Mike Chapple - CompTIA CySA+ Practice Tests

204 Katherine coordinates the remediation of security vulnerabilities in her organization and is attempting to work with a system engineer on the patching of a server to correct a moderate impact vulnerability. The engineer is refusing to patch the server because of the potential interruption to a critical business process that runs on the server. What would be the most reasonable course of action for Katherine to take?Schedule the patching to occur during a regular maintenance cycle.Exempt the server from patching because of the critical business impact.Demand that the server be patched immediately to correct the vulnerability.Inform the engineer that if he does not apply the patch within a week that Katherine will file a complaint with his manager.

205 During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability?Remove JRE from workstations.Upgrade JRE to the most recent version.Block inbound connections on port 80 using the host firewall.Use a web content filtering system to scan for malicious traffic.

206 Grace ran a vulnerability scan and detected an urgent vulnerability in a public-facing web server. This vulnerability is easily exploitable and could result in the complete compromise of the server. Grace wants to follow best practices regarding change control while also mitigating this threat as quickly as possible. What would be Grace's best course of action?Initiate a high-priority change through her organization's change management process and wait for the change to be approved.Implement a fix immediately and document the change after the fact.Schedule a change for the next quarterly patch cycle.Initiate a standard change through her organization's change management process.

207 Doug is preparing an RFP for a vulnerability scanner for his organization. He needs to know the number of systems on his network to help determine the scanner requirements. Which one of the following would not be an easy way to obtain this information?ARP tablesAsset management toolDiscovery scanResults of scans recently run by a consultant

208 Mary runs a vulnerability scan of her entire organization and shares the report with another analyst on her team. An excerpt from that report appears here. Her colleague points out that the report contains only vulnerabilities with severities of 3, 4, or 5. What is the most likely cause of this result?The scan sensitivity is set to exclude low-importance vulnerabilities.Mary did not configure the scan properly.Systems in the datacenter do not contain any level 1 or 2 vulnerabilities.The scan sensitivity is set to exclude high-impact vulnerabilities.

209 Mikhail is reviewing the vulnerability shown here, which was detected on several servers in his environment. What action should Mikhail take?Block TCP/IP access to these servers from external sources.Upgrade the operating system on these servers.Encrypt all access to these servers.No action is necessary.

210 Which one of the following approaches provides the most current and accurate information about vulnerabilities present on a system because of the misconfiguration of operating system settings?On-demand vulnerability scanningContinuous vulnerability scanningScheduled vulnerability scanningAgent-based monitoringUse the following scenario to answer questions 211–213.Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks:DMZ network that contains servers with public exposureWorkstation network that contains workstations that are allowed outbound access onlyInternal server network that contains servers exposed only to internal systemsHe detected the following vulnerabilities:Vulnerability 1: A SQL injection vulnerability on a DMZ server that would grant access to a database server on the internal network (severity 5/5)Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5)Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5)Vulnerability 4: A denial-of-service vulnerability on a DMZ server that would allow an attacker to disrupt a public-facing website (severity 2/5)Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5)Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete.

211 Absent any other information, which one of the vulnerabilities in the report should Pete remediate first?Vulnerability 1Vulnerability 2Vulnerability 3Vulnerability 4

212 Pete is working with the desktop support manager to remediate vulnerability 3. What would be the most efficient way to correct this issue?Personally visit each workstation to remediate the vulnerability.Remotely connect to each workstation to remediate the vulnerability.Perform registry updates using a remote configuration tool.Apply the patch using a GPO.

213 Pete recently conferred with the organization's CISO, and the team is launching an initiative designed to combat the insider threat. They are particularly concerned about the theft of information by employees seeking to exceed their authorized access. Which one of the vulnerabilities in this report is of greatest concern given this priority?Vulnerability 2Vulnerability 3Vulnerability 4Vulnerability 5

214 Wanda recently discovered the vulnerability shown here on a Windows server in her organization. She is unable to apply the patch to the server for six weeks because of operational issues. What workaround would be most effective in limiting the likelihood that this vulnerability would be exploited?Restrict interactive logins to the system.Remove Microsoft Office from the server.Remove Internet Explorer from the server.Apply the security patch.

215 Garrett is configuring vulnerability scanning for a new web server that his organization is deploying on its DMZ network. The server hosts the company's public website. What type of scanning should Garrett configure for best results?Garrett should not perform scanning of DMZ systems.Garrett should perform external scanning only.Garrett should perform internal scanning only.Garrett should perform both internal and external scanning.

216 Frank recently ran a vulnerability scan and identified a POS terminal that contains an unpatchable vulnerability because of running an unsupported operating system. Frank consults with his manager and is told that the POS is being used with full knowledge of management and, as a compensating control, it has been placed on an isolated network with no access to other systems. Frank's manager tells him that the merchant bank is aware of the issue. How should Frank handle this situation?Document the vulnerability as an approved exception.Explain to his manager that PCI DSS does not permit the use of unsupported operating systems.Decommission the POS system immediately to avoid personal liability.Upgrade the operating system immediately.

217 James is configuring vulnerability scans of a dedicated network that his organization uses for processing credit card transactions. What types of scans are least important for James to include in his scanning program?Scans from a dedicated scanner on the card processing networkScans from an external scanner on his organization's networkScans from an external scanner operated by an approved scanning vendorAll three types of scans are equally important.

218 Helen performs a vulnerability scan of one of the internal LANs within her organization and finds a report of a web application vulnerability on a device. Upon investigation, she discovers that the device in question is a printer. What is the most likely scenario in this case?The printer is running an embedded web server.The report is a false positive result.The printer recently changed IP addresses.Helen inadvertently scanned the wrong network.