LX-Cybervista-CompTIA-Practice-Test-Pack
1. What is the process of identifying IoT and other devices that are not part of the core infrastructure so that hackers cannot use them to compromise an organization’s core network?
A) Edge discovery
B) Penetration testing and adversary emulation
C) Security controls testing
D) Passive discovery
2. Which concept allows customers of different cell phone services to communicate with each other?
A) Federation
B) Multi-factor authentication
C) Privileged access management
D) Single sign-on
3. Which network architecture concept allows for dynamic reconfiguration of a network as a reaction to changes in volume, types of traffic, and security incidents?
A) On-premises
B) Software-defined networking
C) Hybrid
D) Secure Access Service Edge
4. In security operations, which of the following would provide well-defined operational guidelines for processes such as incident response, security policy, vulnerability management, and security awareness?
A) Logging levels
B) System processes
C) Windows registry
D) System hardening
5. A log analysis reveals the following input into a login portal:
Jsmith2)(&)
Admin1
Which type of attack has most likely occurred?
A) LDAP Injection
B) Brute Force
C) XSS
D) SQL Injection
6. Your team has begun using user behavior analysis to identify potential malicious activity. Which of the following is NOT an example of behavior that might be uncovered using this technique?
A) Communication attempts from unusual geographic locations
B) Editing of user groups
C) Breaking the key on a hashed password
D) User activity at odd hours
7. You suspect that a device has been compromised and is communicating with a remote C&C server. Which of the following symptoms would be indicative of this?
A) An unusually high number of ping requests to multiple hosts on your network within a short time frame
B) An unusual spike in network traffic
C) Traffic leaving your network at regular intervals from the same device to the same destination
D) The device is suddenly unavailable
8. After a number of unsuccessful attempts were made to attack your websites, your organization is looking to increase its knowledge about the latest threats to web applications. As part of this process, management has asked you to identify a list of the top 10 attacks and report these attacks on an ongoing basis. Which organization provides this information?
A) ISO
B) CIS
C) OWASP
D) SANS
9. Penetration testing is planned for your organization’s network. The penetration tester is using Open-Source Security Testing Methodology Manual (OSSTMM) best practices to implement the testing. Which type of security testing is performed when the pen testers are engaged with knowledge of the target’s processes and operational security, but the target organization is not aware of what, how, and when the penetration tester will be testing?
A) Partially known environment testing
B) Reversal testing
C) Blind testing
D) Tandem testing
10. During which stage of the incident recovery process do you ensure that all security monitoring and logging is occurring correctly?
A) Eradication
B) Validation
C) Incident summary report
D) Containment
11. In which stage of the incident recovery process does the cybersecurity analyst perform scanning?
A) Validation
B) Eradication
C) Corrective actions
D) Containment
12. Which of the infrastructure concepts below provides developers with the opportunity to build and run applications in the cloud, without the extra responsibility of having to maintain servers?
A) Virtualization
B) Containerization
C) Secure Access Service Edge
D) Serverless
13. Which of the following attacks involves analyzing the compiled mobile app or system data to extract source code information to be used in understanding and potentially manipulating the underlying architecture of the mobile application or operating system?
A) Sandbox analysis
B) Over-reaching permissions
C) Reverse engineering
D) Spamming
14. To address recent issues in the parking lot, the company has installed a CCTV camera to monitor the lot. What type of control is this?
A) Preventative
B) Detective
C) Managerial
D) Corrective
15. An attacker was able to hack into the POS system of a retail store and refund a large amount into their bank account. Which service method was most likely used by the broken access control allowing unauthorized access to the POS system?
A) POS application
B) OS version
C) SNMP service
D) FTP service
16. You are a cybersecurity advisor for Nutex Inc. You are designing the incident response reporting and escalation policies and procedures. Specifically, you are outlining how best to share the organization’s sensitive information with external parties in case of a security incident. Which party or parties should you consult FIRST?
A) CEO
B) Board of directors
C) Public relations department
D) Legal department
17. Sam is reviewing web server logs after an attack. He discovers that many records contain semicolons and apostrophes in queries from end users. What type of attack should Sam suspect?
