Jason Dion CYSA+ exam 1 with accurate solutions + explanations(pass guaranteed)

Which of the following options places the correct phases of the Software Development Lifecycle's waterfall method in the correct order?

Planning, requirements analysis, design, implementation, testing, deployment, and maintenance

Dion Consulting Group has been hired to analyze the cybersecurity model for a new videogame console system. The manufacturer's team has come up with four recommendations to prevent intellectual property theft and piracy. As the cybersecurity consultant on this project, which of the following would you recommend they implement first?

Ensure that each individual console has a unique key for decrypting individual licenses and tracking which console has purchased which game

What should a vulnerability report include if a cybersecurity analyst wants it to reflect the assets scanned accurately?

Virtual Hosts

Which of the following types of encryption would ensure the best security of a website?

TLS

Which of the following is usually not considered when evaluating the attack surface of an organization?

Software Development lifecycle model

When using the netstat command during an analysis, which of the following connection status messages indicates whether an active connection between two systems exists?

Established

You have been hired to investigate a possible insider threat from a user named Terri. Which command would you use to review all sudo commands ever issued by Terri (whose login account is terri and UID=1003) on a Linux system? (Select the MOST efficient command)

journalctl_uid=1003 | grep sudo

Dion Training is concerned with the possibility of a data breach causing a financial loss to the company. After performing a risk analysis, the COO decides to purchase data breach insurance to protect the company from an incident. Which of the following best describes the company's risk response?

Acceptance

Mitigation

Transference

(Correct)

Avoidance

Transference

You are going to perform a forensic disk image of a macOS laptop. What type of hard drive format should you expect to encounter?

HFS+

What document typically contains high-level statements of management intent?

Policy

You have evidence to believe that an attacker was scanning your network from an IP address at 172.16.1.224. This network is part of a /26 subnet. You wish to quickly filter through several logs using a REGEX for anything that came from that subnet. What REGEX expression would provide the appropriate output when searching the logs for any traffic originating from only IP addresses within that subnet?

\b172\.16\.1.(25[0-5]|2[0-4][0-9]|[01]?[0-9]?)\b

As a newly hired cybersecurity analyst, you are attempting to determine your organization's current public-facing attack surface. Which of the following methodologies or tools generates a current and historical view of the company's public-facing IP space?

shodan.io

A vulnerability scanner has reported that a vulnerability exists in the system. Upon validating the report, the analyst determines that this reported vulnerability does not exist on the system. What is the proper term for this situation?

False Positive

During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team?

DLP

You received an incident response report indicating a piece of malware was introduced into the company's network through a remote workstation connected to the company's servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

NAC

Your service desk has received many complaints from external users that a web application is responding slowly to requests and frequently receives a "connection timed out" error message when they attempt to submit information to the application. Which software development best practice should have been implemented to prevent this from occurring?

Stress Testing

A cybersecurity analyst conducts an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?

Privacy Breach

Dion Consulting Group has recently been awarded a contract to provide cybersecurity services for a major hospital chain in 48 cities across the United States. You are conducting a vulnerability scan of the hospital's enterprise network when you detect several devices that could be vulnerable to a buffer overflow attack. Upon further investigation, you determine that these devices are PLCs used to control the hospital's elevators. Unfortunately, there is not an update available from the elevator manufacturer for these devices. Which of the following mitigations do you recommend?

Recommend isolation of the elevator control system from the rest of the production network through the change control process

A popular game allows for in-app purchases to acquire extra lives in the game. When a player purchases the extra lives, the number of lives is written to a configuration file on the gamer's phone. A hacker loves the game but hates having to buy lives all the time, so they developed an exploit that allows a player to purchase 1 life for $0.99 and then modifies the content of the configuration file to claim 100 lives were purchased before the application reading the number of lives purchased from the file. Which of the following type of vulnerabilities did the hacker exploit?

Race Condition

Which of the following tools could be used to detect unexpected output from an application being managed or monitored?

