Domain 2
CompTIA CySA+ Vulnerability Management | Free Practice + Anki Flash Cards

Ref:📕CompTIA CySA+ Study Guide: Exam CS0-003 (Sybex Study Guide) 3rd Edition

CySA+ (CS0-003) – Domain 2 – Vulnerability Management

1 / 158

What are the two factors considered in the process of risk calculation?

A. The origin and target of the risk

B. The probability of risk occurrence and the magnitude of its impact

C. The duration and frequency of risk

D. The technical complexity and operational simplicity of the risk

2 / 158

What is a false positive error in the context of vulnerability scanning?

A. It is when a scanner reports a vulnerability that is actually present

B. It is when a scanner does not report a vulnerability that is actually present

C. It is when a scanner reports a vulnerability that is not actually present

D. It is when a scanner does not report a vulnerability that is not present

3 / 158

Which of the following is a technique that developers can use to protect their web applications against CSRF attacks?

A. Use secure tokens that the attacker would not know to embed in the links

B. Use XSS attacks to fight back against the attacker

C. Use SSRF attacks to counter the attacker

D. Allow users to be logged into many different websites at the same time

4 / 158

What does a vulnerability scan report when it detects security problems in network devices that need firmware updates?

A. It suggests the administrators to update the operating system

B. It updates the firmware of the network device automatically

C. It directs administrators to the vendor’s site where the firmware update is available for download

D. It sends an email to the vendor about the missing updates

5 / 158

What is the intended result of a data poisoning attack on a machine learning system?

A. To crash the system by overwhelming it with data

B. To create inaccurate models by manipulating the training datasets

C. To drain system resources by requiring the algorithm to analyze false data

D. To infiltrate the network through machine learning-based security systems

6 / 158

What does the Visa document titled ’What to Do If Compromised’ represent in the context of cybersecurity procedures?

A. A set of optional guidelines for merchants suspecting a credit card compromise

B. Public relations campaign for reassuring customers of Visa payment security

C. Mandatory process that Visa expects merchants to follow in case of a credit card compromise

D. General advice on how credit card companies should handle compromises

7 / 158

Why should administrators configure their vulnerability scanners to retrieve new plug-ins regularly, according to the text?

A. To ensure the scanner updates its software

B. To maintain the scanner’s efficiency

C. To match the frequency of new vulnerabilities being discovered by security researchers

D. To automate the scanning process

8 / 158

Which of the following secure coding best practices help to limit the impact of credential compromises?

A. Input validation

B. Data protection techniques

C. Secure session management

D. Authentication

9 / 158

Which of the following is the most common form of injection flaws in a web server?

A. JavaScript injection attack

B. CSS injection attack

C. HTML injection attack

D. SQL injection attack

10 / 158

What does the ISO 27001 standard from the International Organization for Standardization (ISO) describe?

A. A standard approach for setting up firewall defenses

B. A standard approach for setting up an information security management system

C. A detailed approach to information security controls

D. A process for becoming officially certified as compliant with ISO 27001

11 / 158

What is the purpose of the Common Vulnerability Scoring System (CVSS) within the Security Content Automation Protocol (SCAP)?

A. It provides a standard nomenclature for discussing system configuration issues

B. It provides a standard nomenclature for describing security-related software flaws

C. It provides a standardized approach for measuring and describing the severity of security-related software flaws

D. It specifies checklists and reporting checklist results

12 / 158

According to the quantitative risk assessment process, how is the single loss expectancy (SLE) calculated?

A. It is the amount of damage expected from a risk each year

B. It is calculated by multiplying the asset value by exposure factor

C. It is the expected number of times the risk is expected each year

D. It is calculated by multiplying the asset value by the annualized rate of occurrence (ARO)

13 / 158

What is the primary emphasis of the Spiral model as part of the Software Development Lifecycle (SDLC)?

A. The fast delivery of a proof of concept

B. The iterative redesign process

C. The risk assessment at different stages of development

D. The customer feedback and acceptance

14 / 158

Which phase of the Software Development Life Cycle (SDLC) offers the first opportunity to integrate security measures?

