CompTIA CySA+ Practice Tests. Mike Chapple

Читать онлайн книгу.

CompTIA CySA+ Practice Tests - Mike Chapple


Скачать книгу
change its performance, routing, and optimization. Which of the following technologies is best suited to his needs?ServerlessSoftware-defined networkingPhysical networkingVirtual private networks (VPNs)

      181 Elaine's team has deployed an application to a cloud-hosted serverless environment. Which of the following security tools can she use in that environment?Endpoint antivirusEndpoint DLPIDS for the serverless environmentNone of the above

      182 Valerie is leading an effort that will use a formal Fagan inspection of code. Which phase in the Fagan inspection process includes finding actual defects?OverviewPreparationInspectionRework

      183 Greg wants to prevent SQL injection in a web application he is responsible for. Which of the following is not a common defense against SQL injection?Prepared statements with parameterized queriesOutput validationStored proceduresEscaping all user-supplied input

      184 While reviewing code that generates a SQL query, Aarav notices that the “address” field is appended to the query without input validation or other techniques applied. What type of attack is most likely to be successful against code like this?DoSXSSSQL injectionTeardrop

      185 What type of assertion is made to an SP in a SAML authentication process?The user's passwordWho the user isWho the SP isWhat rights the user has

      186 Megan wants to downgrade the firmware for a device she is working with, but when she attempts to do so, the device will not accept the older firmware. What type of hardware technology has she most likely encountered?A TPMA HSMeFuseA trusted foundry

      187 Security screws are an example of what type of control?Anti-tamperDetectiveAnti-theftCorrective

      188 What U.S. government program focuses on ensuring that integrated circuits have an assured chain of custody, a supply chain that can avoid disruption, and processes in place to protect chips from being modified or tampered with?Secure ForgeDMEATrusted foundryIC Protect

      189 Michelle wants to acquire data from a self-encrypting drive. When is the data on the drive unencrypted and accessible?Data is unencrypted before the system boots.Data is unencrypted after the OS boots.Data is unencrypted only when it is read from the drive.Data is never unencrypted.

      190 What term describes hardware security features built into a CPU?Atomic executionProcessor security extensionsProcessor control architectureTrusted execution

      191 Angela wants to provide her users with a VPN service and does not want them to need to use client software. What type of VPN should she set up?IPsecAir gapVPCSSL/TLS

      192 Lucca needs to explain the benefits of network segmentation to the leadership of his organization. Which of the following is not a common benefit of segmentation?Decreasing the attack surfaceIncreasing the number of systems in a network segmentLimiting the scope of regulatory compliance effortsIncreasing availability in the case of an issue or attack

      193 Kubernetes and Docker are examples of what type of technology?EncryptionSoftware-defined networkingContainerizationServerless

      194 Nathan is designing the logging infrastructure for his company and wants to ensure that a compromise of a system will not result in the loss of that system's logs. What should he do to protect the logs?Limit log access to administrators.Encrypt the logs.Rename the log files from their common name.Send the logs to a remote server.

      195 After creating a new set of encryption keys for an SSH key, Allan inadvertently uploads them to GitHub as part the check-in process for software he is writing. What options does he have to fix this issue?He can modify the private key to fix the issue and then needs to re-upload it to GitHub.He needs to generate a keypair and replace it wherever it is in use.He needs to change the password for the keypair.He needs to modify the public key to fix the issue and then needs to re-upload it to GitHub.

      196 What type of software testing most frequently happens during the development phase?Unit testingUser acceptance testingFuzzingStress testing

      197 What are the four phases found in the spiral SDLC model?Design, User Story Identification, Build, and AnalysisIdentification, Design, Build, and EvaluationRequirement Gathering, Analysis, Design, and BuildUser Story Identification, User Story Design, User Co-Creation, and User Acceptance Testing

      198 What is the primary concept behind DevSecOps versus DevOps?Development should occur before security operations.Device security is part of operations.Security should be part of the integrated application life cycle.Operations security requires developers to play the primary security role.Use the following diagram and scenario for questions 199–201.Amanda has been assigned to lead the development of a new web application for her organization. She is following a standard SDLC model as shown here. Use the model and your knowledge of the software development life cycle to answer the following questions.

