CYSA EXAM
2023LATEST
UPDATE VERIFIED
SOLUTIONS
What are the three key objectives of information security? - ANSWER Confidentiality,
integrity, and availability
Risk exists at the intersection of _______ and _________. - ANSWER Threats and
vulnerabilities.
What is the overall risk rating for a risk that has medium likelihood and high impact? -
ANSWER High
What type of system controls access to a network based on criteria such as time of day,
location, device type, and system - ANSWER Network access control
What are the three networks typically connected to a triple-homed firewall? - ANSWER
The Internet, an internal network, and a DMZ
What is the TCP port for the HTTP protocol? - ANSWER 80
What is the TCP port for the HTTPS protocol? - ANSWER 443
What are the four types of firewalls? - ANSWER Packet filters, stateful inspection
firewalls, next-generation firewalls, and web application firewalls.
______ may be used to apply settings to many different Windows systems at the same
time. - ANSWER Group Policy Objects (GPOs)
What are the four phases of penetration testing? - ANSWER Planning, Discovery,
Attack, and Reporting
, What type of software can you use to enumerate the services that are accepting
network connections on a remote system - ANSWER Port scanner
What is the range of well-known ports? - ANSWER 0-1023
What is the range of registered ports? - ANSWER 1024-49151
What is the most commonly used port scanner? - ANSWER nmap
What Cisco logging level indicates a critical event? - ANSWER 2
What service is responsible for resolving domain names to IP addresses? - ANSWER
DNS
What tool can be used to determine the path between two systems over the Internet? -
ANSWER Traceroute or tracert, depending on the operating system
What service allows you to look up the registered owner of a domain name? -
ANSWER Whois
What type of data analysis looks for differences from expected behaviors? - ANSWER
Anomaly analysis
What type of data analysis predicts threats based on existing data? - ANSWER Trend
analysis
What regulation requires vulnerability scans for organizations involved in credit card
processing? - ANSWER PCI DSS
What regulation requires vulnerability scanning for federal government agencies? -
ANSWER FISMA
What type of vulnerability scan leverages read-only access to the scan target? -
ANSWER Credentialed scan
What term is used to describe an organization's willingness to tolerate risk? - ANSWER
Risk appetite
What type of account should be used to perform credentialed vulnerability scans? -
ANSWER Read-only account
What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS? -
ANSWER Vulnerability scanning
What is the purpose of Nikto and Acunetix? - ANSWER Web application scanning
2023LATEST
UPDATE VERIFIED
SOLUTIONS
What are the three key objectives of information security? - ANSWER Confidentiality,
integrity, and availability
Risk exists at the intersection of _______ and _________. - ANSWER Threats and
vulnerabilities.
What is the overall risk rating for a risk that has medium likelihood and high impact? -
ANSWER High
What type of system controls access to a network based on criteria such as time of day,
location, device type, and system - ANSWER Network access control
What are the three networks typically connected to a triple-homed firewall? - ANSWER
The Internet, an internal network, and a DMZ
What is the TCP port for the HTTP protocol? - ANSWER 80
What is the TCP port for the HTTPS protocol? - ANSWER 443
What are the four types of firewalls? - ANSWER Packet filters, stateful inspection
firewalls, next-generation firewalls, and web application firewalls.
______ may be used to apply settings to many different Windows systems at the same
time. - ANSWER Group Policy Objects (GPOs)
What are the four phases of penetration testing? - ANSWER Planning, Discovery,
Attack, and Reporting
, What type of software can you use to enumerate the services that are accepting
network connections on a remote system - ANSWER Port scanner
What is the range of well-known ports? - ANSWER 0-1023
What is the range of registered ports? - ANSWER 1024-49151
What is the most commonly used port scanner? - ANSWER nmap
What Cisco logging level indicates a critical event? - ANSWER 2
What service is responsible for resolving domain names to IP addresses? - ANSWER
DNS
What tool can be used to determine the path between two systems over the Internet? -
ANSWER Traceroute or tracert, depending on the operating system
What service allows you to look up the registered owner of a domain name? -
ANSWER Whois
What type of data analysis looks for differences from expected behaviors? - ANSWER
Anomaly analysis
What type of data analysis predicts threats based on existing data? - ANSWER Trend
analysis
What regulation requires vulnerability scans for organizations involved in credit card
processing? - ANSWER PCI DSS
What regulation requires vulnerability scanning for federal government agencies? -
ANSWER FISMA
What type of vulnerability scan leverages read-only access to the scan target? -
ANSWER Credentialed scan
What term is used to describe an organization's willingness to tolerate risk? - ANSWER
Risk appetite
What type of account should be used to perform credentialed vulnerability scans? -
ANSWER Read-only account
What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS? -
ANSWER Vulnerability scanning
What is the purpose of Nikto and Acunetix? - ANSWER Web application scanning
