CySa+ Practice Test
Based on the following output from the two commands, what is the purpose of the nmap --script banner 192.168.1.x command?
To scan a host using the Nmap script named banner and report any software versions determined to be running on the open ports.
Jorge, a hacker, has gained access to a Linux system. He has located usernames and IDs, and he wants the hashed passwords for the users that he found. Which file should he look in?
/etc/shadow
Which of the following is the client responsible for in a PaaS cloud service model?
All applications developed
Which IoT security category does disabling guest or demo accounts fall under?
Authentication
Which of the following defines all the prerequisites a device must meet in order to access a network?
Authentication defines all the prerequisites a device must meet in order to access a network. These criteria are detailed for such things as anti-malware, OS, and patch level.
Which of the following could you use as an LDAP countermeasure?
Block port 389.
When you create an event subscription, events are sent from one computer to another. What is the computer that receives the events called?
Collector computer
Which of the following firewall evasion countermeasures should be implemented to mitigate firewall evasion? (Select two.)
Defense in Depth Filtering an intruder's IP address
A security analyst discovers an employee has posted and tagged photos of the company's server room on a social media site. Which policy has been violated?
Employee social media
A list of actions and objectives taken to mitigate risk is known as a:
Framework
In which of the following areas would you MOST likely update the knowledge base?
IOC generation
The following information about an incident should be provided to stakeholders: What caused the incident and which security measures have been taken. What was the incident's financial, systemic, and reputational impact. How have policies and procedures been updated because of the incident. Which report should be used to share this information?
Incident summary
Which of the following Windows permissions apply to local files and directories?
NTFS
Which of the following actions can help safeguard against data loss?
Routinely review access controls to ensure only needed access is given to each employee.
Taylor is a manager who is trying to find a way to get computers with different operating systems to easily interact with each other. Which of the following should she use to accomplish this?
SOAP
Which of the following allows users to sign into a single trusted account, such as Google or Facebook?
SSO
Your company president suspects that one of the employees has been embezzling money from the company and depositing it in their own bank account. Which of the following methods could you use to find evidence of this action?
String search
You are configuring a new email server for your organization and need to implement a firewall solution. The firewall will be designed to handle connections to the email server. Which of the following would be the BEST firewall solution
A bastion host is a specialized computer system with two network interfaces that is placed between the internal and external networks. A bastion host handles the connection for a private instance, such as logging into an email server. A bastion host should be designed to perform only that single task. All other services and applications should be removed so the system is better hardened against attacks.
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras?
A dome camera
Which of the following best describes a wireless hotspot?
A physical location where people may obtain free internet access using Wi-Fi.
Which type of wireless network does not use a wireless access point?
Ad-hoc
In order to perform testing of various websites for your company, you are using Burpsuite. What function allows Burpsuite to collect so much information about a client/server communication stream?
Burp Suite acts as a proxy.
Which of the following is an entity that issues digital certificates?
CA
A user has reported that they can't remote into the OpenSSH service running on their Windows 10 machine that they use to transfer files from a development Linux box. You are at the Windows machine and have Task Manager running. You notice that the SSHD, the OpenSSH server process, is not in the list on the Processes tab of Task Manager. Which tab on the screenshot below would you click on, and which steps could you take to start the service and ensure it starts every time the machine is booted?
Click on the Services tab and then click Open Services at the bottom. Then find the OpenSSH SSH Server entry, double-click on it, and click the Start button. Change the Startup Type field to Automatic.
Which of the following BEST describes the process of using prediction to gain session tokens in an Application level hijacking attack?
Collect several session IDs that have been used before and then analyze them to determine a pattern.
You have observed that Steve, an employee at your company, has been coming in at odd hours, requesting sensitive data that is unrelated to his position, and bringing in his own flash drive. Steve's actions are common indicators of which of the following threats?
Data loss
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?
Document what is on the screen.
What information is included in the service portion of a due diligence assessment? (Select two.)
Does the vendor provide reliable and timely product support? What level of system access does the vendor require?
Which site MOST often shows the newest vulnerabilities before other sources?
Full Disclosure
Jake, a security analyst, has been asked to examine the malware found on the company's network. He decides the best place to start is to use a tool to translate the executable files to assembly language so he can understand what the malware can do and what it can impact. Which tool is the BEST choice for Jake to use?
IDA Pro
A Windows machine on your network appears to have been compromised by an offending piece of malware, which is now uploading data to a remote site in a foreign country. You are looking for confirmation in a memory dump from the machine that the suspected malware was indeed present. You have pulled the process list and reviewed logs but see nothing suspicious.
Network connections to IP addresses associated with the specific piece of malware
Which of the following would be the best open-source tool to use if you were looking for a web server scanner?
Nikto
Which protocol is used in the Bluetooth pairing process?
OBEX
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?
PSH
Which phase includes taking the recommendations that can be put into action through security implementations, policies, and procedures?
Post-incident feedback
The annual loss expectancy (ALE) calculation provides an organization's stakeholders with what information?
Potential financial loss of an event based on how often a threat could occur.
Which of the following is one of the five phases of the incident response life cycle?
Preparation
COBIT, ITIL, and ISO are examples of which type of framework?
