Название: CompTIA CySA+ Practice Tests
Автор: Mike Chapple
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119684046
isbn:
164 Charles is reviewing the certificate properties for the certificate for www.comptia.org and notices that the DNS name readsDNS name = *.comptia.org DNS name = comptia.orgWhat type of certificate is in use?A multidomain certificateA wildcard certificateA mismatched certificateAn invalid certificate
165 Alaina wants to implement a modern service-oriented architecture (SOA) that relies on HTTP-based commands, works well in limited bandwidth environments, and can handle multiple data formats beyond XML. What should she build her SOA in?SOAPWaterfallRESTCAVE
166 The OWASP Session Management Cheatsheet advises that session IDs are meaningless and recommends that they should be used only as an identifier on the client side. Why should a session ID not have additional information encoded in it like the IP address of the client, their username, or other information?Processing complex session IDs will slow down the service.Session IDs cannot contain this information for legal reasons.Session IDs are sent to multiple different users, which would result in a data breach.Session IDs could be decoded, resulting in data leakage.
167 Nia's honeynet shown here is configured to use a segment of unused network space that has no legitimate servers in it. What type of threats is this design particularly useful for detection?Zero-day attacksSQL injectionNetwork scansDDoS attacks
168 Bounds checking, removing special characters, and forcing strings to match a limited set of options are all examples of what web application security technique?SQL injection preventionInput validationXSS preventionFuzzing
169 Abigail is performing input validation against an input field and uses the following regular expression:^(AA|AE|AP|AL|AK|AS|AZ|AR|CA|CO|CT|DE|DC|FM|FL|GA|GU| HI|ID|IL|IN|IA|KS|KY|LA|ME|MH|MD|MA|MI|MN|MS|MO|MT|NE| NV|NH|NJ|NM|NY|NC|ND|MP|OH|OK|OR|PW|PA|PR|RI|SC|SD|TN| TX|UT|VT|VI|VA|WA|WV|WI|WY)$What is she checking with the regular expression?She is removing all typical special characters found in SQL injection.She is checking for all U.S. state names.She is removing all typical special characters for cross-site scripting attacks.She is checking for all U.S. state name abbreviations.
170 Adam is testing code written for a client-server application that handles financial information and notes that traffic is sent between the client and server via TCP port 80. What should he check next?If the server stores data in unencrypted formIf the traffic is unencryptedIf the systems are on the same networkIf usernames and passwords are sent as part of the traffic
171 Nick wants to prevent unauthorized firmware from being installed on devices that his organization manufacturers. What technique should he use to provide an effective security layer?Encrypted firmwareSigned firmwareBinary firmwareNone of the above
172 A web server and a web browser are examples of what type of platform?EmbeddedFirmwareClient-serverSOC
173 Lara has been assigned to assess likely issues with an embedded system used for building automation and control. Which of the following software assurance issues is least likely to be of concern for her organization?Lack of updates and difficulty deploying themLong life cycle for the embedded devicesAssumptions of network security where deployedUse of proprietary protocols
174 Lucca wants to prevent brute-force attacks from succeeding against a web application. Which of the following is not a commonly implemented solution to help reduce the effectiveness of brute-force attacks?Multifactor authenticationAccount lockoutsPassword reuseCAPTCHAs
175 Noam wants to ensure that he would know if the operating system, boot loader, and boot drivers of his PC were infected with malware. What type of boot process should he use to have it checked using a cryptographic hash?Manual boot hash comparisonSecure BootTPMbootsec
176 Jennifer uses an application to send randomized data to her application to determine how it responds to unexpected input. What type of tool is she using?A UAT toolA stress testing toolA fuzzerA regression testing tool
177 Isaac wants to securely handle passwords for his web application. Which of the following is not a common best practice for password storage?Use a dedicated password hash like bcrypt.Use a salt.Store passwords in an encrypted form.Set a reasonable work factor for your system.
178 Kristen wants to securely store passwords and knows that a modern password hashing algorithm is her best option. Which of the following should she choose?SHA-256bcryptMD5SHA-512
179 Liam wants to protect data at rest in an SaaS service. He knows that he needs to consider his requirements differently in his cloud environment than an on-premises environment. What option can he use to ensure that the data is encrypted when it is stored?Install a full-disk encryption tool.Install a column-level encryption.Select an SaaS service that supports encryption at rest.Hire an independent auditor to validate the encryption.
180 Faraj wants to use statistics gained from live analysis of his network to programmatically change its performance, routing, and optimization. Which of the following technologies is best suited to his needs?ServerlessSoftware-defined networkingPhysical networkingVirtual private networks (VPNs)
181 Elaine's team has deployed an application to a cloud-hosted serverless environment. Which of the following security tools can she use in that environment?Endpoint antivirusEndpoint DLPIDS for the serverless environmentNone of the above
182 Valerie is leading an effort that will use a formal Fagan inspection of code. Which phase in the Fagan inspection process includes finding actual defects?OverviewPreparationInspectionRework
183 Greg wants to prevent SQL injection in a web application he is responsible for. Which of the following is not a common defense against SQL injection?Prepared statements with parameterized queriesOutput validationStored proceduresEscaping all user-supplied input
184 While reviewing code that generates a SQL query, Aarav notices that the “address” field is appended to the query without input validation or other techniques applied. What type of attack is most likely to be successful against code like this?DoSXSSSQL injectionTeardrop
185 What type of assertion is made to an SP in a SAML authentication process?The user's passwordWho the user isWho the SP isWhat rights the user has
186 Megan wants to downgrade the firmware for a device she is working with, but when she attempts to do so, the device will not accept the older firmware. What type of hardware technology has she most likely encountered?A TPMA HSMeFuseA trusted foundry
187 Security screws are an example of what type of control?Anti-tamperDetectiveAnti-theftCorrective
188 What U.S. government program focuses on ensuring that integrated circuits have an assured chain of custody, a supply chain that can avoid disruption, and processes in place to protect chips from being modified or tampered with?Secure ForgeDMEATrusted foundryIC Protect
189 Michelle wants to acquire data from a self-encrypting drive. When is the data on the drive unencrypted and accessible?Data is unencrypted before the system boots.Data is unencrypted after the OS boots.Data is unencrypted only when it is read from the drive.Data is never unencrypted.
190 What term describes hardware security features built into a CPU?Atomic executionProcessor security extensionsProcessor control architectureTrusted execution
191 Angela wants to provide her users with a VPN service and does not want them to need to use client software. What type of VPN should she set up?IPsecAir gapVPCSSL/TLS
192 Lucca needs to explain the benefits of network segmentation to the leadership СКАЧАТЬ