Mike Chapple - CompTIA CySA+ Practice Tests

118 Carla runs a vulnerability scan of a new appliance that engineers are planning to place on her organization's network and finds the results shown here. Of the actions listed, which would correct the highest criticality vulnerability?Block the use of TLS v1.0.Replace the expired SSL certificate.Remove the load balancer.Correct the information leakage vulnerability.

119 In what type of attack does the adversary leverage a position on a guest operating system to gain access to hardware resources assigned to other operating systems running in the same hardware environment?Buffer overflowDirectory traversalVM escapeCross-site scripting

120 Sadiq is responsible for the security of a network used to control systems within his organization's manufacturing plant. The network connects manufacturing equipment, sensors, and controllers. He runs a vulnerability scan on this network and discovers that several of the controllers are running very out-of-date firmware that introduces security issues. The manufacturer of the controllers is out of business. What action can Sadiq take to best remediate this vulnerability in an efficient manner?Develop a firmware update internally and apply it to the controllers.Post on an Internet message board seeking other organizations that have developed a patch.Ensure that the ICS is on an isolated network.Use an intrusion prevention system on the ICS network.

121 Vic scanned a Windows server used in his organization and found the result shown here. The server is on an internal network with access limited to IT staff and is not part of a domain. How urgently should Vic remediate this vulnerability?Vic should drop everything and remediate this vulnerability immediately.While Vic does not need to drop everything, this vulnerability requires urgent attention and should be addressed quickly.This is a moderate vulnerability that can be scheduled for remediation at a convenient time.This vulnerability is informational in nature and may be left in place.

122 Rob's manager recently asked him for an overview of any critical security issues that exist on his network. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?Technical ReportHigh Severity ReportQualys Patch ReportUnknown Device Report

123 Wendy is the security administrator for a membership association that is planning to launch an online store. As part of this launch, she will become responsible for ensuring that the website and associated systems are compliant with all relevant standards. What regulatory regime specifically covers credit card information?PCI DSSFERPAHIPAASOX

124 During a port scan of a server, Miguel discovered that the following ports are open on the internal network:TCP port 25TCP port 80TCP port 110TCP port 443TCP port 1433TCP port 3389The scan results provide evidence that a variety of services are running on this server. Which one of the following services is not indicated by the scan results?WebDatabaseSSHRDP

125 Nina is a software developer and she receives a report from her company's cybersecurity team that a vulnerability scan detected a SQL injection vulnerability in one of her applications. She examines her code and makes a modification in a test environment that she believes corrects the issue. What should she do next?Deploy the code to production immediately to resolve the vulnerability.Request a scan of the test environment to confirm that the issue is corrected.Mark the vulnerability as resolved and close the ticket.Hire a consultant to perform a penetration test to confirm that the vulnerability is resolved.

126 George recently ran a port scan on a network device used by his organization. Which one of the following open ports represents the most significant possible security vulnerability?2223161443Use the following scenario to answer questions 127–129.Harold runs a vulnerability scan of a server that he is planning to move into production and finds the vulnerability shown here.

127 What operating system is most likely running on the server in this vulnerability scan report?macOSWindowsCentOSRHEL

128 Harold is preparing to correct the vulnerability. What service should he inspect to identify the issue?SSHHTTPSRDPSFTP

129 Harold would like to secure the service affected by this vulnerability. Which one of the following protocols/versions would be an acceptable way to resolve the issue?SSL v2.0SSL v3.0TLS v1.0None of the above

130 Seth found the vulnerability shown here in one of the systems on his network. What component requires a patch to correct this issue?Operating systemVPN concentratorNetwork router or switchHypervisor

131 Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server?Reconfigure cipher support.Apply Window security patches.Obtain a new SSL certificate.Enhance account security policies.

132 The presence of ____________ triggers specific vulnerability scanning requirements based on law or regulation.Credit card informationProtected health informationPersonally identifiable informationTrade secret informationUse the scenario to answer questions 133–135.Stella is analyzing the results of a vulnerability scan and comes across the vulnerability shown here on a server in her organization. The SharePoint service in question processes all of the organization's work orders and is a critical part of the routine business workflow.

133 What priority should Stella place on remediating this vulnerability?Stella should make this vulnerability one of her highest priorities.Stella should remediate this vulnerability within the next several weeks.Stella should remediate this vulnerability within the next several months.Stella does not need to assign any priority to remediating this vulnerability.

134 What operating system is most likely running on the server in this vulnerability scan report?macOSWindowsCentOSRHEL

135 What is the best way that Stella can correct this vulnerability?Deploy an intrusion prevention system.Apply one or more application patches.Apply one or more operating system patches.Disable the service.

136 Harry is developing a vulnerability scanning program for a large network of sensors used by his organization to monitor a transcontinental gas pipeline. What term is commonly used to describe this type of sensor network?WLANVPNP2PSCADA

137 This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was announced by a software manufacturer yesterday afternoon. The scanner did not detect the vulnerability although Eric knows that at least two of his servers should have the issue. Eric contacted the vulnerability scanning vendor, who assured him that they released a signature for the vulnerability overnight. What should Eric do as a next step?Check the affected servers to verify a false positive.Check the affected servers to verify a false negative.Report a bug to the vendor.Update the vulnerability signatures.

138 Natalie ran a vulnerability scan of a web application recently deployed by her organization, and the scan result reported a blind SQL injection. She reported the vulnerability to the developers, who scoured the application and made a few modifications but did not see any evidence that this attack was possible. Natalie reran the scan and received the same result. The developers are now insisting that their code is secure. What is the most likely scenario?The result is a false positive.The code is deficient and requires correction.The vulnerability is in a different web application running on the same server.Natalie is misreading the scan report.

139 Kasun discovers a missing Windows security patch during a vulnerability scan of a server in his organization's data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?To the virtualized systemThe patch is not necessaryTo the domain controllerTo the virtualization platform