A
) Cross-site scripting
B) Buffer overflow
C) SQL injection
D) LDAP injection
18. Your web server’s files and directories were recently spidered, revealing a security issue of which a hacker took advantage. You need a server analysis tool that can index all of the files and directories, commonly known as spidering. Which of the following tools would be best suited for this?
A) Nessus
B) Zenmap
C) Nikto
D) Burp Suite
19. Your organization’s reputation is staked on a book it publishes yearly. When you perform data classification, how should you classify this book and its contents?
A) Intellectual property
B) Personally identifiable information
C) Corporate confidential data
D) PHI
20. You are a cyber security analyst. Your organization has several products and services implemented within their IT environment. Management finds it difficult to view security and operational metrics for all the products. You recommend that management approve implementing a single pane of glass solution to resolve the visibility issue.
Which of the following statements is NOT true of implementing a single pane of glass solution?
A) It provides a centralized display of security and operational metrics that is readily available to management.
B) It provides an easy-to-navigate GUI.
C) It displays and sends data in real time from the centralized application whenever relevant events occur in the environment.
D) It increases efficiency by eliminating the need to switch back and forth between separate IT operations management solutions.
21. Which concept involves contracting with a third party to provide a location and equipment to be used in the event of an emergency?
A) Disaster recovery plan
B) Offsite storage
C) Alternate processing site
D) Alternate business practices
22. You are exploring the attack surface of a Windows 10 host. Which scripting environment is an automation standard for modern Windows systems?
A) PowerShell
B) Java
C) Bash
D) VBA
23. Which process allows you to deploy, configure, and manage data centers through scripts?
A) Waterfall
B) Immutable systems
C) IaC
D) Baselining
24. Your organization has recovered from a major security incident. You have planned the lessons learned meeting with relevant stakeholders.
Which of the following is NOT a benefit of a lessons learned meeting?
A) Helps create an escalation matrix.
B) Helps update incident response policies and procedures.
C) Helps determine the root cause of the incident.
D) Helps maintain regulatory reporting.
25. You are assisting a senior forensics investigator with a crime scene. While you are watching, he runs the following command:
user@kaplan:~# md5sum /dev/pw3
He receives the following output:
9b98b637a132974e41e3c6ae1fc9fc96 /dev/pw3
What is the long string of values in the output called?
A) Initialization vector
B) Encryption key
C) Hash value
D) Salt value
26. When you study malware to discover how it functions, what operation are you performing?
A) Vulnerability testing
B) Rules of engagement
C) Reverse engineering
D) Penetration testing
27. You have hired a cybersecurity intern and you are helping him to understand the Cyber Kill Chain process.
Which of the following activities is performed in the Delivery stage?
A) Sniffing packets traversing the target network.
B) Installing a backdoor on the target system.
C) Collecting and exfiltrating data from the target system.
D) Sending a phishing email to the target system.
28. Which of the following is a Microsoft threat-modeling tool?
A) CVSS
B) STRIDE
C) STIX
D) T-MAP
29. Your company recently conducted a penetration test for Verigon to determine compliance with several federal regulations. Six months after the test was conducted, Verigon management must provide compliance documentation of the penetration test. Which type of report is needed?
A) Executive summary
B) Lessons learned
C) Rules of engagement
D) Attestation of findings
30. Which of the following cryptographic attacks can be mitigated by salting the password?
A) Brute force
B) Pass the hash
C) Known plaintext
D) Side channel
31. The team is analyzing IoCs and categorizing them by their source. Which of the following is NOT an example of a host-related IoC?
A) Unauthorized scheduled tasks
B) File system changes or anomalies
C) Abnormal operating system behavior
D) Registry changes or anomalies
E) Unusual traffic spikes
32. During which stage of the incident recovery process do you ensure that all security monitoring and logging is occurring correctly?
A) Eradication
B) Validation
C) Incident summary report
D) Containment
33. Which research source can help in discovering new vulnerabilities and potential threats in existing Internet standards?
A
) TAXII
B) TTPs
C) RFCs
D) STIX
34. You are investigating a social engineering attack that caused several data breaches. Which of the following is a social engineering attack?
