CSA +

85 Questions | Total Attempts: 555

SettingsSettingsSettings
CSA Quizzes & Trivia

Questions and Answers
  • 1. 
    ​A security analyst is conducting traffic analysis and observes an HTTP POST to a web server. The POST header is approximately 1,0000 bytes in length. During transmission, one byte is delivered every 10 seconds. Which of the following attacks is this traffic indicative of?
    • A. 

      Exfiltration

    • B. 

      Dos

    • C. 

      Buffer over flow

    • D. 

      SQL Injection

  • 2. 
    A small bank employs an administrator who manages configurations, preforms updates to servers, creates accounts, and reviews audit logs. The bank recently received a write up from a third-party preformed security assessment attributed to this administrator's job details. The insufficiency of which of the following controls was MOST likely to have caused citation. 
    • A. 

      Mandatory Vacation

    • B. 

      Personnel screening

    • C. 

      Training and certification

    • D. 

      Separation of duties

  • 3. 
    A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as "root" and browsing the internet. The administrator determines this by preforming an annual review of the security logs on that server. For which of the following security architecture area should the administrator recommend review and modification? (select two)
    • A. 

      Log aggregation and analysis

    • B. 

      Software assurance

    • C. 

      Encryption

    • D. 

      Acceptable use policies

    • E. 

      Password complexity

    • F. 

      Network isolation and separation

  • 4. 
    A cybersecurity analyst was hired to resolve a security issue within a company after it has been reported that many employee account passwords had been compromised. Upon investigating the incident, the cybersecurity analyst found that brute force attack was launched against the company. Which of the following remediation actions can the cybersecurity analyst recommend to the senior management to address these security issues?
    • A. 

      Prohibit password reuse writing a GPO

    • B. 

      Deploy multifactor authentication

    • C. 

      Require awareness training

    • D. 

      Implement DLP solution

  • 5. 
    Management is concerned with administrator access from outside the network to a key server in the company. Specifically, firewall rules allow access to the server anywhere in the company. Which of the following would be an effective solution?
    • A. 

      Honeypot

    • B. 

      Jump Box

    • C. 

      Server hardening

    • D. 

      Anti-malware

  • 6. 
    The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all the required best practices. Which of the following would be the BEST choice.
    • A. 

      OSSIM

    • B. 

      SDLC

    • C. 

      SANS

    • D. 

      ISO

  • 7. 
    Considering confidentiality and integrity, which of the following makes servers more secure than desktops?
    • A. 

      VLANs

    • B. 

      OS

    • C. 

      Trained operators

    • D. 

      Physical access restrictions

    • E. 

      Processing power

    • F. 

      Hard drive capacity

  • 8. 
    A system Administrator has reviewed the following output#nmap server.local​Nmap scan report for server.localHost is up (0.3452345s latency)​Not shown: 997 closed ports​Port           State         Service22/tcp       open           'ssh​80tcp         open            http#nc server. local 80​220 server. local company SMTP server (postfix/2.3.3)      #nc server. local 22​SSH-2. 0-OpenSSH_7.1p2 Debian-2#​Which of the following can a system administrator infer from the above output
    • A. 

      The company email server is running a non-standard port

    • B. 

      The company email server has been compromised

    • C. 

      The company is running a vulnerable SSH server

    • D. 

      The company web server has been comprised

  • 9. 
    The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after a seizing a compromised workstation?
    • A. 

      Activate the escalation checklist

    • B. 

      Implement the incident response plan

    • C. 

      Analyze the forensic image

    • D. 

      Preform evidence acquisition

  • 10. 
    Nmap scan results on a set of IP addresses returned one or more lines beginning with "cpe:/o. "followed by a company name, product name, and version. Which of the following would this string help an administrator identify?
    • A. 

      Operation systems

    • B. 

      Running services

    • C. 

      Installed software

    • D. 

      Installed hardware

  • 11. 
    Which of the following BEST explains the purpose of data ownership policy?
    • A. 