Prescriptive
Important aspects of physical security include which of the following?
Preventing interruptions of computer services caused by problems such as fire
During which phase of the IT asset life cycle do you determine what impact a new asset will have on the existing network and users?
Procurement
John's company needs a product to fix found network vulnerabilities. This product needs to run inside their firewall without help from an outside professional. Which of the following BEST describes this type of assessment solution?
Product-based assessment
Which SIEM function provides long-term storage of collected data to meet government compliance requirements.
Retention
Which of the following is the act of seeking to understand how malicious programs were programmed and what their capabilities are by extracting code from a binary executable?
Reverse engineering
Which of the following assessment solutions creates the risk that a hacker might gain access to the system?
Service-based assessment A service-based assessment is one in which a professional like yourself is hired to provide a solution. This involves the vulnerability management life cycle. You would conduct the testing and solutions from outside the network. The risk of this approach is that, because it is done from the outside, there is some potential for a hacker to gain access to the system.
Which of the following is the MOST challenging part of gathering forensic data in a cloud environment?
The data is subject to the laws in the country in which it's gathered.
A Windows machine in your office has been sending and receiving more traffic than usual, and a user is complaining that it has a slow connection. Your manager would like statistics on all protocol traffic to and from that machine over Ethernet. The netstat command can do that, but you need to know the switch that will give an output similar to what is shown below. Which command and options should you use?
The netstat -e -s command is the correct answer. The -e option displays all Ethernet traffic. The -s option displays statistics.
A Windows web server that was reported as being compromised has been scanned, patched, and appears to be running properly with no indications that it is still compromised. The server is back in production, but users are complaining that they receive certificate errors when connecting to it. You did not perform the quarantine on the machine (a coworker did). They also performed the patching and scanning before putting it back to work in production. What might be causing the certificate errors?
The server certificate was revoked since the private key may have been compromised.
What does the HTTP response message 5xx indicate?
The server did not complete the request.
Which of the following is the practice of gathering insight about network events based on users daily behaviors to create a baseline for anomaly detection?
UEBA is User and entity behavior analysis which is the practice of gathering insight about network events based on users daily behaviors. The data is used to create a baseline of behaviors that can help security teams recognize any anomalies.
Which of the following statements BEST describes VDI?
When a VDI boots, it starts a minimal operating system for a remote user to access.
Your network has been subject to a variety of network attacks and you are currently monitoring the user logs for suspicious activity, yet further attacks are still occurring. Which additional step could you take to increase network security?
You could regularly scan your system for vulnerabilities.
When scanning a Linux machine for running applications, you see the following output. Which kill signal should you use to clean up the offending process?
kill -9
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.)
nslookup whois.org
You are reviewing packets captured by a co-worker. The traffic is from a Linux server that hosts private customer data, and your job is to analyze the content for potential security risks. The .pcap file appears to be a bit small for what you wanted. (It contains traffic to and from the target system during a given time period.) Some of that traffic is shown below. You suspect that only SSH traffic is represented in this capture, which was done with tcpdump. What command do you think your co-worker used to capture only SSH traffic?
tcpdump port 22
As part of setting up a Windows machine to send log events to a remote host, you have executed the winrm qc command and answered the questions as shown below. Which command would you run on the collector host from an elevated Command Prompt?
wecutil qc
Which of the following cloud security controls includes backups, space availability, and continuity of services?
Computation and storage
Creating a baseline is vital to managing vulnerabilities. What is the FIRST step in creating this baseline?
Conduct a pre-assessment
An attacker is attempting to determine whether a system is a honeypot. Which of the following actions should the attacker take?
Craft a malicious probe packet to scan for services.
Your company allows guests that visit the office access to Wi-Fi. You have created a separate ESSID called CorpGuest. It is not using encryption. You need to make sure that guests who connect understand the rules in place. How can you best do this?
Create a captive portal with a link to the terms and conditions for connecting.
Troy, a security analyst, is looking for a vulnerability scanning tool for internal use. His boss has told him to find the industry standard tool. Which tool BEST fits his mandate?
Nessus
Which of the following BEST describes system logs?
Indicate logins with escalated privileges.
As an administrator, you may need to access internal company servers from home or from another location. Which of the following would be the most secure solution?
Install a dedicated jump server inside the firewall.
Which of the following has five layers of structure that include the Edge Technology, Access Gateway, Internet, Middleware, and Application layers?
IoT architecture
As you walk by a coworker's workstation, you see the following on the screen. What is the Dnscat2 DNS server typically used for?
It is used to execute other commands on a remote host.
You are using nmap to locate all the IoT devices on your network. You use the following command to perform the scan. What does the -A do?
It scans for OS and software version used.
You are in the process of copying a website using WinHTTrack Website Copier. You are currently at the configuration page shown in the image. What is the purpose of the base path?
It specifies the location where the copied site will be saved.
Which framework includes the Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives phases?
Kill Chain
Your company is about to begin litigation, and you need to gather information. You need to get emails, memos, invoices, and other electronic documents from employees. You'd also like to get printed, physical copies of documents. Which tool would you use to gather this information?
Legal hold