A. Testing phase

B. Development phase

C. Post-deployment phase

D. Requirements gathering and design phase

15 / 158

What is the purpose of Service Level Objectives (SLOs) in an organization that offers technology services to customers?

A. To set formal expectations for service availability, data preservation, and other key requirements

B. To calculate the annual revenue of the organization

C. To negotiate the price of the technology services

D. To list the vendors who fail to meet their SLOs

16 / 158

What is a key aspect of maintaining a vulnerability scanner according to the text?

A. Regularly replacing the scanning hardware

B. Regularly updating the scanning software and vulnerability feeds

C. Rely only on automatic updates and never verify manually

D. Ignore automatic updates and only focus on manual updates

17 / 158

In the context of risk management, what is the most appropriate definition of ’Risk Acceptance’?

A. It is the choice of mitigating risks through different processes and actions.

B. It is the process of choosing to take no other risk management strategy, continuing operations as usual, and accepting the potential risk.

C. It is the option of transferring the potential risks to a third party.

D. It is the strategy of avoiding any situations that could lead to potential risks.

18 / 158

What does it mean if a vulnerability scanner reports a vulnerability that does not actually exist?

A. True positive error

B. False positive error

C. True negative report

D. False negative report

19 / 158

What is the main focus of session hijacking in cybersecurity?

A. Taking over an already existed session

B. Impersonating another user

C. Interfering in the communication flow between two systems

D. Controlling endpoints or having the encryption keys

20 / 158

What is an effective way to reduce the occurrence of successful on-path attacks?

A. Disabling network sessions

B. Clearing cookies from remote servers

C. Using end-to-end encryption

D. Increasing the number of HTTP requests

21 / 158

What does the Attack Vector (AV) metric in the Common Vulnerability Scoring System (CVSS) evaluate?

A. The impact of the vulnerability on the affected system

B. The method by which an attacker might exploit the vulnerability

C. The rating of the vulnerability in terms of exploitability and impact

D. The scope of the vulnerability in relation to its reach within a network

22 / 158

Which of the following statements is true about Infrastructure Vulnerability Scanning?

A. Only commercial vulnerability scanners are reliable for use.

B. The CySA+ exam focuses heavily on Qualys and Rapid7’s Nexpose.

C. Nessus and OpenVAS are major infrastructure vulnerability scanning tools emphasized on the CySA+ exam.

D. An organization only needs one scanner in their toolkit.

23 / 158

How does a credentialed scan improve the accuracy of vulnerability scans?

A. By bypassing firewalls and intrusion prevention systems

B. By checking whether the operating system updates have been installed before reporting a vulnerability

C. By installing small software agents on each target server

D. By causing a false-positive result that requires administrator investigation

24 / 158

What is an advantage of conducting scans from various perspectives in a vulnerability management program?

A. It helps in managing different scanners.

B. It provides a consolidated view of scan results.

C. It makes it easier to configure the scanner for a new scan.

D. It provides different views into vulnerabilities.

25 / 158

What are the two types of cross-site scripting (XSS) attacks as explained in the text?

A. Crossover XSS and Dynamic XSS

B. Persistent XSS and Reflected XSS

C. Memory XSS and Cache XSS

D. Hidden XSS and Visible XSS

26 / 158

Which of the following are typically included in an organization’s information security policy framework?

A. Policies, standards, procedures, guidelines

B. Financial budgets, staffing plans, managed services

C. Equipment inventory, staffing plans, vendor contracts

D. IT projects, cloud services, external audits

27 / 158

What is the purpose of security regression testing?

A. To test the load capacity of a system

B. To ensure that no new vulnerabilities have been introduced after updates or patches

C. To test the user interface of a system

D. To manage the version and source code

28 / 158

Which of the following is NOT typically included in an organization’s information security policy library?

A. Data ownership policy

B. Information security policy

C. Account management policy

D. Detailed software development practices

29 / 158

Which of the following is not a strategy for managing the security of a computing environment?

