CySA EXAM |93 QUESTIONS AND ANSWERS
Confidentiality, integrity, and availability - -What are the three key objectives of
information security?
-Threats and vulnerabilities. - -Risk exists at the intersection of _______ and _________.
-Network access control - -What type of system controls access to a network based on
criteria such as time of day, location, device type, and system health?
-The Internet, an internal network, and a DMZ - -What are the three networks typically
connected to a triple-homed firewall?
-Packet filters
Stateful inspection firewalls
Next-generation firewalls
Web application firewalls. - -What are the four types of firewalls?
-Group Policy Objects (GPOs) - -______ may be used to apply settings to many different
Windows systems at the same time.
-Planning, Discovery, Attack, and Reporting - -Four phases of penetration testing
-Port scanner - -What type of software can you use to enumerate the services that are
accepting network connections on a remote system without probing that system for
vulnerabilities?
-nmap - -What is the most commonly used port scanner?
-Traceroute or tracert, depending on the operating system - -What tool can be used to
determine the path between two systems over the Internet?
-Anomaly analysis - -What type of data analysis looks for differences from expected
behaviors?
-Trend analysis - -What type of data analysis predicts threats based on existing data?
-Credentialed scan - -What type of vulnerability scan leverages read-only access to the
scan target?
-Risk appetite - -What term is used to describe an organization's willingness to tolerate
risk?
-Read-only account - -What type of account should be used to perform credentialed
vulnerability scans?
, -Vulnerability scanning - -What function is performed by QualysGuard, Nessus, Nexpose,
and OpenVAS?
-Web application scanning - -What is the purpose of Nikto and Acunetix?
-Criticality
Difficulty
Severity
Exposure - -Remediation Priority
-CVSS - -What industry-standard system is used to assess the severity of security
vulnerabilities?
-False positive - -What is the term used to describe when a scanner reports a vulnerability
that does not really exist?
-Buffer overflow - -What type of vulnerability allows an attacker to place more data into
an area of memory than is allocated for a specific purpose?
-Privilege escalation - -What type of attack seeks to increase the level of access that an
attacker has to a targeted system?
-Arbitrary code execution - -What type of attack allows an attacker to run software of his
or her choice on the targeted system?
-TLS 1.2 or later - -What is the current secure standard for providing HTTPS encryption?
-DNS amplification - -In what type of attack does the attacker sends spoofed DNS requests
to a DNS server that are carefully designed to elicit responses that are much larger in size
than the original requests?
-Security event - -What term is used to describe any observable occurrence in a system or
network that relates to a security function?
-Security incident - -What term is used to describe a violation or imminent threat of
violation of computer security policies, acceptable use policies, or standard security
practices?
-Preparation
Detection & Analysis
Containment, Eradication, & Recovery
Post-Incident Activity - -What are the phases of incident response?
-Procedures - -What type of documents provide the detailed, tactical information that
CSIRT members need when responding to an incident?
Confidentiality, integrity, and availability - -What are the three key objectives of
information security?
-Threats and vulnerabilities. - -Risk exists at the intersection of _______ and _________.
-Network access control - -What type of system controls access to a network based on
criteria such as time of day, location, device type, and system health?
-The Internet, an internal network, and a DMZ - -What are the three networks typically
connected to a triple-homed firewall?
-Packet filters
Stateful inspection firewalls
Next-generation firewalls
Web application firewalls. - -What are the four types of firewalls?
-Group Policy Objects (GPOs) - -______ may be used to apply settings to many different
Windows systems at the same time.
-Planning, Discovery, Attack, and Reporting - -Four phases of penetration testing
-Port scanner - -What type of software can you use to enumerate the services that are
accepting network connections on a remote system without probing that system for
vulnerabilities?
-nmap - -What is the most commonly used port scanner?
-Traceroute or tracert, depending on the operating system - -What tool can be used to
determine the path between two systems over the Internet?
-Anomaly analysis - -What type of data analysis looks for differences from expected
behaviors?
-Trend analysis - -What type of data analysis predicts threats based on existing data?
-Credentialed scan - -What type of vulnerability scan leverages read-only access to the
scan target?
-Risk appetite - -What term is used to describe an organization's willingness to tolerate
risk?
-Read-only account - -What type of account should be used to perform credentialed
vulnerability scans?
, -Vulnerability scanning - -What function is performed by QualysGuard, Nessus, Nexpose,
and OpenVAS?
-Web application scanning - -What is the purpose of Nikto and Acunetix?
-Criticality
Difficulty
Severity
Exposure - -Remediation Priority
-CVSS - -What industry-standard system is used to assess the severity of security
vulnerabilities?
-False positive - -What is the term used to describe when a scanner reports a vulnerability
that does not really exist?
-Buffer overflow - -What type of vulnerability allows an attacker to place more data into
an area of memory than is allocated for a specific purpose?
-Privilege escalation - -What type of attack seeks to increase the level of access that an
attacker has to a targeted system?
-Arbitrary code execution - -What type of attack allows an attacker to run software of his
or her choice on the targeted system?
-TLS 1.2 or later - -What is the current secure standard for providing HTTPS encryption?
-DNS amplification - -In what type of attack does the attacker sends spoofed DNS requests
to a DNS server that are carefully designed to elicit responses that are much larger in size
than the original requests?
-Security event - -What term is used to describe any observable occurrence in a system or
network that relates to a security function?
-Security incident - -What term is used to describe a violation or imminent threat of
violation of computer security policies, acceptable use policies, or standard security
practices?
-Preparation
Detection & Analysis
Containment, Eradication, & Recovery
Post-Incident Activity - -What are the phases of incident response?
-Procedures - -What type of documents provide the detailed, tactical information that
CSIRT members need when responding to an incident?
