TestOut - CompTIA CySA+ Practice Questions
6.7.8 Exam With Complete Answers
Which security control makes a system more difficult to attack?
A. Deterrent
B. Detective
C. Preventive
D. Corrective - ANSWER A. Deterrent
Deterrent: Deterrent controls make a system more difficult to attack.
Preventive: Preventive controls harden a system against attacks as well as
recognize and stop them.
Detective: Detective controls identify and take action as needed when incidents
happen.
Corrective: Corrective controls lessen the aftermath of an incident by limiting
the damage.
A government agency had a breach at one of its locations that resulted in stolen
hard drives. The virtual servers on the stolen hard drives had data for only one
virtual appliance replicating to the secondary virtual appliance remotely.
A security investigation report showed that the agency did not set up virtual
appliances with data-at-rest security features.
What must the system administrators do to ensure another breach does not
jeopardize the government?
A. Configure high availability
B. Setup backup targets
C. Encrypt the virtual server
D. Setup for disaster recovery - ANSWER C. Encrypt the virtual server
Explanation
Encryption provides data-at-rest security for virtual and physical servers at the
drive level. For example, if a hard drive gets stolen, the data is not recoverable
without the decryption keys.
, Backup targets provide the availability of data in the event it is lost or corrupted.
In this case, the agency set up the virtual servers for replication to another site.
High availability supports services if one of the cluster servers goes down. In
this case, one of the servers did go, but it did not protect the data from the
breach.
Disaster recovery supports the availability of services after a catastrophic
event. Here, stolen data did not get protected, but services were still available
on the second virtual server.
Which security control layer involves putting in place policies that comply with
industry standards, such as OWASP?
A. Network
B. Management
C. Application
D. Physical - ANSWER C. Application
Explanation
Security at the Application layer involves putting in place policies that comply
with industry standards, such as OWASP (Open Web Application Security
Project).
The Management layer involves all administrative tasks to promote
uninterrupted and effective services.
The Network layer implements policies to prevent attackers from activities such
as stealing, modifying, viewing, and redirecting data.
Physical layer security measures focus on data centers, physical resources, and
cloud infrastructure.
A company's security team needs to assess the security posture of its Amazon
Web Services (AWS) environment, focusing on both the reconnaissance and
exploitation phases of a penetration testing engagement.
The team requires a tool that can automate various attack scenarios and
validate the effectiveness of its cloud security controls.
Which of the following tools is best suited for this task?
A. Suricata
B. Tenable.io
C. Pacu
D. Zed Attack Proxy (ZAP) - ANSWER C. Pacu
Explanation
Pacu is an open-source Amazon Web Services (AWS) exploitation framework for
penetration testing engagements in AWS environments. It automates various
attack scenarios and helps validate the effectiveness of cloud security controls.
6.7.8 Exam With Complete Answers
Which security control makes a system more difficult to attack?
A. Deterrent
B. Detective
C. Preventive
D. Corrective - ANSWER A. Deterrent
Deterrent: Deterrent controls make a system more difficult to attack.
Preventive: Preventive controls harden a system against attacks as well as
recognize and stop them.
Detective: Detective controls identify and take action as needed when incidents
happen.
Corrective: Corrective controls lessen the aftermath of an incident by limiting
the damage.
A government agency had a breach at one of its locations that resulted in stolen
hard drives. The virtual servers on the stolen hard drives had data for only one
virtual appliance replicating to the secondary virtual appliance remotely.
A security investigation report showed that the agency did not set up virtual
appliances with data-at-rest security features.
What must the system administrators do to ensure another breach does not
jeopardize the government?
A. Configure high availability
B. Setup backup targets
C. Encrypt the virtual server
D. Setup for disaster recovery - ANSWER C. Encrypt the virtual server
Explanation
Encryption provides data-at-rest security for virtual and physical servers at the
drive level. For example, if a hard drive gets stolen, the data is not recoverable
without the decryption keys.
, Backup targets provide the availability of data in the event it is lost or corrupted.
In this case, the agency set up the virtual servers for replication to another site.
High availability supports services if one of the cluster servers goes down. In
this case, one of the servers did go, but it did not protect the data from the
breach.
Disaster recovery supports the availability of services after a catastrophic
event. Here, stolen data did not get protected, but services were still available
on the second virtual server.
Which security control layer involves putting in place policies that comply with
industry standards, such as OWASP?
A. Network
B. Management
C. Application
D. Physical - ANSWER C. Application
Explanation
Security at the Application layer involves putting in place policies that comply
with industry standards, such as OWASP (Open Web Application Security
Project).
The Management layer involves all administrative tasks to promote
uninterrupted and effective services.
The Network layer implements policies to prevent attackers from activities such
as stealing, modifying, viewing, and redirecting data.
Physical layer security measures focus on data centers, physical resources, and
cloud infrastructure.
A company's security team needs to assess the security posture of its Amazon
Web Services (AWS) environment, focusing on both the reconnaissance and
exploitation phases of a penetration testing engagement.
The team requires a tool that can automate various attack scenarios and
validate the effectiveness of its cloud security controls.
Which of the following tools is best suited for this task?
A. Suricata
B. Tenable.io
C. Pacu
D. Zed Attack Proxy (ZAP) - ANSWER C. Pacu
Explanation
Pacu is an open-source Amazon Web Services (AWS) exploitation framework for
penetration testing engagements in AWS environments. It automates various
attack scenarios and helps validate the effectiveness of cloud security controls.