A. Attack surface management

B. Configuration management

C. Patch management

D. Resource allocation management

30 / 158

Which of the following security control categories include firewall rules, access control lists, intrusion prevention systems, and encryption?

A. Operational controls

B. Managerial controls

C. Technical controls

D. Organizational controls

31 / 158

In the context of CVSS availability metric, which of the following correctly describes the score and corresponding impact of a high value?

A. High (H) – The system is partially affected – 0.22

B. High (H) – There is no availability impact – 0.00

C. High (H) – The performance of the system is degraded – 0.22

D. High (H) – The system is completely shut down – 0.56

32 / 158

What is the primary difference between qualitative and quantitative risk assessment techniques?

A. Quantitative techniques use numerical data while Qualitative techniques do not

B. Qualitative techniques are more accurate than Quantitative techniques

C. Quantitative techniques use subjective judgment while Qualitative techniques do not

D. Qualitative techniques use numeric data while Quantitative techniques do not

33 / 158

What is the primary purpose of stress testing in the SDLC process?

A. To identify code flaws

B. To see how an application responds when tested beyond its normal level of load

C. To ensure the application is user-friendly

D. To integrate different software modules

34 / 158

What is the purpose of baselining in the context of configuration management?

A. To assess if a system has changed outside of approved change management process

B. To track the status of hardware, software, and firmware

C. To develop a versioning system for software releases

D. To create artifacts should be used to help understand system configuration

35 / 158

What are some of the factors that influence the frequency of vulnerability scans in an organization?

A. Organization’s risk appetite

B. Corporate policies or regulatory requirements

C. Performance and operation constraints

D. All of the above

36 / 158

Why is the Software Development Life Cycle (SDLC) useful for organizations and developers?

A. It helps in fixing software bugs

B. It provides a consistent framework to structure workflow and provide planning for the development process

C. It aids in the decommissioning process of the software package

D. It helps choose the type of software programming language to use

37 / 158

What is one reason why active scanning could potentially be problematic?

A. It can easily be blocked by firewalls

B. It is successful in detecting weaknesses only in network traffic

C. It doesn’t provide high-quality results

D. It monitors the network similar to intrusion detection systems

38 / 158

What are the components necessary to pose a risk in the enterprise risk management (ERM) framework?

A. Only threats

B. Only vulnerabilities

C. A combination of threats and vulnerabilities

D. Neither threats nor vulnerabilities

39 / 158

What is the main purpose of interception proxies in cybersecurity?

A. To speed up user’s browsing

B. To enable manual manipulation of requests for penetration testing

C. To provide secure network connection

D. To decrypt encrypted data

40 / 158

Which of the following is true about the methodologies used in Business Impact Analysis (BIA)?

A. BIAs only use quantitative risk assessments

B. BIAs only use qualitative risk assessments

C. BIAs combine elements of both quantitative and qualitative risk assessments

D. BIAs do not use either quantitative or qualitative risk assessments

41 / 158

What is the purpose of behavioral assessments in threat research and modeling?

A. To identify indicators of compromise

B. To assess the risk level associated with a particular piece of software

C. To study normal and abnormal patterns of behavior, particularly to detect potential insider threats

D. To establish the total attack surface of an organization

42 / 158

What factors are considered when calculating the exploitability score for a vulnerability?

A. AttackVector, AccessComplexity, PrivilegesRequired, UserInteraction

B. AttackVector, AttackComplexity, UserInteraction

C. AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction

D. AttackVector, BufferOverflows, PrivilegesRequired, UserInteraction

43 / 158

What does the ’Info’ risk category of vulnerabilities in a vulnerability scan report indicate?

A. They are categorized as critical threats

B. They are vulnerabilities that cannot be remediated

C. They represent the CVSS scores of vulnerabilities

D. They are simply informational results, not categorized according to the CVSS

44 / 158

Which of the following is a common barrier to vulnerability scanning in relation to customer commitments?

