CompTIA CySA+ Exam Simulator 4

Question 1 of 50

1. Question

Angela captured the following packets during a reconnaissance effort run by her organization’s red team. What type of information are they looking for?

Vulnerable web applications
SQL injection
Directory traversal attacks
Passwords

Question 2 of 50

2. Question

What operating system is most likely running on the server in this vulnerability scan report?

macOS
Windows
CentOS
RHEL

Question 3 of 50

3. Question

Zara is prioritizing vulnerability scans and would like to base the frequency of scanning on the information asset value. Which of the following criteria would be most appropriate for her to use in this analysis?

Cost of hardware acquisition
Cost of hardware replacement
Types of information processed
Depreciated hardware cost

Question 4 of 50

4. Question

Which sources are most commonly used to gather information about technologies a target organization uses during intelligence gathering?

OSINT searches of support forums and social engineering
Port scanning and social engineering
Social media review and document metadata
Social engineering and document metadata

Question 5 of 50

5. Question

Harold is preparing to correct the vulnerability. What service should he inspect to identify the issue?

SSH
HTTPS
RDP
SFTP

Question 6 of 50

6. Question

Laura is working to upgrade her organization’s vulnerability management program. She would like to add technology that is capable of retrieving the configurations of systems, even when they are highly secured. Many systems use local authentication, and she wants to avoid the burden of maintaining accounts on all of those systems. What technology should Laura consider to meet her requirement?

Credentialed scanning
Uncredentialed scanning
Server-based scanning
Agent-based scanning

Question 7 of 50

7. Question

Sarah has been asked to assess the technical impact of suspected reconnaissance performed against her organization. She is informed that a reliable source has discovered that a third party has been performing reconnaissance by querying WHOIS data. How should Sarah categorize the technical impact of this type of reconnaissance?

High
Medium
Low
She cannot determine this from the information given.

Question 8 of 50

8. Question

Harold would like to secure the service affected by this vulnerability. Which one of the following protocols/versions would be an acceptable way to resolve the issue?

SSL v2.0
SSL v3.0
TLS v1.0
None of the above

Question 9 of 50

9. Question

Javier discovered the vulnerability shown here in a system on his network. He is unsure what system component is affected. What type of service is causing this vulnerability?

Backup service
Database service
File sharing
Web service

Question 10 of 50

10. Question

Rick is reviewing flows of a system on his network and discovers the following flow logs. What is the system doing?
ICMP "Echo request" Date flow start Duration Proto Src IP Addr:Port->Dst IP Addr:Port Packets Bytes Flows 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.6:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.7:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.7:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.8:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.8:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.9:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.9:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.10:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.10:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:11.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.11:0->10.1.1.1:0.0 11 924 1

A port scan
A failed three-way handshake
A ping sweep
A traceroute

Question 11 of 50

11. Question

Seth found the vulnerability shown here in one of the systems on his network. What component requires a patch to correct this issue?

Operating system
VPN concentrator
Network router or switch
Hypervisor

Question 12 of 50

12. Question

Alicia runs a vulnerability scan of a server being prepared for production and finds the vulnerability shown here. Which one of the following actions is least likely to reduce this risk?

Block all connections on port 22.
Upgrade OpenSSH.
Disable AES-GCM in the server configuration
Install a network IPS in front of the server.

Question 13 of 50

13. Question

Ryan’s passive reconnaissance efforts resulted in the following packet capture. Which of the following statements cannot be verified based on the packet capture shown for the host with IP address 10.0.2.4?

The host does not have a DNS entry
It is running a service on port 139.
It is running a service on port 445.
It is a Windows system.

Question 14 of 50

14. Question

Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server?

Reconfigure cipher support
Apply Window security patches
Obtain a new SSL certificate.
Enhance account security policies

Question 15 of 50

15. Question

After scanning his organization’s email server, Singh discovered the vulnerability shown here. What is the most effective response that Singh can take in this situation?