A) Phishing
B) SYN flood
C) On-path attack
D) Land attack
35. A small business, with two employees, has an e-commerce site that processes credit card transactions, following PCI DSS guidelines. These guidelines call for a separation of duties, but neither of the employees has the time available for auditing transactions. For compliance, the business hires a third party to review the transactions, logs, and other pertinent information. This is an example of which type of control?
A) Corrective control
B) Preventative control
C) Operational control
D) Compensating control
36. Which of the following has Firewall as a Service (FWaaS) as a component?
A) Secure Access Service Edge
B) Software-defined networking
C) On-premises
D) Network segmentation
37. Your organization recently deployed a commerce server in the cloud. They want to ensure that all requirements of PCI-DSS are implemented. Which open-source security tool contains hundreds of controls covering PCI-DSS requirements?
A) Prowler
B) Maltego
C) Immunity Debugger
D) Arachni
38. Which of the following is NOT true of implementing a single pane of glass solution?
A) It provides a centralized display of security and operational metrics that is readily available to management.
B) It provides an easy-to-navigate GUI.
C) It displays and sends data in real time from the centralized application whenever relevant events occur in the environment.
D) It increases efficiency by eliminating the need to switch back and forth between separate IT operations management solutions.
39. Which concept involves contracting with a third party to provide a location and equipment to be used in the event of an emergency?
A) Disaster recovery plan
B) Offsite storage
C) Alternate processing site
D) Alternate business practices
40. You are exploring the attack surface of a Windows 10 host. Which scripting environment is an automation standard for modern Windows systems?
A) PowerShell
B) Java
C) Bash
D) VBA
41. Which process allows you to deploy, configure, and manage data centers through scripts?
A) Waterfall
B) Immutable systems
C) IaC
D) Baselining
42. Your organization has recovered from a major security incident. You have planned the lessons learned meeting with relevant stakeholders.
Which of the following is NOT a benefit of a lessons learned meeting?
A) Helps create an escalation matrix.
B) Helps update incident response policies and procedures.
C) Helps determine the root cause of the incident.
D) Helps maintain regulatory reporting.
43. You are assisting a senior forensics investigator with a crime scene. While you are watching, he runs the following command:
user@kaplan:~# md5sum /dev/pw3
He receives the following output:
9b98b637a132974e41e3c6ae1fc9fc96 /dev/pw3
What is the long string of values in the output called?
A) Initialization vector
B) Encryption key
C) Hash value
D) Salt value
44. When you study malware to discover how it functions, what operation are you performing?
A) Vulnerability testing
B) Rules of engagement
C) Reverse engineering
D) Penetration testing
45. You have hired a cybersecurity intern and you are helping him to understand the Cyber Kill Chain process.
Which of the following activities is performed in the Delivery stage?
A) Sniffing packets traversing the target network.
B) Installing a backdoor on the target system.
C) Collecting and exfiltrating data from the target system.
D) Sending a phishing email to the target system.
46. Which of the following is a Microsoft threat-modeling tool?
A) CVSS
B) STRIDE
C) STIX
D) T-MAP
47. Your company recently conducted a penetration test for Verigon to determine compliance with several federal regulations. Six months after the test was conducted, Verigon management must provide compliance documentation of the penetration test. Which type of report is needed?
A) Executive summary
B) Lessons learned
C) Rules of engagement
D) Attestation of findings
48. Which of the following cryptographic attacks can be mitigated by salting the password?
A) Brute force
B) Pass the hash
C) Known plaintext
D) Side channel
49. The team
is analyzing IoCs and categorizing them by their source. Which of the following is NOT an example of a host-related IoC?
A) Unauthorized scheduled tasks
B) File system changes or anomalies
C) Abnormal operating system behavior
D) Registry changes or anomalies
E) Unusual traffic spikes
50. During which stage of the incident recovery process do you ensure that all security monitoring and logging is occurring correctly?
A) Eradication
B) Validation
C) Incident summary report
D) Containment
Answer Preview: CySA+ (CS0-003)