A. Lack of understanding about the importance of vulnerability scanning

B. MOUs and SLAs creating expectations about uptime, performance, and security

C. Lack of need for vulnerability scanning provided customer is aware of process

D. Insufficient bandwidth for vulnerability scans

45 / 158

What is the purpose of a vulnerability scan in an interconnected network according to the provided text?

A. To analyze the complexity of the network’s infrastructure

B. To provide widespread access to secure communications capabilities

C. To detect security vulnerabilities in the network and its components

D. To enhance the communication capabilities of the network

46 / 158

What type of security control is an Intrusion Detection System?

A. Preventive control

B. Detective control

C. Responsive control

D. Compensating control

47 / 158

What are the potential security concerns related to the deployment of IoT devices?

A. They may require a specialized communication protocol called Modbus

B. They may introduce security concerns due to vulnerabilities that may arise on vulnerability scans

C. They may rely on sensors and controllers distributed throughout the organization

D. They may only be used in conjunction with a supervisory control and data acquisition (SCADA) systems

48 / 158

What does the integrity metric in the CVSS context refer to?

A. It refers to the extent of system disruption if a vulnerability is exploited.

B. It refers to the level of information alteration that might occur if an attacker successfully exploits the vulnerability.

C. It describes the type of system damage that will happen in the instance of successful exploitation.

D. It associate with the level of difficulty for performing a successful attack.

49 / 158

Which two regulatory schemes specifically mandate the implementation of a vulnerability management program?

A. HIPAA and GLBA

B. GLBA and PCI DSS

C. HIPAA and FISMA

D. PCI DSS and FISMA

50 / 158

What elements should managers monitor in a trend analysis to maintain a successful vulnerability scanning program?

A. Number of new vulnerabilities over time, age of existing vulnerabilities, and remediation time

B. Number of employees, age of existing vulnerabilities, and remediation time

C. Number of new vulnerabilities over time, age of existing servers, and company size

D. Number of new vulnerabilities over time, age of existing vulnerabilities, and server uptime

51 / 158

What can be used to prevent impersonation attacks?

A. Removing all users from the network

B. Using a VPN

C. Stronger session handling techniques

D. Using a unique password for each session

52 / 158

What is often one of the most common alerts derived from a vulnerability scan?

A. The network firewall is down and requires restart

B. The intranet service is running on an obsolete API

C. One or more systems on the network are running an outdated version of an operating system or application and require security patches

D. A suspicious activity has been detected on the database server

53 / 158

What is the main benefit of static code analysis in software security testing?

A. It allows the program to run simultaneously while it’s being tested.

B. It provides full visibility to the testers and meticulous understanding of the code.

C. It only focuses on finding already known issues.

D. It only works when used with automated tools.

54 / 158

Which of the following statements regarding debugging tools is incorrect?

A. Immunity debugger is designed specifically to support penetration testing and the reverse engineering of malware.

B. GNU debugger (GDB) is a widely used open source debugger for Linux that works with a variety of programming languages.

C. Penetration testers may also attempt to use debuggers and related tools to perform the decompilation of code.

D. Decompilation of code is a process which is simple and mostly successful.

55 / 158

What is the main purpose of Common Platform Enumeration (CPE) in the context of Security Content Automation Protocol (SCAP)?

A. Provides a standard nomenclature for discussing system configuration issues.

B. Provides a standard nomenclature for describing product names and versions.

C. Provides a standard nomenclature for describing security-related software flaws.

D. Provides a standardized approach for measuring and describing the severity of security-related software flaws.

56 / 158

What is a defining characteristic of zero-day attacks?

A. They are commonly used by unsophisticated hackers.

B. They are vulnerabilities that have already been patched by product vendors.

C. They are vulnerabilities that are known to other attackers and cybersecurity teams.

D. They are vulnerabilities unknown to product vendors hence no patches are available to correct them.

57 / 158

What are the three different categories of security control, and what does each achieve?

