Search Header Logo

CySa+ Pretest 1: 2/3

Authored by Thomas Ray

9th Grade - Professional Development

Used 8+ times

CySa+ Pretest 1: 2/3
AI

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

    Content View

    Student View

20 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Out of all the protocols listed, which one might be used inside of a virtual system to manage and monitor the network?

SNMP

SMTP

BGP

EIGRP

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is NOT a good source of information to validate scan results?

Log files

SIEM systems

Configuration Management Systems

An Analyst's "gut feeling"

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have been asked to scan your company’s website using the OWASP ZAP tool. When you perform the scan, you received the following warning:

“The AUTOCOMPLETE output is not disabled in HTML FORM/INPUT containing password type input. Passwords may be stored in browsers and retrieved.”

You begin to investigate further by reviewing a portion of the HTML code from the website that is listed below:

<form action=authenticate.php”> Enter your username: <BR>

<input type=“text” name=“user” value=“” autofocus><BR> Enter your Password: <BR>

<input type=“password” name=“pass” value=“” maxlength=“32”><BR>

<input type=“submit” value=“submit”> </form>

Based on your analysis, what do you recommend?

You should implement a scanner exception to ensure you don’t receive this false positive again during your next scan

You tell the system administrator to disable SSL and implement TLS

You tell the developer to review their code and implement a bug/code fix

You recommend that your company should update the browser’s GPO to solve this issue

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When using nmap, what flag do you use in the syntax to conduct operating system identification during the scan?

-os

-O

-id

-osscan

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

John is a consultant who wants to sell his services to a new client. He’d like to have a vulnerability scan of their network prior to their initial meeting to show the client, for added security. What is the most significant problem with this approach?

He doesn’t know the client’s infrastructure design

He doesn’t have permission to perform the scan

He doesn’t know what operating systems and applications are in use

He doesn’t know the IP range of the client systems

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Peter is working with an application team on the remediation of a critical SQL injection vulnerability that exists on a public-facing server. The team is worried that deploying the fix will require several hours of downtime that will also block customer transactions from completing. What is the most reasonable action to take?

Wait until next scheduled maintenance window

Demand that the vulnerability be remediated immediately

Schedule an emergency maintenance for an off-peak time later in the day

Convene a working group to assess the situation

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What remediation strategies is MOST effective in reducing the risk to an embedded ICS from a network-based compromise?

Patching

NIDS

Firewalling

Disabling unused services

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Google

Continue with Google

Email

Continue with Email

Classlink

Continue with Classlink

Clever

Continue with Clever

or continue with

Microsoft

Microsoft

Apple

Apple

Others

Others

Already have an account?