A behavior-based analysis tool

Which of the following will an adversary do during the exploitation phase of the Lockheed Martin kill chain? (SELECT THREE)

Take Advantage of a software, hardware, or human vulnerability

Wait for a user to click on a malicious link

Wait for a malicious email attachment to be opened

A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized?

Exact data match

Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect if an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?

Behavior

Which of the following vulnerability scans would provide the best results if you want to determine if the target's configuration settings are correct?

Credentialed scan

Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach?

Protected health information

Which of the following is the correct usage of the tcpdump command to create a packet capture filter for all traffic going to and from the server located at 10.10.1.1?

tcpdump -i eth0 host 10.10.1.1

Which of the following secure coding best practices ensures a character like < is translated into the < string when writing to an HTML page?

Output encoding

Which of the following threats to a SaaS deployment would be the responsibility of the consumer to remediate?

An endpoint security failure

You are conducting a forensic analysis of a hard disk and need to access a file that appears to have been deleted. Upon analysis, you have determined that the file's data fragments exist scattered across the unallocated and slack space of the drive. Which technique could you use to recover the data?

carving

A new security appliance was installed on a network as part of a managed service deployment. The vendor controls the appliance, and the IT team cannot log in or configure it. The IT team is concerned about the appliance receiving the necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates

Vulnerability scanning

You are attempting to prioritize your vulnerability scans based on the data's criticality. This will be determined by the asset value of the data contained in each system. Which of the following would be the most appropriate metric to use in this prioritization?

The type of data processed by the system

A cybersecurity analyst is analyzing what they believe to be an active intrusion into their network. The indicator of compromise maps to suspected nation-state group that has strong financial motives, APT 38. Unfortunately, the analyst finds their data correlation lacking and cannot determine which assets have been affected, so they begin to review the list of network assets online. The following servers are currently online: PAYROLL_DB, DEV_SERVER7, FIREFLY, DEATHSTAR, THOR, and DION. Which of the following actions should the analyst conduct first?

Conduct a data criticality and prioritization analysis

Which of the following must be combined with a threat to create risk?

Vulnerability

Which of the following is typically used to secure the CAN bus in a vehicular network?

Airgap

You identified a critical vulnerability in one of your organization's databases. You researched a solution, but it will require the server to be taken offline during the patch installation. You have received permission from the Change Advisory Board to implement this emergency change at 11 pm once everyone has left the office. It is now 3 pm; what action(s) should you take now to best prepare for implementing this evening's change? (SELECT ALL THAT APPLY)

Document the change in the change management system

Identify any potential risks associated with installing the patch

Validate the installation of the patch in a staging environment

Ensure all stakeholders are informed of the planned outage

What is a reverse proxy commonly used for?

Directing traffic to internal services if the contents of the traffic comply with the policy

After 9 months of C++ programming, the team at Whammiedyne systems has released their new software application. Within just 2 weeks of release, though, the security team discovered multiple serious vulnerabilities in the application that must be corrected. To retrofit the source code to include the required security controls will take 2 months of labor and will cost $100,000. Which development framework should Whammiedyne use in the future to prevent this situation from occurring in other projects?

DevSecOps

A SOC analyst has detected the repeated usage of a compromised user credential on the company's email server. The analyst sends you an email asking you to check the server for any indicators of compromise since the email server is critical to continued business operations. Which of the following was likely overlooked by your organization during the incident response preparation phase?

Develop a communication plan that includes provisions for how to operate in a compromised environment

An organization is conducting a cybersecurity training exercise. What team is Jason assigned to if he has been asked to monitor and manage the defenders' and attackers' technical environment during the exercise?

White Team

You are investigating a suspected compromise. You have noticed several files that you don't recognize. How can you quickly and effectively check if the files have been infected with malware?

Submit the files to an open-source intelligence provider like VirusTotal

Which of the following BEST describes when a third-party takes components produced by a legitimate manufacturer and assembles an unauthorized replica sold in the general marketplace?

Counterfeiting

Your company is making a significant investment in infrastructure-as-a-service (IaaS) hosting to replace its data centers. Which of the following techniques should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud?