      The policy should describe the roles and responsibilities between users and managers, and the management of specific data types

    • B. 

      The policy should establish the protocol for retaining information types based on regulatory or business needs

    • C. 

      The policy should document practices that users must adhere to in order to access data on the corporate network or internet

    • D. 

      The policy should outline the organizations administration of accounts for authorized to access the appropriate date

  • 12. 
    An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations would be BEST to prevent the same attack from occurring in the future?
    • A. 

      Remove and replace the managed switch with a unmanaged one

    • B. 

      Implement a separate logical network segment for management interfaces

    • C. 

      Install and configure NAC servers to allow only authorized devices to connect to the network

    • D. 

      Analyze normal behaviors on the network and configure IDS to alert on deviations from normal

  • 13. 
    A company has been a victim of multiple volumetric DoS attacks. Packet of the offending traffic shows the following​09:23:45. 058939 IP 192.168.1.1:2562 > 170.43.30.4:0: Flags[ ], seq 1887775210:1887776670, win 512, length 146009:23:45. 058940 IP 192.168.1.1:2563 > 170.43.30.4:0: Flags[ ], seq 1887775211: 1887776671, win 512 length 146009:23:45. 058941 IP 192.168.1.1:2564 > 170.43.30.4:0: Flags[ ], seq 1887775212: 1887776672, win 512 length 146009:23:45. 058942 IP 192.168.1.1:2565 > 170.43.30.4:0: Flags[ ], seq 1887775213: 1887776673, win 512 length 1460​Which of the following mitigation techniques is MOST effective against the above attack? 
    • A. 

      The company should contact the upstream ISP and ask that RFC 1918 traffic be dropped

    • B. 

      The company should implement a network-based sinkhole to drop all traffic coming from 192.168.1.1 at their gateway router

    • C. 

      The company should implement the following ACL at their gateway firewall: Deny IP HOST 192.168.1.1 170.43.30.0/24

    • D. 

      The company should enable the Dos resource starvation protection feature of the gateway NIPS

  • 14. 
    An organization uses common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities. Management wants to modify the priorities based on a difficult factor so that vulnerabilities with lower CVSS scores may get higher priority if they are easier to implement with less risk to the system functionality. Management also wants to qualify the priority. Which of the following  would achieve managements objective?
    • A. 

      (CVSS Score)* Difficulty =Priority Where difficulty is a range from 0.1 to 1.0 with 1.0 being the easiest and lowest risk to implement

    • B. 

      (CVSS Score)* Difficulty =Priority Where difficulty is a range from 1 to 5 with 1 being the easiest and lowest risk to implement

    • C. 

      (CVSS Score)* Difficulty =Priority Where difficulty is a range from 1 to 10 with 10 being the easiest and lowest risk to implement

    • D. 

      (CVSS Score)*2)/Difficulty =Priority Where difficulty is a range from 1 to 5 with 5 being the easiest and lowest risk to implement

  • 15. 
    The director of software development is concerned with recent web application security incidents, including the successful breach of a black-end database server. The director would like to work with the security team to implement a standardized way to design, build and test web applications and services that support them. Which of the following meets that criteria ?
    • A. 

      OWASP

    • B. 

      SANS

    • C. 

      PHP

    • D. 

      Ajax

  • 16. 
    A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of a month. It has port 3333 open, however, there have not been any alerts or notices regarding the server or its archives. Which of the following did the analyst discover?
    • A. 

      APT

    • B. 

      DDos

    • C. 

      Zero day

    • D. 

