TestOut - CompTIA CySA+ Practice Questions 5.6.13
Which type of KPI (Key Performance Indicator) indicates the percentage of cybersecurity resources an organization assigns to different areas (such as prevention and detection)? Select the correct answer from the drop-down list. A. Risk Assessment B. Resource Allocation C. Incidents D. Detection Time
B. Resource Allocation Explanation Resource Allocation indicates the percentage of cybersecurity resources organizations allocate (assign) to different areas, such as prevention and detection. Organizations can track this KPI over time to determine if they are allocating an appropriate percentage of resources to each function.
An Information Systems Security Officer (ISSO) received a report about secure shell (SSH) access to a network device and quickly reported it up the chain of command. SSH is normally prohibited since a central networking management application manages the network devices. However, the next day, the operations manager addressed the case as a false-positive and confirmed the network team's tasks with an official end date. Why did the operations manager conclude that the security event was false-positive? A. The network devices are exempt from security scans. B. The network team has a temporary exemption. C. The network team did not have an approved exemption. D. The network team has an indefinite exemption.
B. The network team has a temporary exemption. Explanation A false-positive conclusion assumes that secure shell (SSH) access was legitimate, even for a short time. The manager's confirmation of an end date concludes that the SSH access is temporary. The indefinite exemption assumes no end date to the network team's access to network devices using SSH. A central network application normally manages the network devices, prohibiting SSH. A true-positive conclusion would mean the network team did not have the approval to use SSH and that an administrator would most likely get reprimanded. Network devices are not normally exempt from standard security scans. For example, the operations manager may not find security scans in lab networks where engineers often perform research and testing through an open network.
What should organizations prioritize when selecting tools for vulnerability reporting? A. The complexity of the tools B. The reporting needs of the organization C. The cost of the tools D. The number of vulnerabilities identified
B. The reporting needs of the organization Explanation When selecting tools for vulnerability reporting, organizations should prioritize their organization's reporting needs over other factors, such as the tools' cost, the tools' complexity, or the number of identifying vulnerabilities. While cost and complexity may be important factors to consider, the organization's reporting needs are the most important priority when selecting vulnerability reporting tools. This includes considering the organization's specific requirements, such as the type of data, the size, and the available resources. The number of identifying vulnerabilities has little to do with vulnerability reporting tools. The organization will select reporting tools following the reporting needs.
Which of the following statements is true concerning the use of top 10 style lists? A. They are ineffective when used in a detailed report. B. They allow for a quick and easy overview of important activities and trends. C. They provide an exhaustive list of all potential problems. D. They are useful for developing policies and procedures but not effort prioritization.
B. They allow for a quick and easy overview of important activities and trends. Explanation Top 10 lists effectively highlight potential problems or focus on important activities, trends, or environmental changes. They are a quick and easy way to gain an overview of what is happening within a system, and they can identify potential problems that may need further investigation. Top 10 lists do not provide an exhaustive list of all potential problems and typically focus on traffic volume or indicators of compromise. The top 10 lists are useful for developing policies and procedures and prioritizing vulnerabilities. The top 10 lists are effective in both summary and detailed reports.
Creating a baseline is vital to managing vulnerabilities. What is the FIRST step in creating this baseline? A. Set goals. B. Select a network monitoring solution. C. Conduct a pre-assessment. D. Use a vulnerability scanner.
C. Conduct a pre-assessment. Explanation The first step in baseline creation is a pre-assessment. Start by looking at the current security policies' effectiveness. Establish risks by evaluating how the policies are enforced and which vulnerabilities might have been overlooked. Setting goals with management is the second step. Make sure you plan start dates and end dates. Determine which systems to begin testing, set up testing standards, get approval in writing, and keep management informed as you go through this part of the process. Starting with a vulnerability scan is inefficient. The vulnerability phase refers to identifying vulnerabilities in the organization's infrastructure, including the operating system, web applications, and web server. Once a baseline is created, the next step is to select the proper tools for the job.
