CompTIA CySA+ Practice Tests. Mike Chapple
change its performance, routing, and optimization. Which of the following technologies is best suited to his needs?ServerlessSoftware-defined networkingPhysical networkingVirtual private networks (VPNs)
181 Elaine's team has deployed an application to a cloud-hosted serverless environment. Which of the following security tools can she use in that environment?Endpoint antivirusEndpoint DLPIDS for the serverless environmentNone of the above
182 Valerie is leading an effort that will use a formal Fagan inspection of code. Which phase in the Fagan inspection process includes finding actual defects?OverviewPreparationInspectionRework
183 Greg wants to prevent SQL injection in a web application he is responsible for. Which of the following is not a common defense against SQL injection?Prepared statements with parameterized queriesOutput validationStored proceduresEscaping all user-supplied input
184 While reviewing code that generates a SQL query, Aarav notices that the “address” field is appended to the query without input validation or other techniques applied. What type of attack is most likely to be successful against code like this?DoSXSSSQL injectionTeardrop
185 What type of assertion is made to an SP in a SAML authentication process?The user's passwordWho the user isWho the SP isWhat rights the user has
186 Megan wants to downgrade the firmware for a device she is working with, but when she attempts to do so, the device will not accept the older firmware. What type of hardware technology has she most likely encountered?A TPMA HSMeFuseA trusted foundry
187 Security screws are an example of what type of control?Anti-tamperDetectiveAnti-theftCorrective
188 What U.S. government program focuses on ensuring that integrated circuits have an assured chain of custody, a supply chain that can avoid disruption, and processes in place to protect chips from being modified or tampered with?Secure ForgeDMEATrusted foundryIC Protect
189 Michelle wants to acquire data from a self-encrypting drive. When is the data on the drive unencrypted and accessible?Data is unencrypted before the system boots.Data is unencrypted after the OS boots.Data is unencrypted only when it is read from the drive.Data is never unencrypted.
190 What term describes hardware security features built into a CPU?Atomic executionProcessor security extensionsProcessor control architectureTrusted execution
191 Angela wants to provide her users with a VPN service and does not want them to need to use client software. What type of VPN should she set up?IPsecAir gapVPCSSL/TLS
192 Lucca needs to explain the benefits of network segmentation to the leadership of his organization. Which of the following is not a common benefit of segmentation?Decreasing the attack surfaceIncreasing the number of systems in a network segmentLimiting the scope of regulatory compliance effortsIncreasing availability in the case of an issue or attack
193 Kubernetes and Docker are examples of what type of technology?EncryptionSoftware-defined networkingContainerizationServerless
194 Nathan is designing the logging infrastructure for his company and wants to ensure that a compromise of a system will not result in the loss of that system's logs. What should he do to protect the logs?Limit log access to administrators.Encrypt the logs.Rename the log files from their common name.Send the logs to a remote server.
195 After creating a new set of encryption keys for an SSH key, Allan inadvertently uploads them to GitHub as part the check-in process for software he is writing. What options does he have to fix this issue?He can modify the private key to fix the issue and then needs to re-upload it to GitHub.He needs to generate a keypair and replace it wherever it is in use.He needs to change the password for the keypair.He needs to modify the public key to fix the issue and then needs to re-upload it to GitHub.
196 What type of software testing most frequently happens during the development phase?Unit testingUser acceptance testingFuzzingStress testing
197 What are the four phases found in the spiral SDLC model?Design, User Story Identification, Build, and AnalysisIdentification, Design, Build, and EvaluationRequirement Gathering, Analysis, Design, and BuildUser Story Identification, User Story Design, User Co-Creation, and User Acceptance Testing
198 What is the primary concept behind DevSecOps versus DevOps?Development should occur before security operations.Device security is part of operations.Security should be part of the integrated application life cycle.Operations security requires developers to play the primary security role.Use the following diagram and scenario for questions 199–201.Amanda has been assigned to lead the development of a new web application for her organization. She is following a standard SDLC model as shown here. Use the model and your knowledge of the software development life cycle to answer the following questions.
199 Amanda's first task is to determine if there are alternative solutions that are more cost effective than in-house development. What phase is she in?DesignOperations and maintenanceFeasibilityAnalysis and requirements definition
200 What phase of the SDLC typically includes the first code analysis and unit testing in the process?Analysis and requirements definitionDesignCodingTesting and integration
201 After making it through most of the SDLC process, Amanda has reached point E on the diagram. What occurs at point E?DispositionTraining and transitionUnit testingTesting and integration
202 Ansel knows he wants to use federated identities in a project he is working on. Which of the following should not be among his choices for a federated identity protocol?OpenIDSAMLOAuthAuthman
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.