CySa+ Domain 3

Ace your homework & exams now with Quizwiz!

A password spraying attack is MOST like which of the following attack types?

A brute force attack

Which key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods?

Access control

Where would a network administrator find cross-domain misconfiguration in the Open Web Application Security Project (OWASP) Zed Attack Proxy (ZAP) application after an automated scan of the local web server?

Alerts tab

Which of the following BEST describes a TCP session hijacking attack?

An attacker sniffs between two machines on a connection-based protocol, monitors the traffic to capture the session ID, terminates the target computer's connection, and injects packets to the server

Which of the following is critical to effectively detect potential DDoS attacks?

Establish a baseline of network traffic.

An IPS permits a connection between a domain controller and a user device in the domain on port 445. A domain-enabled account then authenticates to the user device, accesses sensitive data, and transmits it over a Wide Area Network (WAN). What is the type of error in this situation?

False negative

A project manager needs to verify users and authorize access to systems and applications. Which security control should the project manager implement?

Multi-factor authentication

As a security analyst for a U.S. federal agency, you have been asked by management to make sure that the company meets all requirements for FISMA (the Federal Information Security Modernization Act) in a practical and applicable way for your organization. At the moment, these requirements are not focused on personal data and privacy. Which of the following resources would MOST likely provide the guidance that you need to meet the FISMA regulations?

NIST

The cybersecurity team at a large online retail organization, which uses various operating systems, applications, and hardware devices, is responsible for configuring these systems securely to prevent potential security breaches. As part of their investigations, they come across a framework for process improvement that helps organizations streamline and optimize their processes to deliver better products and services. Which of the following focuses on a community-driven approach to software security to help organizations improve their security plan initiatives and meet compliance standards?

OWASP

security analyst is investigating a recent cyberattack on their organization's web applications. The investigation must assess the web application vulnerabilities while considering special considerations in vulnerability scanning. Which framework should the analyst utilize to achieve this objective?

OWASP Testing Guide

Which security control recognizes and stops attacks?

Preventive

Which of the following are the two main task categories performed during a maintenance window?

Proactive Reactive

A security consultant identified a vulnerability in a web application that allows an attacker to execute arbitrary commands on the target system, potentially gaining full control over it.

Remote Code Execution (RCE)

The Intruder feature of the Burp Suite can provide an output of vulnerable elements on a web page displayed on the suite's integrated browser. Using default settings, how can an administrator quickly identify which login page elements, for example, are potentially vulnerable?

Review items highlighted in green

A large-scale business needs a system to control field devices with embedded PLCs on multiple sites spread over a large geographical area. What system should an Information Security Program Manager choose to BEST suit the coverage needed for this business?

SCADA

Many industries use automated systems to manage the control of machinery and equipment, which is critical to a company's safety, productivity, and efficiency. What technology governs whole process automation system?

SCADA

A company has recently implemented a program to encourage ethical hackers to identify vulnerabilities in their systems. An independent cybersecurity researcher has discovered a critical vulnerability that could potentially compromise the company's user data. What is the responsible and ethical action for the researcher to take?

Submit the findings to the company's bug bounty program.

Which of the following operations is characteristic of cyber criminal activity?

Targeting multiple pharmaceutical companies with a financial fraud scheme.

An e-commerce company recently suffered a data breach, and a security audit revealed several vulnerabilities in their web application. The company wants to improve its web application security by following secure coding best practices and enhancing session management. Which of the following actions should the company take to achieve this?

Use short session timeouts

What type of scan is used to find system weaknesses, such as open ports, access points, and other potential threats?

CySa+ Domain 3

Related study sets

Supply Chain Exam 1 McLaury

Simulation Lab 11.1: Module 11 Harden PC with Group Policy Editor

Unit 8 Test

ANAT Unit 3 - M20: Blood Supply to the Brain, meninges, ventricles, and CSF

MGSC 300 - Chapter 6

Chem 101 Ch 1 text questions

Life Insurance

Accnt 2010 Managerial CH 10

Macroeconomics Chapter 3

2022 NISSAN PATHFINDER

Four Types of Nursing Assessments

Chapter 3 A.P Physics Test

Chapter 10: Stockholders Equity

3073 Ch.5

Accounting chapter 3

Chapter 48 disorder of musculoskeletal function: trauma infection and neoplasm

M.I.S. Exam 3 Review

pharm ch 24

mod 4 drivers ed

Chapter 11 (Patient Safety)