Mike Chapple - CompTIA CySA+ Practice Tests

11 During his analysis of a malware sample, Sahib reviews the malware files and binaries without running them. What type of analysis is this?Automated analysisDynamic analysisStatic analysisHeuristic analysis

12 Carol wants to analyze a malware sample that she has discovered. She wants to run the sample safely while capturing information about its behavior and impact on the system it infects. What type of tool should she use?A static code analysis toolA dynamic analysis sandbox toolA Fagan sandboxA decompiler running on an isolated VMUse the following scenario for questions 13–15.Mike is in charge of the software testing process for his company. They perform a complete set of tests for each product throughout its lifespan. Use your knowledge of software assessment methods to answer the following questions.

13 A new web application has been written by the development team in Mike's company. They used an Agile process and have built a tool that fits all of the user stories that the participants from the division that asked for the application outlined. If they want to ensure that the functionality is appropriate for all users in the division, what type of testing should Mike perform?Stress testingRegression testingStatic testingUser acceptance testing

14 Mike's development team wants to expand the use of the software to the whole company, but they are concerned about its performance. What type of testing should they conduct to ensure that the software will not fail under load?Stress testingRegression testingStatic testingUser acceptance testing

15 Two years after deployment, Mike's team is ready to roll out a major upgrade to their web application. They have pulled code from the repository that it was checked into but are worried that old bugs may have been reintroduced because they restored additional functionality based on older code that had been removed in a release a year ago. What type of testing does Mike's team need to perform?Stress testingRegression testingStatic testingUser acceptance testing

16 Susan is reviewing files on a Windows workstation and believes that cmd.exe has been replaced with a malware package. Which of the following is the best way to validate her theory?Submit cmd.exe to VirusTotal.Compare the hash of cmd.exe to a known good version.Check the file using the National Software Reference Library.Run cmd.exe to make sure its behavior is normal.

17 As part of her malware analysis process, Caitlyn diagrams the high-level functions and processes that the malware uses to accomplish its goals. What is this process known as?Static analysisCompositionDynamic analysisDecomposition

18 As a U.S. government employee, Michael is required to ensure that the network devices that he procures have a verified chain of custody for every chip and component that goes into them. What is this program known as?Gray-market procurementTrusted foundryWhite-market procurementChain of procurement

19 Padma is evaluating the security of an application developed within her organization. She would like to assess the application's security by supplying it with invalid inputs. What technique is Padma planning to use?Fault injectionStress testingMutation testingFuzz testing

20 Nishi is deploying a new application that will process sensitive health information about her organization's clients. In order to protect this information, the organization is building a new network that does not share any hardware or logical access credentials with the organization's existing network. What approach is Nishi adopting?Network interconnectionNetwork segmentationVirtual LAN (VLAN) isolationVirtual private network (VPN)

21 Bobbi is deploying a single system that will be used to manage a very sensitive industrial control process. This system will operate in a standalone fashion and not have any connection to other networks. What strategy is Bobbi deploying to protect this SCADA system?Network segmentationVLAN isolationAirgappingLogical isolation

22 Which software development life cycle model is illustrated in the image?WaterfallSpiralAgileRAD

23 Geoff has been asked to identify a technical solution that will reduce the risk of captured or stolen passwords being used to allow access to his organization's systems. Which of the following technologies should he recommend?Captive portalsMultifactor authenticationVPNsOAuth

24 The company that Amanda works for is making significant investments in infrastructure as a service hosting to replace their traditional datacenter. Members of her organization's management have expressed concerns about data remanence when Amanda's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?Zero-wipe drives before moving systems.Use full-disk encryption.Use data masking.Span multiple virtual disks to fragment data.

25 Huan is hiring a third-party consultant who will have remote access to the organization's datacenter, but he would like to approve that access each time it occurs. Which one of the following solutions would meet Huan's needs in a practical manner?Huan should keep the consultant's password himself and provide it to the consultant when needed, and then immediately change the password after each use.Huan should provide the consultant with the password but configure his own device to approve logins via multifactor authentication.Huan should provide the consultant with the password but advise the consultant that she must advise him before using the account and then audit those attempts against access logs.Huan should create a new account for the consultant each time she needs to access the datacenter.

26 Ian is reviewing the security architecture shown here. This architecture is designed to connect his local datacenter with an IaaS service provider that his company is using to provide overflow services. What component can be used at the points marked by the question marks (?s) to provide a secure encrypted network connection?FirewallVPNIPSDLP

27 Which one of the following technologies is not typically used to implement network segmentation?Host firewallNetwork firewallVLAN taggingRouters and switches

28 Which one of the following approaches is an example of a formal code review process?Pair programmingOver-the-shoulderFagan inspectionPass-around code review

29 The Open Web Application Security Project (OWASP) maintains an application called Orizon. This application reviews Java classes and identifies potential security flaws. What type of tool is Orizon?FuzzerStatic code analyzerWeb application assessorFault injector

30 Barney's organization mandates fuzz testing for all applications before deploying them into production. Which one of the following issues is this testing methodology most likely to detect?Incorrect firewall rulesUnvalidated inputMissing operating system patchesUnencrypted data transmission

31 Kobe wants to provide access to a jump box in a secured network. What technology should he deploy to allow a secure connection to the system through untrusted intermediary networks?VPCAn air gapA VPNPhysical segmentation

32 Mia would like to ensure that her organization's cybersecurity team reviews the architecture of a new ERP application that is under development. During which SDLC phase should Mia expect the security architecture to be completed?Analysis and Requirements DefinitionDesignDevelopmentTesting and Integration

33 Which one of the following security activities is not normally a component of the Operations and Maintenance phase of the SDLC?Vulnerability scansDispositionPatchingRegression testing

34 Which hardware device is used on endpoint devices to store RSA encryption keys specific to that device to allow hardware authentication?A SSDA hard driveA MFA tokenA TPM

35 Which one of the following testing techniques is typically the final testing done before code is released to production?Unit testingIntegration testingUser acceptance testingSecurity testingUse the following scenario for questions 36–38.Olivia has been put in charge of performing code reviews for her organization and needs to determine which code analysis models make the most sense based on specific needs her organization has. Use your knowledge of code analysis techniques to answer the following questions.