      199 Amanda's first task is to determine if there are alternative solutions that are more cost effective than in-house development. What phase is she in?DesignOperations and maintenanceFeasibilityAnalysis and requirements definition

      200 What phase of the SDLC typically includes the first code analysis and unit testing in the process?Analysis and requirements definitionDesignCodingTesting and integration

      201 After making it through most of the SDLC process, Amanda has reached point E on the diagram. What occurs at point E?DispositionTraining and transitionUnit testingTesting and integration

      202 Ansel knows he wants to use federated identities in a project he is working on. Which of the following should not be among his choices for a federated identity protocol?OpenIDSAMLOAuthAuthman

      Конец ознакомительного фрагмента.

      Текст предоставлен ООО «ЛитРес».

      Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.

      Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.

/9j/4AAQSkZJRgABAQEBLAEsAAD/7SZGUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAAccAgAAAgAA ADhCSU0EJQAAAAAAEOjxXPMvwRihontnrcVk1bo4QklNBDoAAAAAAOUAAAAQAAAAAQAAAAAAC3By aW50T3V0cHV0AAAABQAAAABQc3RTYm9vbAEAAAAASW50ZWVudW0AAAAASW50ZQAAAABJbWcgAAAA D3ByaW50U2l4dGVlbkJpdGJvb2wAAAAAC3ByaW50ZXJOYW1lVEVYVAAAAAEAAAAAAA9wcmludFBy b29mU2V0dXBPYmpjAAAADABQAHIAbwBvAGYAIABTAGUAdAB1AHAAAAAAAApwcm9vZlNldHVwAAAA AQAAAABCbHRuZW51bQAAAAxidWlsdGluUHJvb2YAAAAJcHJvb2ZDTVlLADhCSU0EOwAAAAACLQAA ABAAAAABAAAAAAAScHJpbnRPdXRwdXRPcHRpb25zAAAAFwAAAABDcHRuYm9vbAAAAAAAQ2xicmJv b2wAAAAAAFJnc01ib29sAAAAAABDcm5DYm9vbAAAAAAAQ250Q2Jvb2wAAAAAAExibHNib29sAAAA AABOZ3R2Ym9vbAAAAAAARW1sRGJvb2wAAAAAAEludHJib29sAAAAAABCY2tnT2JqYwAAAAEAAAAA AABSR0JDAAAAAwAAAABSZCAgZG91YkBv4AAAAAAAAAAAAEdybiBkb3ViQG/gAAAAAAAAAAAAQmwg IGRvdWJAb+AAAAAAAAAAAABCcmRUVW50RiNSbHQAAAAAAAAAAAAAAABCbGQgVW50RiNSbHQAAAAA AAAAAAAAAABSc2x0VW50RiNQeGxAcsAAAAAAAAAAAAp2ZWN0b3JEYXRhYm9vbAEAAAAAUGdQc2Vu dW0AAAAAUGdQcwAAAABQZ1BDAAAAAExlZnRVbnRGI1JsdAAAAAAAAAAAAAAAAFRvcCBVbnRGI1Js dAAAAAAAAAAAAAAAAFNjbCBVbnRGI1ByY0BZAAAAAAAAAAAAEGNyb3BXaGVuUHJpbnRpbmdib29s AAAAAA5jcm9wUmVjdEJvdHRvbWxvbmcAAAAAAAAADGNyb3BSZWN0TGVmdGxvbmcAAAAAAAAADWNy b3BSZWN0UmlnaHRsb25nAAAAAAAAAAtjcm9wUmVjdFRvcGxvbmcAAAAAADhCSU0D7QAAAAAAEAEs AAAAAQACASwAAAABAAI4QklNBCYAAAAAAA4AAAAAAAAAAAAAP4AAADhCSU0EDQAAAAAABAAAAB44 QklNBBkAAAAAAAQAAAAeOEJJTQPzAAAAAAAJAAAAAAAAAAABADhCSU0nEAAAAAAACgABAAAA

Скачать книгу