CYSA EXAM TEST QUESTIONS AND ANWERS VERIFIED
100% CORRECT
Which of the following organizational initiatives would be MOST impacted by data
sovereignty issues?
A. Moving to a cloud-based environment
B. Migrating to locally hosted virtual servers
C. Implementing non-repudiation controls
D. Encrypting local database queries
Reveal Solution - ANSWER A. Moving to a cloud-based environment
A help desk technician inadvertently sent the credentials of the company's CRM in
cleartext to an employee's personal email account. The technician then reset the
employee's account using the appropriate process and the employee's corporate email,
and notified the security team of the incident. According to the incident response
procedure, which of the following should the security team do NEXT? A. Contact the
CRM vendor.
B. Prepare an incident summary report.
C. Perform postmortem data correlation.
D. Update the incident response plan. - ANSWER B. Prepare an incident summary
report.
Which of the following is MOST dangerous to the client environment during a
vulnerability assessment/penetration test?
A. There is a longer period of time to assess the environment.
B. The testing is outside the contractual scope.
C. There is a shorter period of time to assess the environment.
D. No status reports are included with the assessment.
Reveal Solution - ANSWER B. The testing is outside the contractual scope.
An organization is adopting IoT devices at an increasing rate and will need to account
for firmware updates in its vulnerability management programs. Despite the number of
devices being deployed, the organization has only focused on software patches so far,
leaving hardware-related weaknesses open to compromise. Which of the following best
practices will help the organization to track and deploy trusted firmware updates as part
of its vulnerability management programs?
A. Utilize threat intelligence to guide risk evaluation activities and implement critical
updates after proper testing.
B. Apply all firmware updates as soon as they are released to mitigate the risk of
compromise.
C. Sign up for vendor emails and create firmware update change plans for affected
devices.
,D. Implement an automated solution that detects when vendors release firmware
updates and immediately deploy updates to production. - ANSWER A. Utilize threat
intelligence to guide risk evaluation activities and implement critical updates after proper
testing.
A company's blocklist has outgrown the current technologies in place. The ACLs are at
maximum, and the IPS signatures only allow a certain amount of space for domains to
be added, creating the need for multiple signatures. Which of the following configuration
changes to the existing controls would be the MOST appropriate to improve
performance?
A. Implement a host-file-based solution that will use a list of all domains to deny for
all machines on the network.
B. Create an IDS for the current blocklist to determine which domains are showing
activity and may need to be removed.
C. Review the current blocklist and prioritize it based on the level of threat severity.
Add the domains with the highest severity to the blocklist and remove the lower-severity
threats from it.
D. Review the current blocklist to determine which domains can be removed from
the list and then update the ACLs and IPS signatures. - ANSWER C. Review the
current blocklist and prioritize it based on the level of threat severity. Add the domains
with the highest severity to the blocklist and remove the lower-severity threats from it.
A company is experiencing a malware attack within its network. A security engineer
notices many of the impacted assets are connecting outbound to a number of remote
destinations and exfiltrating data. The security engineer also sees that deployed, up-
todate antivirus signatures are ineffective. Which of the following is the BEST approach
to prevent any impact to the company from similar attacks in the future?
A. IDS signatures
B. Data loss prevention
C. Port security
D. Sinkholing - ANSWER B. Data loss prevention
The IT department is concerned about the possibility of a guest device infecting
machines on the corporate network or taking down the company's single Internet
connection. Which of the following should a security analyst recommend to BEST meet
the requirements outlined by the IT department?
A. Require the guest machines to install the corporate-owned EDR solution
B. Configure NAC to only allow machines on the network that are patched and have
active antivirus
C. Place a firewall in between the corporate network and the guest network
D. Configure the IPS with rules that will detect common malware signatures traveling
from the guest network - ANSWER B. Configure NAC to only allow machines on the
network that are patched and have active antivirus
, Following a recent security breach, a company decides to investigate account usage to
ensure privileged accounts are only being utilized during typical business hours. During
the investigation, a security analyst determines an account was consistently utilized in
the middle of the night. Which of the following actions should the analyst take NEXT? A.
