Mike Chapple - CompTIA CySA+ Practice Tests

119 Which of the following parties directly communicate with the end user during a SAML transaction?The relying partyThe SAML identity providerBoth the relying party and the identity providerNeither the relying party nor the identity provider

120 What type of dedicated device is used in organizations that can generate keys, create and validate digital signatures, and provide cryptoprocessing to both encrypt and decrypt data?HSMsBGPsSSMsNone of the above

121 Saeed wants to ensure that devices procured by his company are captured in inventory and tracked throughout their lifespan via physical inventory tracking methods. What can he do to make sure that the assets are easier to quickly identify against an asset inventory?Record them in a databaseRecord them via paper formsUse asset taggingUse hardware address-based tagging

122 Isaac is developing a mobile application and is following the OWASP Mobile Application Security Checklist. Which of the following is a practice he should not follow?The application will use symmetric cryptography with hard-coded keys as its sole method of encryption.Data for the application will be encoded on the network using TLS any time data is sent or received.The application will use the Secure Enclave on iOS devices to store cryptographic keys.The application invalidates sessions after a predetermined period of inactivity and session tokens expire.

123 Micro-probing, applying unexpected or out of specification voltages or clock signals, and freezing a device are all examples of types of attacks prevented by what type of technique?DRMAnti-theftAnti-tamperFault tolerance

124 Patricia wants to protect updated firmware for her organization's proprietary hardware when it is installed and is concerned about third parties capturing the information as it is transferred between the host system and the hardware device. What type of solution should she use to protect the data in transit if the device is a PCIe internal card?Bus encryptionCPU encryptionFull-disk encryptionDRM

125 Piper wants to delete the contents of a self-encrypting drive (SED). What is the fastest way to securely do so?Use a full-drive wipe following DoD standards.Delete the encryption key for the drive.Use a degausser.Format the drive.

126 What type of module is required to enable Secure Boot and remote attestation?A TPM moduleA HSMA GPMAn MX module

127 Although both Secure Boot and Measured Boot processes rely on a chain of trust, only one validates the objects in the chain. Which technology does this and what process does it follow?A Secured Boot chain validates the boot objects using private keys to check against public keys already in the BIOS.A Measured Boot chain computes the hash of the next object in the chain and compares it to the hash of the previous object.A Secured Boot chain computes the hash of the next object in the chain and compares it to the hash of the previous object.A Measured Boot chain validates the boot objects using private keys to check against public keys already in the BIOS.

128 What type of operation occurs in a way that prevents another processor or I/O device from reading or writing to a memory location that is in use by the operation until the operation is complete?A complete operationA fractional operationAtomic executionPerpendicular execution

129 Adil is attempting to boot a system that uses UEFI and has Secure Boot enabled. During the boot process, the system will not start because of a recognized key error. What has occurred?The user has not entered their passphrase.The drive token needs updated.A USB token is not plugged in.The operating system may not be secure.

130 Support for AES, 3DES, ECC, and SHA-256 are all examples of what?Encryption algorithmsHashing algorithmsProcessor security extensionsBus encryption modules

131 Bernie sets up a VPC for his organization and connects to it through a VPN. What has he created and where?A private segment of a public cloudA private segment of a local virtualization environmentA public segment of a private cloudA public segment of a local virtualization environment

132 What types of attacks can API keys help prevent when used to limit access to a REST-based service?Brute-force attacksTime-of-access/time-of-use attacksMan-in-the-middle attacksDenial-of-service attacks

133 Which of the following is not a benefit of physical segmentation?Easier visibility into trafficImproved network securityReduced costIncreased performanceUse the following diagram to answer the next three questions.

134 Scott has designed a redundant infrastructure, but his design still has single points of failure. Which of the single points of failure is most likely to cause an organizationwide Internet outage?Point APoint CPoint EPoint F

135 After identifying the single point of failure for his connectivity, Scott wants to fix the issue. What would be the best solution for the issue he identified?A second connection from the same ISP on the same fiber pathA second connection from a different ISP on the same fiber pathA second connection from the same ISP on a different fiber pathA second connection from a different ISP on a different fiber path

136 Scott has been asked to review his infrastructure for any other critical points of failure. If point E is an edge router and individual workstations are not considered mission critical, what issue should he identify?Point DPoint EPoint FNone of the above

137 Which of the following options is most effective in preventing known password attacks against a web application?Account lockoutsPassword complexity settingsCAPTCHAsMultifactor authentication

138 Ben adds a unique, randomly generated string to each password before it is hashed as part of his web application's password storage process. What is this process called?MashingHashingSaltingPeppering

139 Which of the following is not a common use case for network segmentation?Creating a VoIP networkCreating a shared networkCreating a guest wireless networkCreating trust zones

140 Kwame discovers that secrets for a microservice have been set as environment variables on the Linux host that he is reviewing using the following command:docker run -it -e "DBUSER= appsrv" -e DBPASSWD=secure11" dbappsrvWhich processes can read the environment variables?The dbuserThe Docker userAll processes on the systemRoot and other administrative users

141 What three layers make up a software defined network?Application, Datagram, and Physical layersApplication, Control, and Infrastructure layersControl, Infrastructure, and Session layersData link, Presentation, and Transport layers

142 Which of the following is not a security advantage of VDI?No data is stored locally on the endpoint device.Patch management is easier due to use of a single central image.VDI systems cannot be infected with malware.There is isolation of business tools and files even when using personally owned devices.

143 Micah is designing a containerized application security environment and wants to ensure that the container images he is deploying do not introduce security issues due to vulnerable applications. What can he integrate into the CI/CD pipeline to help prevent this?Automated checking of application hashes against known good versionsAutomated vulnerability scanningAutomated fuzz testingAutomated updates

144 Susan wants to optimize the DevOps workflow as part of a DevSecOps initiative. What optimization method should she recommend to continuously integrate security without slowing work down?Automate some security gates.Perform security testing before development.Perform security testing only after all code is fully operational.None of the above.

145 Camille wants to integrate with a federation. What will she need to authenticate her users to the federation?An IDPA SPAn API gatewayA SSO serverAnswer the next three questions based on your knowledge of container security and the following scenario.Brandon has been tasked with designing the security model for container use in his organization. He is working from the NIST SP 800-190 document and wants to follow NIST recommendations wherever possible.