Upgrade to the most recent version of Microsoft Exchange.
Upgrade to the most recent version of Microsoft Windows.
Implement the use of strong encryption.
No action is required.

Question 16 of 50

16. Question

Stacey encountered a system that shows as “filtered” and “firewalled” during an nmap scan. Which of the following techniques should she not consider as she is planning her next scan?

Packet fragmentation
Spoofing the source address
Using decoy scans
Spoofing the destination address

Question 17 of 50

17. Question

The presence of ____________ triggers specific vulnerability scanning requirements based on law or regulation.

Credit card information
Protected health information
Personally identifiable information
Trade secret information

Question 18 of 50

18. Question

A SQL injection exploit typically gains access to a database by exploiting a vulnerability in a(n)__________.

Operating system
Web application
Database server
Firewall

Question 19 of 50

19. Question

When Casey scanned a network host, she received the results shown here. What does she know based on the scan results?

The device is a Cisco device
The device is running CentO.
The device was built by IBM
None of the above.

Question 20 of 50

20. Question

Kim is preparing to deploy a new vulnerability scanner and wants to ensure that she can get the most accurate view of configuration issues on laptops belonging to traveling salespeople. Which technology will work best in this situation?

Agent-based scanning
Server-based scanning
Passive network monitoring
Non credentialed scanning

Question 21 of 50

21. Question

What priority should Stella place on remediating this vulnerability?

Stella should make this vulnerability one of her highest priorities.
Stella should remediate this vulnerability within the next several weeks
Stella should remediate this vulnerability within the next several months.
Stella does not need to assign any priority to remediating this vulnerability

Question 22 of 50

22. Question

Ryan will not be able to correct the vulnerability for several days. In the meantime, he would like to configure his intrusion prevention system to watch for issues related to this vulnerability. Which one of the following protocols would an attacker use to exploit this vulnerability?

SSH
HTTPS
FTP
RDP

Question 23 of 50

23. Question

Fred conducts an SNMP sweep of a target organization and receives no-response replies from multiple addresses that he believes belong to active hosts. What does this mean?

The machines are unreachable.
The machines are not running SNMP servers.
The community string he used is invalid.
Any or all of the above may be true.

Question 24 of 50

24. Question

Carla runs a vulnerability scan of a new appliance that engineers are planning to place on her organization’s network and finds the results shown here. Of the actions listed, which would correct the highest criticality vulnerability?

Block the use of TLS v1.0
Replace the expired SSL certificate.
Remove the load balancer.
Correct the information leakage vulnerability.

Question 25 of 50

25. Question

What operating system is most likely running on the server in this vulnerability scan report?

macOS
Windows
CentOS
RHEL

Question 26 of 50

26. Question

Which one of the following actions could Ryan take to remediate the underlying issue without disrupting business activity?

Disable the IIS service.
Apply a security patch.
Modify the web application
Apply IPS rules.

Question 27 of 50

27. Question

Angela wants to gather detailed information about the hosts on a network passively. If she has access to a Wireshark PCAP file from the network, which of the following tools can she use to provide automated analysis of the file?

Ettercap
Network Miner
Sharkbait
Dradis

Question 28 of 50

28. Question

In what type of attack does the adversary leverage a position on a guest operating system to gain access to hardware resources assigned to other operating systems running in the same hardware environment?

Buffer overflow
Directory traversal
VM escape
Cross-site scripting

Question 29 of 50

29. Question

What is the best way that Stella can correct this vulnerability?

Deploy an intrusion prevention system.
Apply one or more application patches
Apply one or more operating system patches.
Disable the service.

Question 30 of 50

30. Question

While performing reconnaissance of an organization’s network, Angela discovers that web.organization.com, www.organization.com, and documents. organization. com all point to the same host. What type of DNS record allows this?

