Mike Chapple - CompTIA CySA+ Practice Tests

259 Ling recently completed the security analysis of a web browser deployed on systems in her organization and discovered that it is susceptible to a zero-day integer overflow attack. Who is in the best position to remediate this vulnerability in a manner that allows continued use of the browser?LingThe browser developerThe network administratorThe domain administrator

260 Jeff's team is preparing to deploy a new database service, and he runs a vulnerability scan of the test environment. This scan results in the four vulnerability reports shown here. Jeff is primarily concerned with correcting issues that may lead to a confidentiality breach. Which vulnerability should Jeff remediate first?Rational ClearCase Portscan Denial of Service vulnerabilityNon-Zero Padding Bytes Observed in Ethernet PacketsOracle Database TNS Listener Poison Attack vulnerabilityHidden RPC Services

261 Eric is a security consultant and is trying to sell his services to a new client. He would like to run a vulnerability scan of their network prior to their initial meeting to show the client the need for added security. What is the most significant problem with this approach?Eric does not know the client's infrastructure design.Eric does not have permission to perform the scan.Eric does not know what operating systems and applications are in use.Eric does not know the IP range of the client's systems.

262 Renee is assessing the exposure of her organization to the denial-of-service vulnerability in the scan report shown here. She is specifically interested in determining whether an external attacker would be able to exploit the denial-of-service vulnerability. Which one of the following sources of information would provide her with the best information to complete this assessment?Server logsFirewall rulesIDS configurationDLP configuration

263 Mary is trying to determine what systems in her organization should be subject to vulnerability scanning. She would like to base this decision on the criticality of the system to business operations. Where should Mary turn to best find this information?The CEOSystem namesIP addressesAsset inventory

264 Paul ran a vulnerability scan of his vulnerability scanner and received the result shown here. What is the simplest fix to this issue?Upgrade Nessus.Remove guest accounts.Implement TLS encryption.Renew the server certificate.

265 Kamea is designing a vulnerability management system for her organization. Her highest priority is conserving network bandwidth. She does not have the ability to alter the configuration or applications installed on target systems. What solution would work best in Kamea's environment to provide vulnerability reports?Agent-based scanningServer-based scanningPassive network monitoringPort scanning

266 Aki is conducting a vulnerability scan when he receives a report that the scan is slowing down the network for other users. He looks at the performance configuration settings shown here. Which setting would be most likely to correct the issue?Enable safe checks.Stop scanning hosts that become unresponsive during the scan.Scan IP addresses in random order.Max simultaneous hosts per scan.

267 Laura received a vendor security bulletin that describes a zero-day vulnerability in her organization's main database server. This server is on a private network but is used by publicly accessible web applications. The vulnerability allows the decryption of administrative connections to the server. What reasonable action can Laura take to address this issue as quickly as possible?Apply a vendor patch that resolves the issue.Disable all administrative access to the database server.Require VPN access for remote connections to the database server.Verify that the web applications use strong encryption.

268 Emily discovered the vulnerability shown here on a server running in her organization. What is the most likely underlying cause for this vulnerability?Failure to perform input validationFailure to use strong passwordsFailure to encrypt communicationsFailure to install antimalware software

269 Raul is replacing his organization's existing vulnerability scanner with a new product that will fulfill that functionality moving forward. As Raul begins to build the policy, he notices some conflicts in the scanning settings between different documents. Which one of the following document sources should Raul give the highest priority when resolving these conflicts?NIST guidance documentsVendor best practicesCorporate policyConfiguration settings from the prior system

270 Rex recently ran a vulnerability scan of his organization's network and received the results shown here. He would like to remediate the server with the highest number of the most serious vulnerabilities first. Which one of the following servers should be on his highest priority list?10.0.102.5810.0.16.5810.0.46.11610.0.69.232

271 Abella is configuring a vulnerability scanning tool. She recently learned about a privilege escalation vulnerability that requires the user already have local access to the system. She would like to ensure that her scanners are able to detect this vulnerability as well as future similar vulnerabilities. What action can she take that would best improve the scanner's ability to detect this type of issue?Enable credentialed scanning.Run a manual vulnerability feed update.Increase scanning frequency.Change the organization's risk appetite.

272 Kylie reviewed the vulnerability scan report for a web server and found that it has multiple SQL injection and cross-site scripting vulnerabilities. What would be the least difficult way for Kylie to address these issues?Install a web application firewall.Recode the web application to include input validation.Apply security patches to the server operating system.Apply security patches to the web server service.

273 Pietro is responsible for distributing vulnerability scan reports to system engineers who will remediate the vulnerabilities. What would be the most effective and secure way for Pietro to distribute the reports?Pietro should configure the reports to generate automatically and provide immediate, automated notification to administrators of the results.Pietro should run the reports manually and send automated notifications after he reviews them for security purposes.Pietro should run the reports on an automated basis and then manually notify administrators of the results after he reviews them.Pietro should run the reports manually and then manually notify administrators of the results after he reviews them.

274 Karen ran a vulnerability scan of a web server used on her organization's internal network. She received the report shown here. What circumstances would lead Karen to dismiss this vulnerability as a false positive?The server is running SSL v2.The server is running SSL v3.The server is for internal use only.The server does not contain sensitive information.

275 Which one of the following vulnerabilities is the most difficult to confirm with an external vulnerability scan?Cross-site scriptingCross-site request forgeryBlind SQL injectionUnpatched web server

276 Ann would like to improve her organization's ability to detect and remediate security vulnerabilities by adopting a continuous monitoring approach. Which one of the following is not a characteristic of a continuous monitoring program?Analyzing and reporting findingsConducting forensic investigations when a vulnerability is exploitedMitigating the risk associated with findingsTransferring the risk associated with a finding to a third party

277 Holly ran a scan of a server in her datacenter and the most serious result was the vulnerability shown here. What action is most commonly taken to remediate this vulnerability?Remove the file from the server.Edit the file to limit information disclosure.Password protect the file.Limit file access to a specific IP range.