1) A security analyst must review a suspicious email to determine its legitimacy. Which of the following should be performed? (Choose two.) a) A. Evaluate scoring elds, such as Spam Con dence Level and Bulk Complaint Level b) B. Review the headers from the forwarded email c) C. Examine the recipient address eld d) D. Review the Content-Type header e) E. Evaluate the HELO or EHLO string of the connecting email server f) F. Examine the SPF, DKIM, and DMARC elds from the original email 2) A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base score? a) A. AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0 b) B. AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L - Base Score 7.2 c) C. AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H - Base Score 6.4 d) D. AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L - Base Score 6.5 3) A recent vulnerability scan resulted in an abnormally large number of critical and high findings that require patching. The SLA requires that thendings be remediated within a speci c amount of time. Which of the following is the best approach to ensure all vulnerabilities are patched in accordance with the SLA? a) A. Integrate an IT service delivery ticketing system to track remediation and closure b) B. Create a compensating control item until the system can be fully patched c) C. Accept the risk and decommission current assets as end of life d) Request an exception and manually patch each system 4) Which of the following would help an analyst to quickly nd out whether the IP address in a SIEM alert is a known-malicious IP address? a) A. Join an information sharing and analysis center speci c to the company's industry b) B. Upload threat intelligence to the IPS in STIX'TAXII format c) C. Add data enrichment for IPs in the ingestion pipeline d) D. Review threat feeds after viewing the SIEM alert 5) An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation? a) A. Multifactor authentication b) B. Password changes c) C. System hardening d) D. Password encryption 6) A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achiev objective? a) Deploy agents on all systems to perform the scans  b) B. Deploy a central scanner and perform non-credentialed scans c) C. Deploy a cloud-based scanner and perform a network scan d) D. Deploy a scanner sensor on every segment and perform credentialed scans 7) Executives at an organization email sensitive financial information to external business partners when negotiating valuable contracts. To ensu the legal validity of these messages, the cybersecurity team recommends a digital signature be added to emails sent by the executives. Which of the following are the primary goals of this recommendation? (Choose two.) a) A. Confidentiali  b) B. Integrity c) C. Privacy  d) D. Anonymity e) E. Non-reduplication f) F. Authorization 8) A security administrator needs to import PII data records from the production environment to the test environment for testing purposes. Which of the following would best protect data confidentiality a) A. Data masking  b) B. Hashing c) C. Watermarking d) D. Encoding 9) The email system administrator for an organization configured DKIM signing for all email legitimately sent by the organization. Which of the following would most likely indicate an email is malicious if the company's domain name is used as both the sender and the recipient? a) A. The message fails a DMARC check  b) B. The sending IP address is the hosting provider c) C. The signature does not meet corporate standards d) D. The sender and reply address are different 10) During an incident involving phishing, a security analyst needs to find the source of the malicious email. Which of the following techniques would provide the analyst with this information? a) A. Header analysis  b) B. Packet capture c) C. SSL inspection d) D. Reverse engineering 11) An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed? a) A. Blocklisting  b) Allowlisting  c) C. Graylisting d) D. Webhooks 12) During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately? a) A. Shut down the server.  b) B. Reimage the server. c) C. Quarantine the server. d) D. Update the OS to latest version. 13) An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business? a) A. Perform a tabletop drill based on previously identified incident scenario  b) B. Simulate an incident by shutting down power to the primary data center. c) C. Migrate active workloads from the primary data center to the secondary location. d) D. Compare the current plan to lessons learned from previous incidents. 14) Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually? a) A. Deploy a database to aggregate the logging  b) B. Configure the servers to forward logs to a SI c) C. Share the log directory on each server to allow local access. d) D. Automate the emailing of logs to the analysts. 15) Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious act in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following technique will best achieve the improvement? a) A. Mean time to detect  b) B. Mean time to respond c) C. Mean time to remediate d) D. Service-level agreement uptime 16) After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the company exercising? a) A. Transfer  b) B. Accept c) C. Mitigate d) D. Avoid 17) A security analyst discovers an ongoing ransomware attack while investigating a phishing email. The analyst downloads a copy of the file fr the email and isolates the affected workstation from the network. Which of the following activities should the analyst perform next? a) A. Wipe the computer and reinstall software  b) B. Shut down the email server and quarantine it from the network c) C. Acquire a bit-level image of the affected workstation d) D. Search for other mail users who have received the same f 18) An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts? a) A. Identify and discuss the lessons learned with the prior analyst. b) B. Accept all ndings and continue to investigate the next item target. c) C. Review the steps that the previous analyst followed. d) D. Validate the root cause from the prior analyst. 19) Which of the following best describes the process of requiring remediation of a known threat within a given time frame? a) A. SLA b) B. MOU c) C. Best-effort patching d) D. Organizational governance 20) Which of the following risk management principles is accomplished by purchasing cyber insurance? a) A. Accept b) B. Avoid c) C. Mitigate d) D. Transfer 21) Which of the following actions would an analyst most likely perform after an incident has been investigated? a) A. Risk assessment b) B. Root cause analysis c) C. Incident response plan d) D. Tabletop exercise

CYSA+ 300 QUESTIONS 101 - 150

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?