Mike Chapple - CompTIA CySA+ Practice Tests

1.6 Explain the threats and vulnerabilities associated with operating in the cloud.Cloud service modelsCloud deployment modelsFunction as a service (FaaS)/serverless architectureInfrastructure as code (IaC)Insecure application programming interface (API)Improper key managementUnprotected storageLogging and monitoring

1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.Attack typesVulnerabilities

1 Olivia is considering potential sources for threat intelligence information that she might incorporate into her security program. Which one of the following sources is most likely to be available without a subscription fee?Vulnerability feedsOpen sourceClosed sourceProprietary

2 During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?Perform a DNS brute-force attack.Use an nmap ping sweep.Perform a DNS zone transfer.Use an nmap stealth scan.

3 Roger is evaluating threat intelligence information sources and finds that one source results in quite a few false positive alerts. This lowers his confidence level in the source. What criteria for intelligence is not being met by this source?TimelinessExpenseRelevanceAccuracy

4 What markup language provides a standard mechanism for describing attack patterns, malware, threat actors, and tools?STIXTAXIIXMLOpenIOC

5 A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?OraclePostgresMySQLMicrosoft SQL

6 Brad is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. Which one of the following threat actors is most likely to be associated with an advanced persistent threat (APT)?HacktivistNation-stateInsiderOrganized crime

7 During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?Determine the reason for the ports being open.Investigate the potentially compromised workstation.Run a vulnerability scan to identify vulnerable services.Reenable the workstation's local host firewall.

8 Charles is working with leaders of his organization to determine the types of information that should be gathered in his new threat intelligence program. In what phase of the intelligence cycle is he participating?DisseminationFeedbackAnalysisRequirements

9 As Charles develops his threat intelligence program, he creates and shares threat reports with relevant technologists and leaders. What phase of the intelligence cycle is now occurring?DisseminationFeedbackCollectionRequirements

10 What term is used to describe the groups of related organizations who pool resources to share cybersecurity threat information and analyses?SOCISAC CERTCIRT

11 Which one of the following threats is the most pervasive in modern computing environments?Zero-day attacksAdvanced persistent threatsCommodity malwareInsider threats

12 Singh incorporated the Cisco Talos tool into his organization's threat intelligence program. He uses it to automatically look up information about the past activity of IP addresses sending email to his mail servers. What term best describes this intelligence source?Open sourceBehavioralReputationalIndicator of compromise

13 Consider the threat modeling analysis shown here. What attack framework was used to develop this analysis?ATT&CKCyber Kill Chain STRIDEDiamond

14 Jamal is assessing the risk to his organization from their planned use of AWS Lambda, a serverless computing service that allows developers to write code and execute functions directly on the cloud platform. What cloud tier best describes this service?SaaSPaaSIaaSFaaS

15 Lauren's honeynet, shown here, is configured to use a segment of unused network space that has no legitimate servers in it. What type of threats is this design particularly useful for detecting?Zero-day attacksSQL injectionNetwork scansDDoS attacks

16 Nara is concerned about the risk of attackers conducting a brute-force attack against her organization. Which one of the following factors is Nara most likely to be able to control?Attack vectorAdversary capability LikelihoodTotal attack surface

17 Fred believes that the malware he is tracking uses a fast flux DNS network, which associates many IP addresses with a single fully qualified domain name as well as using multiple download hosts. How many distinct hosts should he review based on the NetFlow shown here?Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2020-07-11 14:39:30.606 0.448 TCP 192.168.2.1:1451->10.2.3.1:443 10 1510 1 2020-07-11 14:39:30.826 0.448 TCP 10.2.3.1:443->192.168.2.1:1451 7 360 1 2020-07-11 14:45:32.495 18.492 TCP 10.6.2.4:443->192.168.2.1:1496 5 1107 1 2020-07-11 14:45:32.255 18.888 TCP 192.168.2.1:1496->10.6.2.4:443 11 1840 1 2020-07-11 14:46:54.983 0.000 TCP 192.168.2.1:1496->10.6.2.4:443 1 49 1 2020-07-11 16:45:34.764 0.362 TCP 10.6.2.4:443->192.168.2.1:4292 4 1392 1 2020-07-11 16:45:37.516 0.676 TCP 192.168.2.1:4292->10.6.2.4:443 4 462 1 2020-07-11 16:46:38.028 0.000 TCP 192.168.2.1:4292->10.6.2.4:443 2 89 1 2020-07-11 14:45:23.811 0.454 TCP 192.168.2.1:1515->10.6.2.5:443 4 263 1 2020-07-11 14:45:28.879 1.638 TCP 192.168.2.1:1505->10.6.2.5:443 18 2932 1 2020-07-11 14:45:29.087 2.288 TCP 10.6.2.5:443->192.168.2.1:1505 37 48125 1 2020-07-11 14:45:54.027 0.224 TCP 10.6.2.5:443->192.168.2.1:1515 2 1256 1 2020-07-11 14:45:58.551 4.328 TCP 192.168.2.1:1525->10.6.2.5:443 10 648 1 2020-07-11 14:45:58.759 0.920 TCP 10.6.2.5:443->192.168.2.1:1525 12 15792 1 2020-07-11 14:46:32.227 14.796 TCP 192.168.2.1:1525->10.8.2.5:443 31 1700 1 2020-07-11 14:46:52.983 0.000 TCP 192.168.2.1:1505->10.8.2.5:443 1 40 11345

18 Which one of the following functions is not a common recipient of threat intelligence information?Legal counselRisk managementSecurity engineeringDetection and monitoring

19 Alfonzo is an IT professional at a Portuguese university who is creating a cloud environment for use only by other Portuguese universities. What type of cloud deployment model is he using?Public cloudPrivate cloudHybrid cloudCommunity cloud

20 During a network reconnaissance exercise, Chris gains access to a PC located in a secure network. If Chris wants to locate database and web servers that the company uses, what command-line tool can he use to gather information about other systems on the local network without installing additional tools or sending additional traffic?pingtraceroutenmapnetstat

21 Kaiden's organization uses the AWS public cloud environment. He uses the CloudFormation tool to write scripts that create the cloud resources used by his organization. What type of service is CloudFormation?SaaSIACFaaSAPI

22 What is the default nmap scan type when nmap is not provided with a scan type flag?A TCP FIN scanA TCP connect scanA TCP SYN scanA UDP scan

23 Isaac wants to grab the banner from a remote web server using commonly available tools. Which of the following tools cannot be used to grab the banner from the remote host?NetcatTelnet WgetFTP

24 Lakshman wants to limit what potential attackers can gather during passive or semipassive reconnaissance activities. Which of the following actions will typically reduce his organization's footprint the most?Limit information available via the organizational website without authentication.Use a secure domain registration.Limit technology references in job postings.Purge all document metadata before posting.

25 Cassandra's nmap scan of an open wireless network (192.168.10/24) shows the following host at IP address 192.168.1.1. Which of the following is most likely to be the type of system at that IP address based on the scan results shown?A virtual machineA wireless routerA broadband routerA print server