CompTIA CySA+ Practice Tests. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ that her organization needs to have in production has vulnerabilities due to a recent scan using a web application security scanner. What is her best protection option if she knows that the vulnerability is a known SQL injection flaw?A firewallAn IDSA WAFDLPUse the following scenario to answer questions 79–81.Donna has been assigned as the security lead for a DevSecOps team building a new web application. As part of the effort, she has to oversee the security practices that the team will use to protect the application. Use your knowledge of secure coding practices to help Donna guide her team through this process.

      79 A member of Donna's team recommends building a blacklist to avoid dangerous characters like ‘and <script> tags. How could attackers bypass a blacklist that individually identified those characters?They can use a binary attack.They can use alternate encodings.They can use different characters with the same meaning.The characters could be used together to avoid the blacklist.

      80 The design of the application calls for client-side validation of input. What type of tool could an attacker use to bypass this?An XSS injectorA web proxyA JSON interpreterA SQL injector

      81 A member of Donna's security team suggests that output encoding should also be considered. What type of attack is the team member most likely attempting to prevent?Cross-site scriptingSQL injectionCross-site request forgeryAll of the above

      82 What type of access control system uses information like age, title, organization ID, or security clearance to grant privileges?RBACMACDACABAC

      83 Alex has deployed a new model of network connected Internet of Things (IoT) devices throughout his organization's facilities to track environmental data. The devices use a system on a chip (SOC) and Alex is concerned about potential attacks. What is the most likely exploit channel for SOCs in this environment?Physical attacksAttacks via an untrusted foundryAttacks against the operating system and softwareSide channel attacks

      84 Nathan downloads a BIOS update from Dell's website, and when he attempts to install it on the PC, he receives an error that the hash of the BIOS does not match the hash stored on Dell's servers. What type of protection is this?Full-disk encryptionFirmware protectionOperating system protectionNone of the above

      85 What practice is typical in a DevSecOps organization as part of a CI/CD pipeline?Automating some security gatesProgrammatic implementation of zero-day vulnerabilitiesUsing security practitioners to control the flow of the CI/CD pipelineRemoving security features from the IDE

      86 Naomi wants to validate files that are uploaded as part of her web application. Which of the following is not a common technique to help prevent malicious file uploads or denial of service attacks?Using input validation to ensure only allowed file extensionsUploading all files to a third-party virus scanning platform like VirusTotalChecking the size of uploaded files against a maximum allowed file sizeChecking zip files for their structure and path before unzipping them

      87 Valerie wants to prevent potential cross-site scripting attacks from being executed when previously entered information is displayed in user's browsers. What technique should she use to prevent this?A firewallA HIDSOutput encodingString randomization

      88 While developing a web application, Chris sets his session ID length to 128 bits based on OWASP's recommended session management standards. What reason would he have for needing such a long session ID?To avoid duplicationTo allow for a large group of usersTo prevent brute-forcingAll of the above

      89 Robert is reviewing a web application and the developers have offered four different responses to incorrect logins. Which of the following four responses is the most secure option?Login failed for user; invalid passwordLogin failed; invalid user ID or passwordLogin failed; invalid user IDLogin failed; account does not exist

      90 What technology is most commonly used to protect data in transit for modern web applications?VPNTLSSSLIPSec

      91 Nathan is reviewing PHP code for his organization and finds the following code in the application he is assessing. What technique is the developer using?$stmt = $dbh->prepare("INSERT INTO REGISTRY (var1, var2) VALUES (:var1, :var2)"); $stmt->bindParam(':var1', $var1); $stmt->bindParam(':var2', $var2);Dynamic bindingParameterized queriesVariable limitationNone of the above

      92 Which of the following components is not typically part of a service-oriented architecture?Service providerService guardianService brokerService consumer

      93 Which role in a SAML authentication flow validates the identity of the user?The SPThe IDPThe principalThe RP

      94 Anja is assessing the security of a SOAP-based web service implementation. Which of the following web service security requirements should she recommend to reduce the likelihood of a successful man-in-the-middle attack?Use TLS.Use XML input validation.Use XML output validation.Virus-scan files received by web service.

      95 Which of the following components are not part of a typical SOAP message?The envelopeThe headerThe stampThe body

      96 Alice wants to ensure proper access control for a public REST service. What option is best suited to help ensure that the service will not suffer from excessive use?Restricting HTTP methodsUsing JSON web tokensUsing API keysUsing HTTPS

      97 How are requests in REST-based web services typically structured?As XMLAs a URLAs a SQL queryAs a SOAP statement

      98 While reviewing the code for a Docker-based microservice, Erik discovers the following code:echo "pidfile = /run/example.pid">> /etc/example.conf && \ echo "logfile = /data/logs/example.log">> /etc/example.conf && \ echo "loglevel = debug">> /etc/example.conf && \ echo "port = : 5159">> /etc/example.conf && \ echo "username = svc">> /etc/example.conf && \ echo "password = secure">> /etc/example.conf && \What has he found?A misconfigured microserviceHard-coded credentialsImproperly configured log filesA prohibited port

      99 What type of access is typically required to compromise a physically isolated and air-gapped system?Wired network accessPhysical accessWireless network accessNone of the above, because an isolated, air-gapped system cannot be accessed

      100 The organization that Allan works for wants to securely store digital keys for their enterprise security certificates. What type of device should they select to help manage and protect their keys?A hardware tokenA HSMA PEBKACA cigar box CA

      101 Charlene wants to provide an encrypted network connection for her users. She knows her users require a full network connection rather than application specific uses. What VPN technology should she choose?SSLTLSIPSecWPA2

      102 How are eFuses used to prevent firmware downgrades?If they are burned, the firmware cannot be changed.The number of fuses burned indicates the current firmware level, preventing old versions from being installed.eFuses must be reset before firmware can be downgraded, requiring administrative access.eFuses cannot be used to prevent firmware downgrades.

      103 Dev wants to use Secure Boot on a workstation. What technology must his workstation use to support Secure Boot?BIOSROMUEFITPM

      104 What requirements must be met for a trusted execution environment to exist?All trusted execution environment assets must have been installed and started securely.The trusted execution environment must be verified and certified by a third party.The trusted execution environment must be verified and approved by the end user.Only trusted components built into the operating system can be run in a trusted execution environment.

      105 What hardware feature do Apple devices use to manage keys in a secure way outside of the processor?A cryptographic bastionA Secure EnclaveA HSMA cryptolocker

      106 Which of the following is not a typical capability of processor security extensions?Data and instruction path integrity checksError detection for СКАЧАТЬ