A CNAME
An MX record
An SPF record
An SOA record

Question 31 of 50

31. Question

Sadiq is responsible for the security of a network used to control systems within his organization’s manufacturing plant. The network connects manufacturing equipment, sensors, and controllers. He runs a vulnerability scan on this network and discovers that several of the controllers are running very out-of-date firmware that introduces security issues. The manufacturer of the controllers is out of business. What action can Sadiq take to best remediate this vulnerability in an efficient manner?

Develop a firmware update internally and apply it to the controllers.
Post on an Internet message board seeking other organizations that have developed a patch.
Ensure that the ICS is on an isolated network.
Use an intrusion prevention system on the ICS network.

Question 32 of 50

32. Question

Harry is developing a vulnerability scanning program for a large network of sensors used by his organization to monitor a transcontinental gas pipeline. What term is commonly used to describe this type of sensor network?

WLAN
VPN
P2P
SCADA

Question 33 of 50

33. Question

Aidan operates the point-of-sale network for a company that accepts credit cards and is thus required to be compliant with PCI DSS. During his regular assessment of the pointof-sale terminals, he discovers that a recent Windows operating system vulnerability exists on all of them. Since they are all embedded systems that require a manufacturer update, he knows that he cannot install the available patch. What is Aidan’s best option to stay compliant with PCI DSS and protect his vulnerable systems?

Replace the Windows embedded point-of-sale terminals with standard Windows systems.
Build a custom operating system image that includes the patch.
Identify, implement, and document compensating controls
Remove the POS terminals from the network until the vendor releases a patch.

Question 34 of 50

34. Question

Vic scanned a Windows server used in his organization and found the result shown here. The server is on an internal network with access limited to IT staff and is not part of a domain. How urgently should Vic remediate this vulnerability?

Vic should drop everything and remediate this vulnerability immediately
While Vic does not need to drop everything, this vulnerability requires urgent attention and should be addressed quickly.
This is a moderate vulnerability that can be scheduled for remediation at a convenient time
This vulnerability is informational in nature and may be left in place.

Question 35 of 50

35. Question

This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was announced by a software manufacturer yesterday afternoon. The scanner did not detect the vulnerability although Eric knows that at least two of his servers should have the issue. Eric contacted the vulnerability scanning vendor, who assured him that they released a signature for the vulnerability overnight. What should Eric do as a next step?

Check the affected servers to verify a false positive.
Check the affected servers to verify a false negative.
Report a bug to the vendor
Update the vulnerability signatures.

Question 36 of 50

36. Question

What occurs when Mia uses the following command to perform an nmap scan of a network?
nmap -sP 192.168.2.0/24

A secure port scan of all hosts in the 192.168.0.0 to 192.168.2.255 network range
A scan of all hosts that respond to ping in the 192.168.0.0 to 192.168.255.255 network range
A scan of all hosts that respond to ping in the 192.168.2.0 to 192.168.2.255 network range
A SYN-based port scan of all hosts in the 192.168.2.0 to 192.168.2.255 network range

Question 37 of 50

37. Question

Rob’s manager recently asked him for an overview of any critical security issues that exist on his network. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?

Technical Report
High Severity Report
Qualys Patch Report
Unknown Device Report

Question 38 of 50

38. Question

Natalie ran a vulnerability scan of a web application recently deployed by her organization, and the scan result reported a blind SQL injection. She reported the vulnerability to the developers, who scoured the application and made a few modifications but did not see any evidence that this attack was possible. Natalie reran the scan and received the same result. The developers are now insisting that their code is secure. What is the most likely scenario?

The result is a false positive.
The code is deficient and requires correction.
The vulnerability is in a different web application running on the same server.
Natalie is misreading the scan report.

Question 39 of 50

39. Question

Amir’s remote scans of a target organization’s class C network block using nmap (nmap -sS 10.0.10.1/24) show only a single web server. If Amir needs to gather additional reconnaissance information about the organization’s network, which of the following scanning techniques is most likely to provide additional detail?