Disable the privileged account.
B. Initiate the incident response plan.
C. Report the discrepancy to human resources.
D. Review the activity with the user. - ANSWER D. Review the activity with the user.
Which of the following are reasons why consumer IoT devices should be avoided in an
enterprise environment? (Choose two.)
A. Message queuing telemetry transport does not support encryption.
B. The devices may have weak or known passwords.
C. The devices may cause a dramatic increase in wireless network traffic.
D. The devices may utilize unsecure network protocols.
E. Multiple devices may interfere with the functions of other IoT devices.
F. The devices are not compatible with TLS 1.2. - ANSWER B. The devices may have
weak or known passwords.
D. The devices may utilize unsecure network protocols.
In response to an audit finding, a company's Chief Information Officer (CIO) instructed
the security department to increase the security posture of the vulnerability
management program. Currently, the company's vulnerability management program has
the following attributes:✑ It is unauthenticated.✑ It is at the minimum interval specified
by the audit framework.✑ It only scans well-known ports.Which of the following would
BEST increase the security posture of the vulnerability management program?
A. Expand the ports being scanned to include all ports. Increase the scan interval to
a number the business will accept without causing service interruption. Enable
authentication and perform credentialed scans.
B. Expand the ports being scanned to include all ports. Keep the scan interval at its
current level. Enable authentication and perform credentialed scans.
C. Expand the ports being scanned to include all ports. Increase the scan interval to
a number the business will accept without causing service interruption. Continue
unauthenticated scanning.
D. Continue scanning the well-known ports. Increase the scan interval to a number
the business will accept without causing service interruption. Enable authentication and
perform credentialed scans. - ANSWER A. Expand the ports being scanned to include
all ports. Increase the scan interval to a number the business will accept without
causing service interruption. Enable authentication and perform credentialed scans.
A financial organization has offices located globally. Per the organization's policies and
procedures, all executives who conduct business overseas must have their mobile
devices checked for malicious software or evidence of tampering upon their return. The
100% CORRECT
Which of the following organizational initiatives would be MOST impacted by data
sovereignty issues?
A. Moving to a cloud-based environment
B. Migrating to locally hosted virtual servers
C. Implementing non-repudiation controls
D. Encrypting local database queries
Reveal Solution - ANSWER A. Moving to a cloud-based environment
A help desk technician inadvertently sent the credentials of the company's CRM in
cleartext to an employee's personal email account. The technician then reset the
employee's account using the appropriate process and the employee's corporate email,
and notified the security team of the incident. According to the incident response
procedure, which of the following should the security team do NEXT? A. Contact the
CRM vendor.
B. Prepare an incident summary report.
C. Perform postmortem data correlation.
D. Update the incident response plan. - ANSWER B. Prepare an incident summary
report.
Which of the following is MOST dangerous to the client environment during a
vulnerability assessment/penetration test?
A. There is a longer period of time to assess the environment.
B. The testing is outside the contractual scope.
C. There is a shorter period of time to assess the environment.
D. No status reports are included with the assessment.
Reveal Solution - ANSWER B. The testing is outside the contractual scope.
An organization is adopting IoT devices at an increasing rate and will need to account
for firmware updates in its vulnerability management programs. Despite the number of
devices being deployed, the organization has only focused on software patches so far,
leaving hardware-related weaknesses open to compromise. Which of the following best
practices will help the organization to track and deploy trusted firmware updates as part
of its vulnerability management programs?
A. Utilize threat intelligence to guide risk evaluation activities and implement critical
updates after proper testing.
B. Apply all firmware updates as soon as they are released to mitigate the risk of
compromise.
C. Sign up for vendor emails and create firmware update change plans for affected
devices.
,D. Implement an automated solution that detects when vendors release firmware
updates and immediately deploy updates to production. - ANSWER A. Utilize threat
intelligence to guide risk evaluation activities and implement critical updates after proper
testing.
