CySA+ Exam Questions 2 with Complete Solutions

CySA+ Exam Questions 2 with Complete Solutions A penetration tester is conducting an assessment of a wireless network that is secure using WPA2 Enterprise encryption. Which of the following are major differences betwe ...

CySA+ Exam Questions 2 with Complete Solutions A penetration tester is conducting an assessment of a wireless network that is secure using WPA2 Enterprise encryption. Which of the following are major differences between conducting reconnaissance of a wireless network versus a wired network? (SELECT TWO) Encryption Network access control Port security Authentication -Answer- Encryption (Most wireless networks utilize end-to-end encryption, whereas wired networks do not. Physical accessibility is another major difference between wireless and wired networks since wireless networks can be accessed from a distance using powerful antennas. Authentication, MAC filtering, and network access control (NAC) can be implemented equally on both wired and wireless networks. Port security is only applicable to wired networks.) You have been asked to review the SIEM event logs for suspected APT activity. You have been given several indicators of compromise, such as a list of domain names and IP addresses. What is the BEST action to take in order to analyze the suspected APT activity? Use the IP addresses to search through the event logs Analyze the trends of the events while manually reviewing them to see if any indicators match Create an advanced query that includes all of the indicators and review any matches Scan for vulnerabilities with exploits known to previously have been used by an APT -Answer- Analyze the trends of the events while manually reviewing them to see if any indicators match (You should begin by analyzing the trends of the events while manually reviewing each of them to determine if any of the indicators match. If you only searched through the event logs using the IP addresses, this would not be sufficient as many APTs hide their activity by compromising and using legitimate networks and their IP addresses. If you only use the IP addresses to search the event logs, you would miss any events that correlated only to the domain names. If you create an advanced query will all of the indicators, your search of the event logs will find nothing because no single event will include all of these IPs and domain names. Finally, while scanning for vulnerabilities known to have been used by the APTs is a good practice, it would only be effective in determining how to stop future attacks from occurring, not for determining whether or not an attack has already occurred.) Which of the following programs was designed to secure the manufacturing infrastructure for information technology vendors providing hardware to the military? Trusted Foundry (RF) Supplies Assured (SA) Supply Secure (SS) Trusted Access Program (TAP) -Answer- Trusted Foundry (RF) (The Trusted Foundry program, also called the trusted suppliers program, is a United States Department of Defense program designed to secure the manufacturing infrastructure for information technology vendors providing hardware to the military. Trusted Foundry was created to provide a chain of custody for classified/unclassified integrated circuits, ensure there is no reasonable threat related to supply disruption, prevent intentional/unintentional modification of integrated circuits, and protect integrated circuits from reverse engineering and vulnerability testing.) A penetration tester has been hired to conduct an assessment, but the company wants to exclude social engineering from the list of authorized activities. Which of the following documents would include this limitation? Acceptable use policy Service level agreement Rules of engagement Memorandum of understanding -Answer- Rules of engagement (While the network scope given in the contract documents will define what will be tested, the rules of engagement defines how that testing is to occur. Rules of engagement can state things like no social engineering is allowed, no external website scanning, etc. A memorandum of understanding (MOU) is a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money. A service level agreement contains the operating procedures and standards for a service contract. An acceptable use policy is a policy that governs employees' use of company equipment and Internet services.) Which of the following vulnerabilities is the greatest threat to data confidentiality? HTTP TRACE/TRACK methods enabled SSL Server with SSLv3 enabled vulnerability phpinfo information disclosure vulnerability Web application SQL injection vulnerability -Answer- Web application SQL injection vulnerability (Each vulnerability mentioned poses a significant risk, but the greatest threat comes from the SQL injection. An SQL injection could allow an attacker to retrieve our data from the backend database directly. Using this technique, the attacker could also alter the data and put it back, and nobody would notice everything that had been changed, thereby also affecting our data integrity. The HTTP TRACE/TRACK methods are normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes and allow the attacker to gain access to sensitive information in the HTTP headers. Since this only exposes information in the headers, it minimizes the risk to our system's data confidentiality. An SSL server with SSLv3 enabled is not ideal since this is an older encryption type, but it still provides some level of confidentiality. The phpinfo information disclosure vulnerability prints out detailed information on both the system and the PHP configuration. This information by itself doesn't disclose any information about the data stored within the system, though, so it isn't a great threat to our data's confidentiality.)