Use a UDP scan.
Perform a scan from on-site.
Scan using the -p 1-65535 flag.
Use nmap’s IPS evasion techniques.

Question 40 of 50

40. Question

Wendy is the security administrator for a membership association that is planning to launch an online store. As part of this launch, she will become responsible for ensuring that the website and associated systems are compliant with all relevant standards. What regulatory regime specifically covers credit card information?

PCI DSS
FERPA
HIPAA
SOX

Question 41 of 50

41. Question

Kasun discovers a missing Windows security patch during a vulnerability scan of a server in his organization’s data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?

To the virtualized system
The patch is not necessary
To the domain controller
To the virtualization platform

Question 42 of 50

42. Question

Damian wants to limit the ability of attackers to conduct passive fingerprinting exercises on his network. Which of the following practices will help to mitigate this risk?

Implement an IPS.
Implement a firewall.
Disable promiscuous mode for NICs.
Enable promiscuous mode for NICs.

Question 43 of 50

43. Question

During a port scan of a server, Miguel discovered that the following ports are open on the internal network:

■ TCP port 25
■ TCP port 80
■ TCP port 110
■ TCP port 443
■ TCP port 1433
■ TCP port 3389
The scan results provide evidence that a variety of services are running on this server. Which one of the following services is not indicated by the scan results?

Web
Database
SSH
RDP

Question 44 of 50

44. Question

Joaquin is frustrated at the high level of false positive reports produced by his vulnerability scans and is contemplating a series of actions designed to reduce the false positive rate. Which one of the following actions is least likely to have the desired effect?

Moving to credentialed scanning
Moving to agent-based scanning
Integrating asset information into the scan
Increasing the sensitivity of scans

Question 45 of 50

45. Question

Wang submits a suspected malware file to malwr.com and receives the following information about its behavior. What type of tool is malwr.com?

A reverse-engineering tool
A static analysis sandbox
A dynamic analysis sandbox
A de compiler sandbox

Question 46 of 50

46. Question

Nina is a software developer and she receives a report from her company’s cybersecurity team that a vulnerability scan detected a SQL injection vulnerability in one of her applications. She examines her code and makes a modification in a test environment that she believes corrects the issue. What should she do next?

Deploy the code to production immediately to resolve the vulnerability
Request a scan of the test environment to confirm that the issue is corrected.
Mark the vulnerability as resolved and close the ticket.
Hire a consultant to perform a penetration test to confirm that the vulnerability is resolved.

Question 47 of 50

47. Question

Joe is conducting a network vulnerability scan against his datacenter and receives reports from system administrators that the scans are slowing down their systems. There are no network connectivity issues, only performance problems on individual hosts. He looks at the scan settings shown here. Which setting would be most likely to correct the problem?

Scan IP addresses in a random order
Network timeout (in seconds)
Max simultaneous checks per host
Max simultaneous hosts per scan

Question 48 of 50

48. Question

As part of his active reconnaissance activities, Frank is provided with a shell account accessible via SSH. If Frank wants to run a default nmap scan on the network behind the firewall shown here, how can he accomplish this?

ssh -t 192.168.34.11 nmap 192.168.34.0/24
ssh -R 8080:192.168.34.11:8080 [remote account:remote password]
ssh -proxy 192.168.11 [remote account:remote password]
Frank cannot scan multiple ports with a single ssh command.

Question 49 of 50

49. Question

George recently ran a port scan on a network device used by his organization. Which one of the following open ports represents the most significant possible security vulnerability?

22
23
161
443

Question 50 of 50

50. Question

Isidora runs a vulnerability scan of the management interface for her organization’s DNS service. She receives the vulnerability report shown here. What should be Isidora’s next action?

Disable the use of cookies on this service.
Request that the vendor rewrite the interface to avoid this vulnerability.
Investigate the contents of the cookie.
Shut down the DNS service.

CompTIA CySA+ CS0-003 All-in-one Practice Test Questions

Quiz Summary

Information

Results