Use full-disk encryption

An analyst suspects that a trojan has victimized a Linux system. Which command should be run to determine where the current bash shell is being executed from on the system?

Which bash

What techniques are commonly used by port and vulnerability scanners to enumerate the services running on a target system?

Banner grabbing and comparing response fingerprints

A company's NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?

Enable sampling of the data

Which type of threat will patches NOT effectively combat as a security control?

Zero-day attacks

You have tried to email yourself a file named "passwords.xlsx" from your corporate workstation to your Gmail account. Instead of receiving the file in your email, you received a description of why this was a policy violation and what you can do to get the file released or resent. Which of the following DLP remediation actions has occurred?

Tombstone

An organization has hired a cybersecurity analyst to conduct an assessment of its current security posture. The analyst begins by conducting an external assessment against the organization's network to determine what information is exposed to a potential external attacker. What technique should the analyst perform first?

Enumeration

Which of the following is a senior role with the ultimate responsibility for maintaining confidentiality, integrity, and availability in a system?

Data owner

Which of the following tools is useful for capturing Windows memory data for forensic analysis?

Nessus

Memdump

(Correct)

dd

Wireshark

memdump

Fail to Pass Systems has suffered a data breach. Your analysis of suspicious log activity traced the source of the data breach to an employee in the accounting department's personally-owned smartphone connected to the company's wireless network. The smartphone has been isolated from the network now, but the employee refuses to allow you to image their smartphone to complete your investigation forensically. According to the employee, the company's BYOD policy does not require her to give you her device, and it is an invasion of their privacy. Which of the following phases of the incident response process is at fault for creating this situation?

Preparation phase

Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?

Deploy a new group policy

What tool is used to collect wireless packet data?

Aircrack-ng

Praveen is currently investigating activity from an attacker who compromised a host on the network. The individual appears to have used credentials belonging to a janitor. After breaching the system, the attacker entered some unrecognized commands with very long text strings and then began using the sudo command to carry out actions. What type of attack has just taken place?

privilege escalation

William evaluates the potential impact of a confidentiality risk and determines that the disclosure of information contained on a system could have a limited adverse effect on the organization. Using FIPS 199, how should he classify the confidentiality impact?

Low

Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week, and then the backups should be transported to an off-site facility for storage. What strategy should Hilda choose to BEST meet these requirements?

Create a daily incremental backup to tape

Which of the following sets of Linux permissions would have the least permissive to most permissive?

111, 734,747

You just received a notification that your company's email servers have been blocklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?

The full email header from one of the spam messages

Which of the following techniques would be the most appropriate solution to implementing a multi-factor authentication system?

Smartcard and Pin

Which of the following provides a cryptographic authentication mechanism to positively identify an organization as the authorized sender of email for a particular domain name?

DKIM

A cybersecurity analyst reviews the logs of a proxy server and saw the following URL, https://www.google.com/search?q=*%40diontraining.com. Which of the following is true about the results of this search?

Returns all web pages containing an email address affiliated with diontraining.com

Which term defines the collection of all points from which an adversary could interact with a system and cause it to function in a way other than how it was designed?

attack surface

You are reviewing the latest list of important web application security controls published by OWASP. Which of these items is LEAST likely to appear on that list?

Obscure web interface locations

Which of the following functions is not provided by a TPM?

User Authentication

You are conducting an incident response and have traced the attack source to some compromised user credentials. After performing log analysis, you discover that the attack was successfully authenticated from an unauthorized foreign country. Your management is now asking for you to implement a solution to help mitigate this type of attack from occurring again. Which of the following should you implement?

Context-based authentication

The incident response team leader has asked you to perform a forensic examination on a workstation suspected of being infected with malware. You remember from your training that you must collect digital evidence in the proper order to protect it from being changed during your evidence collection efforts. Which of the following describes the correct sequence to collect the data from the workstation?

CPU Cache, RAM, Swap, Hard drive

Which of the following would be used to prevent a firmware downgrade?

eFuse