CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailorthose controls to the system?
A) Implement
B) Categorize
C) Access
D) Select
2. An analyst has initiated an assessment of an organizations security posture. As a part of this review, the analyst would like to determine how much informationabout the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)(Select 2answers)
A) Intranet portal reviews
B) Sourcing social network sites
C) Fingerprinting
D) Internet searches
E) DNS query log reviews
F) Banner grabbing
3. A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt tocause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should thisoccur? (Select two.)(Select 2answers)
A) Planning phase
B) Behavior modeling
C) Fuzzing
D) Prototyping phase
E) Static code analysis
F) Requirements phase
4. A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memoryutilization, and outbound network traffic are consuming the laptop resources. Which of the following is the BEST course of actions to resolve the problem?
A) Identify and remove malicious processes.
B) Ensure the laptop OS is properly patched.
C) Increase laptop memory.
D) Disable scheduled tasks.
E) Suspend virus scan.
5. Scan results identify critical Apache vulnerabilities on a companys web servers. A security analyst believes many of these results are false positives because theweb environment mostly consists of Windows servers.Which of the following is the BEST method of verifying the scan results?
A) Perform a top-ports scan against the identified servers.
B) Run a service discovery scan on the identified servers.
C) Refer to the identified servers in the asset inventory.
D) Review logs of each host in the SIEM.
A) Implement
B) Categorize
C) Access
D) Select
2. An analyst has initiated an assessment of an organizations security posture. As a part of this review, the analyst would like to determine how much informationabout the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)(Select 2answers)
A) Intranet portal reviews
B) Sourcing social network sites
C) Fingerprinting
D) Internet searches
E) DNS query log reviews
F) Banner grabbing
3. A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt tocause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should thisoccur? (Select two.)(Select 2answers)
A) Planning phase
B) Behavior modeling
C) Fuzzing
D) Prototyping phase
E) Static code analysis
F) Requirements phase
4. A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memoryutilization, and outbound network traffic are consuming the laptop resources. Which of the following is the BEST course of actions to resolve the problem?
A) Identify and remove malicious processes.
B) Ensure the laptop OS is properly patched.
C) Increase laptop memory.
D) Disable scheduled tasks.
E) Suspend virus scan.
5. Scan results identify critical Apache vulnerabilities on a companys web servers. A security analyst believes many of these results are false positives because theweb environment mostly consists of Windows servers.Which of the following is the BEST method of verifying the scan results?
A) Perform a top-ports scan against the identified servers.
B) Run a service discovery scan on the identified servers.
C) Refer to the identified servers in the asset inventory.
D) Review logs of each host in the SIEM.
1. Right Answer: D
Explanation:
2. Right Answer: B,C
Explanation:
3. Right Answer: C,D
Explanation: Reference: http://www.brighthub.com/computing/smb-security/articles/9956.aspx
4. Right Answer: A
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: B,C
Explanation:
3. Right Answer: C,D
Explanation: Reference: http://www.brighthub.com/computing/smb-security/articles/9956.aspx
4. Right Answer: A
Explanation:
5. Right Answer: B
Explanation:
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
