CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. You have recently suffered some network attacks and would like to discover what services are available on the computers in your network. Which of the following assessment tools would be most appropriate for this?
A) protocol analyzer
B) port scanner
C) fuzzer
D) password cracker
2. As a security analyst for your organization, you have implemented several new security controls. Management requeststhat you analyze the availability of several devices and provide them with the appropriate metrics. Which metrics should youprovide?
A) ROI and TCO
B) MTTR and MTBF
C) WRT and RPO
D) baselines and benchmarks
3. Which of the following is not a safe computing practice?
A) Enable autorun.
B) Perform daily scans.
C) Keep anti-malware applications current.
D) Don - t click on email links or attachments.
4. Which of the following cloud approaches offers the maximum control over company data?
A) public
B) composite
C) hybrid
D) private
5. In what type of web attack does the website think that a request came from the user - s browser and was made by the user himself, when actually the request was planted in the user - s browser?
A) CSRF
B) click-jacking
C) XSS
D) insecure direct object references
A) protocol analyzer
B) port scanner
C) fuzzer
D) password cracker
2. As a security analyst for your organization, you have implemented several new security controls. Management requeststhat you analyze the availability of several devices and provide them with the appropriate metrics. Which metrics should youprovide?
A) ROI and TCO
B) MTTR and MTBF
C) WRT and RPO
D) baselines and benchmarks
3. Which of the following is not a safe computing practice?
A) Enable autorun.
B) Perform daily scans.
C) Keep anti-malware applications current.
D) Don - t click on email links or attachments.
4. Which of the following cloud approaches offers the maximum control over company data?
A) public
B) composite
C) hybrid
D) private
5. In what type of web attack does the website think that a request came from the user - s browser and was made by the user himself, when actually the request was planted in the user - s browser?
A) CSRF
B) click-jacking
C) XSS
D) insecure direct object references
1. Right Answer: B
Explanation: Port scanners can be used to scan a network for open ports. Open ports indicate services that may be running and listening on a device that may be susceptible to being used for an attack. These tools basically ping every address and port number combination and keep track of which ports are open on each device as the pings are answered by open ports with listening services and not answered by closed ports.
2. Right Answer: B
Explanation: You should provide mean time to repair (MTTR) and mean time between failures (MTBF) to provide management with metrics regarding availability.
3. Right Answer: A
Explanation: Autorun should be disabled.
4. Right Answer: D
Explanation: There is a trade-off when a decision must be made between the two architectures. A private solution provides the most control over the safety of your data but also requires staff and knowledge to deploy, manage, and secure the solution.
5. Right Answer: A
Explanation: Cross-Site Request Forgery (CSRF) is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website s trust of the browser rather than the other way around. The website thinks that the request came from the user s browser and is made by the user when actually the request was planted in the user s browser.
Explanation: Port scanners can be used to scan a network for open ports. Open ports indicate services that may be running and listening on a device that may be susceptible to being used for an attack. These tools basically ping every address and port number combination and keep track of which ports are open on each device as the pings are answered by open ports with listening services and not answered by closed ports.
2. Right Answer: B
Explanation: You should provide mean time to repair (MTTR) and mean time between failures (MTBF) to provide management with metrics regarding availability.
3. Right Answer: A
Explanation: Autorun should be disabled.
4. Right Answer: D
Explanation: There is a trade-off when a decision must be made between the two architectures. A private solution provides the most control over the safety of your data but also requires staff and knowledge to deploy, manage, and secure the solution.
5. Right Answer: A
Explanation: Cross-Site Request Forgery (CSRF) is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website s trust of the browser rather than the other way around. The website thinks that the request came from the user s browser and is made by the user when actually the request was planted in the user s browser.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