A security administrator has identified a new Zero-day vulnerability in the company's operating system. The administrator is responsible for addressing the vulnerability in the most efficient way possible. What action should the administrator take to address the vulnerability? A. Update the company's vulnerability management plan. B. Wait until the operating system vendor releases a patch. C. Mitigate the vulnerability using compensating controls. D. Deploy a patch immediately without testing.
C. Mitigate the vulnerability using compensating controls. Explanation Taking action to mitigate the vulnerability by implementing compensating controls, such as blocking network traffic associated with the vulnerability or limiting user access, is the best approach to address the immediate risk while waiting for the vendor to release a patch. Deploying a patch without testing can result in unintended consequences, such as system instability or incompatibility with existing software. Waiting for an operating system vendor to release a patch can take significant time, leaving the organization open to attack. While updating the company's vulnerability management plan is a good practice, it does not meet the immediate need to address the Zero-day vulnerability.
A financial institution is considering partnering with a new vendor to provide online payment services to its customers. The vendor has a reputation for delivering reliable and secure services; however, the financial institution wants to ensure that they make an informed decision. What metric could the institution use to assess the security risk associated with this partnership? A. Recurrence of attacks against the vendor B. Affected hosts C. Risk score D. Mitigations required from previous attacks
C. Risk score Explanation The risk score estimates the impact and likelihood of a threat actor exploiting a vulnerability before an attack. It is suitable for estimating the probability of issues with a vendor. Recurrence prevention is an objective of learning from cyber-attacks. Recurrence is not an appropriate way to measure the impact of a new vendor's potential reliability issues. Mitigations require communicating the necessary effort in restoration after an attack. Mitigations do not require measuring the impact of a new vendor's potential reliability issues. Affected hosts are a common way to communicate the scope and severity of a cyber-attack. The affected hosts do not measure the impact of a new vendor's potential reliability issues.
As a network administrator, you have just received a final copy of a vulnerability report and are ready to start writing an action plan to address the security vulnerabilities in the report. Which of the following should the action plan begin with? A. Recommendations for updated policies B. Measurable goals and objectives C. A detailed description of steps and resources needed D. A clear statement of the desired outcome
D. A clear statement of the desired outcome Explanation An action plan should begin with a clear statement of the desired outcome followed by a detailed description of the steps and resources needed to reach the desired result. Including measurable goals and objectives in the action plan ensures that leadership can track progress. Once the action plan is in place, leadership teams can use several approaches to reduce risks, like investing in new security software, making configuration changes, updating policies within an organization, and many other options.
A company is considering entering into a collaboration with a potential partner. The potential partner is a large, well-respected company with a strong track record in cybersecurity. The company has a concern about the potential partner's ability to comprehend and meet all its needs per its standard operating procedures. What is best to ensure mutual comprehension and communication methods short of legal recourse? A. Organizational governance B. Service-level agreement (SLA) C. Configuration management D. Memorandum of understanding (MoU)
D. Memorandum of understanding (MoU) Explanation A memorandum of understanding (MoU) outlines the terms and conditions of an agreement between two or more parties but is not legally binding. No legal recourse is in need in this case, making an MoU suitable. A service-level agreement (SLA) is a legally binding contract between two or more parties that defines the level of service and governs the relationship with a third-party service provider. No legal recourse is in need in this case, making an SLA unsuitable. Organizational governance does not inform a relationship between two parties, unlike a memorandum of understanding (MoU). Configuration management tracks and controls system software, hardware, and documentation changes to ensure consistency. Configuration management does not relate to this question.
During which vulnerability life cycle management phases do you implement the controls and protections from your plan of action? A. Risk assessment B. Verification C. Monitoring D. Remediation
D. Remediation Explanation Remediation refers to the steps taken regarding vulnerabilities, such as evaluating them, locating risks, and designing responses for those vulnerabilities. In this phase, you implement the controls and protections from your plan of action. In the risk assessment phase, you organize the results of your vulnerability testing according to risk level, and then you categorize them by levels of sensitivity and access. Monitoring is part of the post-assessment phase. The verification phase helps the security analyst verify whether all the previous phases have been effectively executed.
