CompTIA CySA+ Practice Tests. Mike Chapple
Читать онлайн книгу.
developing a web application, Chris sets his session ID length to 128 bits based on OWASP's recommended session management standards. What reason would he have for needing such a long session ID?To avoid duplicationTo allow for a large group of usersTo prevent brute-forcingAll of the above
89 Robert is reviewing a web application and the developers have offered four different responses to incorrect logins. Which of the following four responses is the most secure option?Login failed for user; invalid passwordLogin failed; invalid user ID or passwordLogin failed; invalid user IDLogin failed; account does not exist
90 What technology is most commonly used to protect data in transit for modern web applications?VPNTLSSSLIPSec
91 Nathan is reviewing PHP code for his organization and finds the following code in the application he is assessing. What technique is the developer using?$stmt = $dbh->prepare("INSERT INTO REGISTRY (var1, var2) VALUES (:var1, :var2)"); $stmt->bindParam(':var1', $var1); $stmt->bindParam(':var2', $var2);Dynamic bindingParameterized queriesVariable limitationNone of the above
92 Which of the following components is not typically part of a service-oriented architecture?Service providerService guardianService brokerService consumer
93 Which role in a SAML authentication flow validates the identity of the user?The SPThe IDPThe principalThe RP
94 Anja is assessing the security of a SOAP-based web service implementation. Which of the following web service security requirements should she recommend to reduce the likelihood of a successful man-in-the-middle attack?Use TLS.Use XML input validation.Use XML output validation.Virus-scan files received by web service.
95 Which of the following components are not part of a typical SOAP message?The envelopeThe headerThe stampThe body
96 Alice wants to ensure proper access control for a public REST service. What option is best suited to help ensure that the service will not suffer from excessive use?Restricting HTTP methodsUsing JSON web tokensUsing API keysUsing HTTPS
97 How are requests in REST-based web services typically structured?As XMLAs a URLAs a SQL queryAs a SOAP statement
98 While reviewing the code for a Docker-based microservice, Erik discovers the following code:echo "pidfile = /run/example.pid">> /etc/example.conf && \ echo "logfile = /data/logs/example.log">> /etc/example.conf && \ echo "loglevel = debug">> /etc/example.conf && \ echo "port = : 5159">> /etc/example.conf && \ echo "username = svc">> /etc/example.conf && \ echo "password = secure">> /etc/example.conf && \What has he found?A misconfigured microserviceHard-coded credentialsImproperly configured log filesA prohibited port
99 What type of access is typically required to compromise a physically isolated and air-gapped system?Wired network accessPhysical accessWireless network accessNone of the above, because an isolated, air-gapped system cannot be accessed
100 The organization that Allan works for wants to securely store digital keys for their enterprise security certificates. What type of device should they select to help manage and protect their keys?A hardware tokenA HSMA PEBKACA cigar box CA
101 Charlene wants to provide an encrypted network connection for her users. She knows her users require a full network connection rather than application specific uses. What VPN technology should she choose?SSLTLSIPSecWPA2
102 How are eFuses used to prevent firmware downgrades?If they are burned, the firmware cannot be changed.The number of fuses burned indicates the current firmware level, preventing old versions from being installed.eFuses must be reset before firmware can be downgraded, requiring administrative access.eFuses cannot be used to prevent firmware downgrades.
103 Dev wants to use Secure Boot on a workstation. What technology must his workstation use to support Secure Boot?BIOSROMUEFITPM
104 What requirements must be met for a trusted execution environment to exist?All trusted execution environment assets must have been installed and started securely.The trusted execution environment must be verified and certified by a third party.The trusted execution environment must be verified and approved by the end user.Only trusted components built into the operating system can be run in a trusted execution environment.
105 What hardware feature do Apple devices use to manage keys in a secure way outside of the processor?A cryptographic bastionA Secure EnclaveA HSMA cryptolocker
106 Which of the following is not a typical capability of processor security extensions?Data and instruction path integrity checksError detection for memory and registersStack bounds checkingSecure register wiping capabilities
107 What concept describes a security process that ensures that another process or device cannot perform read or write operations on memory while an operation is occurring?Nonblocking memoryMemory coherenceAtomic executionTrusted executionUse the following scenario to answer questions 108–111.Tom connects to a website using the Chrome web browser. The site uses TLS encryption and presents the digital certificate shown here.
108 Who created the digital signature shown in the last line of this digital certificate?Starfield ServicesAmazonnd.eduRSA
109 Which one of the following websites would not be covered by this certificate?nd.eduwww.nd.eduwww.business.nd.eduAll of these sites would be covered by the certificate.
110 What encryption key does the certificate contain?The website's public keyThe website's private keyTom's public keyTom's private key
111 After Tom initiates a connection to the website, what key is used to encrypt future communications from the web server to Tom?The website's public keyThe website's private keyTom's public keyThe session key
112 Holographic stickers are a common tool used for what type of security practice?Anti-tamperAnti-theftAsset managementAsset tracking
113 Olivia has been tasked with identifying a solution that will prevent the exposure of data on a drive if the drive itself is stolen. What type of technology should she recommend?MFASEDP2PEeSATA
114 Amanda's organization wants to ensure that user awareness, documentation, and other tasks are accomplished and tracked as new infrastructure is added and modified. What type of tool should they acquire?A project management toolAn IDEA change management toolA ticketing tool
115 Christina wants to check the firmware she has been provided to ensure that it is the same firmware that the manufacturer provides. What process should she follow to validate that the firmware is trusted firmware?Download the same file from the manufacturer and compare file size.Compare a hash of the file to a hash provided by the manufacturer.Run strings against the firmware to find any evidence of tempering.Submit the firmware to a malware scanning site to verify that it does not contain malware.
116 Amanda's organization uses an air-gap design to protect the HSM device that stores their root encryption certificate. How will Amanda need to access the device if she wants to generate a new certificate?Wirelessly from her laptopOver the wired network from her PCFrom a system on the air-gapped networkAmanda cannot access the device without physical access to it
117 What is the key difference between a secured boot chain and a measured boot chain?A secured boot chain depends on a root of trust.A measured boot chain computes the hash of the next object in the chain and stores it securely.A secured boot chain computes the hash of the next object in the chain and stores it securely.A measured boot chain depends on a root of trust.
118 Encrypted data transmission from a CPU to a GPU is an example of what type of technology?Secure EnclaveBus encryptionHardware security moduleSoftware security module
119 Which of the following parties directly communicate with the end user during a SAML transaction?The relying partyThe SAML identity providerBoth the relying party and the identity providerNeither the relying party nor the identity provider
120 What type of dedicated device is used in organizations that can generate keys, create and validate digital signatures, and provide cryptoprocessing to both encrypt and decrypt data?HSMsBGPsSSMsNone of the above
121 Saeed wants