
D.Technical
D.Technical
Firewalls, antivirus software, and operating system (OS) access control models are
examples of technical controls. The engineer would implement technical control
as a system (hardware, software, or firmware).
The managerial control gives oversight of the information system. Examples could
include risk identification or a tool allowing the evaluation and selection of other
security controls.
People primarily implement operational control rather than systems. For example,
security guards and training programs are operational controls rather than
technical controls.
The detective control is a functional control that is not a security control class.
An engineer is considering appropriate risk responses using threat modeling.
They are trying to understand which threat actors are in scope for their
organization. How does threat modeling identify the principal risks and tactics,
techniques, and procedures (TTPs) for which their system may be susceptible?
(Select the three best options.)
A.By evaluating the system from an attacker's point of view
,B.By evaluating a system from a neutral perspective
C.Through using tools such as diagrams
D.By analyzing the system from the defender's perspective
ACD
Evaluating systems from a neutral perspective is not a method used in threat
modeling.
A mission-critical system is offline at an organization due to a zero-day attack.
The associated software vendor plans to release a patch to remediate the
vulnerability. Which of the following are important patch management
considerations for this scenario? (Select the three best options.)
A.A patch test environment
B.Immediate push delivery of critical security patches
C.A specific team responsible for reviewing vendor-supplied newsletters and
security patch bulletins
D.A routine schedule for the rollout of noncritical patches
ABC
D. While creating a routine schedule for the rollout of noncritical patches has
merit, it does not illustrate important patch management considerations in this
example. A security analyst would address noncritical patches at a later time.
A security analyst is reviewing an announcement from the Cybersecurity and
Infrastructure Security Agency. Which source of defensive open-source
intelligence (OSINT) does the agency represent?
, A.CERT
B.Internal sources
C.Government bulletins
D.CSIRT
C. Government bulletins
The government is responsible for protecting the country's constituents and the
national infrastructure and publishing various information and advice regarding
observed threats. For example, the Department of Homeland Security and the
Cybersecurity and Infrastructure Agency publishes several types of cybersecurity
guidance, including basic informational content and binding operational directives
that federal agencies must implement.
A computer emergency response team (CERT) aims to mitigate cybercrime and
minimize damage by responding to incidents quickly.
It is important to consider that evidence regarding active threats, reconnaissance
activities, and suspicious behavior exists within the protected environment.
A computer security incident response team (CSIRT) is a group responsible for
responding to security incidents involving computer systems.
Hacktivist
such as Anonymous, WikiLeaks, or LulzSec, use cyber weapons to promote a
political agenda. Hacktivists might attempt to obtain and release confidential
information to the public domain, perform denial of service (DoS) attacks, or
deface websites.
Nation-state
Correct Detailed Answers| Latest Update
An organization recently had an attack that resulted in system data loss. The
system administrator must now restore the system with a data backup. What
functional security control was the system administrator able to implement?
A. Preventative
B.Responsive
C.Corrective
D.Compensating
C.Corrective
The system administrator used a corrective control after the attack. A good
example of a corrective control is a backup system that can restore data that an
attacker damages during an intrusion.
Preventative controls act to eliminate or reduce the likelihood that an attack can
succeed. A preventative control operates before an attack can take place.
Responsive controls serve to direct corrective actions enacted after the
organization confirms the incident. They often document these actions in a
playbook.
The compensating control is a substitute for a principal control, as recommended
by a security standard, and affords the same (or better) level of protection but
uses a different methodology or technology.
,A security engineer installs a next-generation firewall on the perimeter of a
network. This installation is an example of what type of security control class?
A.Managerial
B.Operational
C.Detective
D.Technical
D.Technical
Firewalls, antivirus software, and operating system (OS) access control models are
examples of technical controls. The engineer would implement technical control
as a system (hardware, software, or firmware).
The managerial control gives oversight of the information system. Examples could
include risk identification or a tool allowing the evaluation and selection of other
security controls.
People primarily implement operational control rather than systems. For example,
security guards and training programs are operational controls rather than
technical controls.
The detective control is a functional control that is not a security control class.
An engineer is considering appropriate risk responses using threat modeling.
They are trying to understand which threat actors are in scope for their
organization. How does threat modeling identify the principal risks and tactics,
techniques, and procedures (TTPs) for which their system may be susceptible?
(Select the three best options.)
A.By evaluating the system from an attacker's point of view
,B.By evaluating a system from a neutral perspective
C.Through using tools such as diagrams
D.By analyzing the system from the defender's perspective
ACD
Evaluating systems from a neutral perspective is not a method used in threat
modeling.
A mission-critical system is offline at an organization due to a zero-day attack.
The associated software vendor plans to release a patch to remediate the
vulnerability. Which of the following are important patch management
considerations for this scenario? (Select the three best options.)
A.A patch test environment
B.Immediate push delivery of critical security patches
C.A specific team responsible for reviewing vendor-supplied newsletters and
security patch bulletins
D.A routine schedule for the rollout of noncritical patches
ABC
D. While creating a routine schedule for the rollout of noncritical patches has
merit, it does not illustrate important patch management considerations in this
example. A security analyst would address noncritical patches at a later time.
A security analyst is reviewing an announcement from the Cybersecurity and
Infrastructure Security Agency. Which source of defensive open-source
intelligence (OSINT) does the agency represent?
, A.CERT
B.Internal sources
C.Government bulletins
D.CSIRT
C. Government bulletins
The government is responsible for protecting the country's constituents and the
national infrastructure and publishing various information and advice regarding
observed threats. For example, the Department of Homeland Security and the
Cybersecurity and Infrastructure Agency publishes several types of cybersecurity
guidance, including basic informational content and binding operational directives
that federal agencies must implement.
A computer emergency response team (CERT) aims to mitigate cybercrime and
minimize damage by responding to incidents quickly.
It is important to consider that evidence regarding active threats, reconnaissance
activities, and suspicious behavior exists within the protected environment.
A computer security incident response team (CSIRT) is a group responsible for
responding to security incidents involving computer systems.
Hacktivist
such as Anonymous, WikiLeaks, or LulzSec, use cyber weapons to promote a
political agenda. Hacktivists might attempt to obtain and release confidential
information to the public domain, perform denial of service (DoS) attacks, or
deface websites.
Nation-state