      False positive

  • 17. 
    A company is running Microsoft on a file server. A vulnerability scan returned the following result:​Vulnerable software installed: office 2007​HKEY_LOCAL_MACHINE\Software\Microsoft\Windows|CurrentVersion|Installer|Userdata S-1-5-18\Products\000021095F01000000100000000F01FEC\InstallProperties -key exists The Office component Microsoft Office Excel Services is running an affected version - 12.0.6612.1000 HKEY_LOCAL_MACHINE\software\Microsoft\windows|CurrentVersion\Installer\UserData\S-1-5-18\ Products\000021095F01000000100000000F01FE\Patches\F6A389258DE0​16A46B54137BE2278095A - key does not exist patch { 52983A6F-OED8-4A61-B645-31B72E7208A9} is not installed ​Which of the following would provide the MOST efficient method of remediating this finding?
    • A. 

      Implement input validation on the server

    • B. 

      Install patches on the server

    • C. 

      Disable all unneeded services running on the server

    • D. 

      Run wireshark to determine what is accessing the server

  • 18. 
    A security analyst is reviewing logs and discovers that a company-owned computer is issued to an employee is generation many alerts and warnings. The analyst continues to review the log evens and discovers that a non company-owned device from a different unknown IP address is generation the same events. The analyst informs the manger of these findings, and the manager explains that these activities are already known and part of an on going simulation. Given this scenario, which of the following roles are the analyst, the employee and the manager filing ?
    • A. 

      The analyst is the red team The employee is the blue team The manager is the white team

    • B. 

      The analyst is the white team The employee is the red team The manager is the blue team

    • C. 

      The analyst is the red team The employee is the white team The manager is the blue team

    • D. 

      The analyst is the blue team The employee is the red team The manager is the white team

  • 19. 
    The Chief Information Office (CIO) of a company has been receiving an increased amount of spam in the last month. The CIO has not signed up for any newsletter or given contact information to any venders during this time frame. Which of the following techniques would a cybersecurity analyst employ to duplicate an external actor's methods of uncovering the CIO's e-mail address (select two)
    • A. 

      Social media profiling

    • B. 

      Email harvesting

    • C. 

      Packet capture

    • D. 

      Service discovery

    • E. 

      DNS harvesting

  • 20. 
    During the post-seizure analysis of a workstation, the technician discovers a large archive on an image that forensic tools suite is unable to access. The technician Is prompted for authorization credentials when attempting to open the files manually. Which of the following tools would be MOST appropriate to use on the archive to gain access.
    • A. 

      Hashing utility

    • B. 

      Write blockers

    • C. 

      Fuzzer

    • D. 

      Password cracker

  • 21. 
    Following a data compromise, a cybersecurity analyst noticed the following executed query:​Select * from Users WHERE name = rick or 1=1​Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack
    • A. 

      Code encryption

    • B. 

      XSS attack

    • C. 

      Parameter validation

    • D. 

      Character blacklist

    • E. 

      Malicious code execution

    • F. 

      SQL injection

  • 22. 
    Which of the following is MOST effective for correlation analysis by log for threat management?
    • A. 

      PACP

    • B. 

      SCAP

    • C. 

      IPS

    • D. 

      SIEM

  • 23. 
    An analyst was testing the latest version of internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali's latest distribution, the analyst was able to access configuration files, change permission on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to preform these unauthorized services?
    • A. 

      Impersonation

    • B. 

      Privilege escalation

    • C. 

      Directory traversal

    • D. 

      Input injection

  • 24. 
    A security analyst received a compromised workstation. The workstation's hard drive may contain evidence of criminal activities. Which of the following is the First thing the analyst must do to ensure the integrity of a hard drive while preforming the analysis?
    • A. 

      Make a copy of the hard drive

    • B. 

      Use write blockers

    • C. 

      Run rm -r command to create a hash

    • D. 

      Install it on a different machine and explore the content

  • 25. 
    A security analyst is preforming a static code of a review of a web application that includes a blog. The comment sections contain the following snippet:<script>​var d = document.getElement ById ("userComment"). value; document. getElementById ("displayComment") .innerHTML =usercomment
    • A. 

      Cross-site request forgery

    • B. 

      SQL injection

    • C. 

      Cross-site scripting

    • D. 

      Session Hijacking

Back to Top Back to top