A company's blocklist has outgrown the current technologies in place. The ACLs are at
maximum, and the IPS signatures only allow a certain amount of space for domains to
be added, creating the need for multiple signatures. Which of the following configuration
changes to the existing controls would be the MOST appropriate to improve
performance?
A. Implement a host-file-based solution that will use a list of all domains to deny for
all machines on the network.
B. Create an IDS for the current blocklist to determine which domains are showing
activity and may need to be removed.
C. Review the current blocklist and prioritize it based on the level of threat severity.
Add the domains with the highest severity to the blocklist and remove the lower-severity
threats from it.
D. Review the current blocklist to determine which domains can be removed from
the list and then update the ACLs and IPS signatures. - ANSWER C. Review the
current blocklist and prioritize it based on the level of threat severity. Add the domains
with the highest severity to the blocklist and remove the lower-severity threats from it.
A company is experiencing a malware attack within its network. A security engineer
notices many of the impacted assets are connecting outbound to a number of remote
destinations and exfiltrating data. The security engineer also sees that deployed, up-
todate antivirus signatures are ineffective. Which of the following is the BEST approach
to prevent any impact to the company from similar attacks in the future?
A. IDS signatures
B. Data loss prevention
C. Port security
D. Sinkholing - ANSWER B. Data loss prevention
The IT department is concerned about the possibility of a guest device infecting
machines on the corporate network or taking down the company's single Internet
connection. Which of the following should a security analyst recommend to BEST meet
the requirements outlined by the IT department?
A. Require the guest machines to install the corporate-owned EDR solution
B. Configure NAC to only allow machines on the network that are patched and have
active antivirus
C. Place a firewall in between the corporate network and the guest network
D. Configure the IPS with rules that will detect common malware signatures traveling
from the guest network - ANSWER B. Configure NAC to only allow machines on the
network that are patched and have active antivirus
, Following a recent security breach, a company decides to investigate account usage to
ensure privileged accounts are only being utilized during typical business hours. During
the investigation, a security analyst determines an account was consistently utilized in
the middle of the night. Which of the following actions should the analyst take NEXT? A.
Disable the privileged account.
B. Initiate the incident response plan.
C. Report the discrepancy to human resources.
D. Review the activity with the user. - ANSWER D. Review the activity with the user.
Which of the following are reasons why consumer IoT devices should be avoided in an
enterprise environment? (Choose two.)
A. Message queuing telemetry transport does not support encryption.
B. The devices may have weak or known passwords.
C. The devices may cause a dramatic increase in wireless network traffic.
D. The devices may utilize unsecure network protocols.
E. Multiple devices may interfere with the functions of other IoT devices.
F. The devices are not compatible with TLS 1.2. - ANSWER B. The devices may have
weak or known passwords.
D. The devices may utilize unsecure network protocols.
In response to an audit finding, a company's Chief Information Officer (CIO) instructed
the security department to increase the security posture of the vulnerability
management program. Currently, the company's vulnerability management program has
the following attributes:✑ It is unauthenticated.✑ It is at the minimum interval specified
by the audit framework.✑ It only scans well-known ports.Which of the following would
BEST increase the security posture of the vulnerability management program?
A. Expand the ports being scanned to include all ports. Increase the scan interval to
a number the business will accept without causing service interruption. Enable
authentication and perform credentialed scans.
B. Expand the ports being scanned to include all ports. Keep the scan interval at its
current level. Enable authentication and perform credentialed scans.
C. Expand the ports being scanned to include all ports. Increase the scan interval to
a number the business will accept without causing service interruption. Continue
unauthenticated scanning.
D. Continue scanning the well-known ports. Increase the scan interval to a number
the business will accept without causing service interruption. Enable authentication and
perform credentialed scans. - ANSWER A. Expand the ports being scanned to include
all ports. Increase the scan interval to a number the business will accept without
causing service interruption. Enable authentication and perform credentialed scans.
A financial organization has offices located globally. Per the organization's policies and
procedures, all executives who conduct business overseas must have their mobile
devices checked for malicious software or evidence of tampering upon their return. The