A. Architectural controls, infrastructure controls, and system controls

B. Security controls, operational controls, and managerial controls

C. Personnel controls, software controls, and environmental controls

D. Technical controls, operational controls, and managerial controls

58 / 158

Why is the Software Development Life Cycle (SDLC) significant in software development?

A. It makes software development more complex

B. It provides a structure to workflow and planning of the development process

C. It enables developers to skip some of the traditional phases of development

D. It ensures that every software developed follows the same exact life cycle

59 / 158

What is the main purpose of the Common Configuration Enumeration (CCE) standard under the Security Content Automation Protocol (SCAP)?

A. It provides a standardized method for describing product names and versions.

B. It provides a standard nomenclature for discussing system configuration issues.

C. It provides a standard nomenclature for describing security-related software flaws.

D. It provides a standardized approach for measuring and describing the severity of security-related software flaws.

60 / 158

Why is it good practice to document exceptions in the vulnerability management system?

A. To prevent the scanner from reporting them in future reports.

B. To reduce the cost of remediating a vulnerability.

C. To allow the use of unsupported operating systems.

D. To increase the speed of vulnerability scans.

61 / 158

What is a common barrier to vulnerability scanning raised by technology professionals and how can cybersecurity professionals address this concern?

A. Service Degradations, addressed by running multiple scans simultaneously

B. Customer Commitments, addressed by ignoring agreements

C. Service Degradations, addressed by tuning scans to consume less bandwidth and coordinating scan times with operational schedules

D. IT Governance and Change Management Processes, addressed by ignoring the processes

62 / 158

What does the user interaction metric in CVSS describe?

A. The number of users involved in an attack

B. The requirement for a human other than the attacker in an attack

C. The level of engagement of the user in the attack

D. The priority level assigned to a user in an attack

63 / 158

What is the role of a change manager in coordinating with maintenance windows?

A. To implement, verify, and test changes

B. To shut down the system during the maintenance window

C. To force changes without notifying other team members

D. To monitor the network traffic during the maintenance window

64 / 158

Which attack mentioned in the text seeks to increase an attacker’s access level by exploiting vulnerabilities to transform a normal user account into a privileged account?

A. Dirty COW

B. Rootkit

C. Ninja

D. Linux Kernel

65 / 158

What are some methods used in Software Assessment to identify bugs and flaws in a program’s source code?

A. Static code analysis and fuzzing

B. Regression testing only

C. Static code analysis and regression testing only

D. Mutation testing only

66 / 158

Why is patch management crucial in ensuring the security of operating systems?

A. It provides new features

B. It ensures systems are not vulnerable to previously discovered security exploits

C. It allows for better system performance

D. It provides compatibility with other software

67 / 158

What is one way for cybersecurity professionals to overcome the barrier of service degradations during vulnerability scanning?

A. Increasing the scan intensity

B. Involving in the creation of MOUs and SLAs

C. Working within the organizational governance processes

D. Tuning scans to consume less bandwidth and coordinating scan times with operational schedules

68 / 158

What is the first calculation that analysts do to compute the CVSS base score?

A. Calculating the exploitability score

B. Calculating the impact function

C. Computing the impact sub-score (ISS)

D. Calculating the impact score

69 / 158

What is the purpose of developing a remediation workflow in vulnerability management?

A. To display all security issues detected in an environment

B. To prioritize vulnerabilities and track the remediation process

C. To replace the need for vulnerability scan tools

D. To diversion of resources from vulnerability scanning to another process

70 / 158

In the CVSS attack complexity metric, what is indicated by a high score?

A. Exploiting the vulnerability requires ’specialized’ conditions that are difficult to find

B. Exploiting the vulnerability does not require any specialized conditions

C. Exploiting the vulnerability is almost impossible

D. The vulnerability does not pose a significant risk

71 / 158

Which of the following questions is NOT used by organizations to identify systems that will be covered by vulnerability scans?

A. Is the system a production, test, or development system?

B. What services are offered by the system?

C. What is the estimated financial value of the system?

D. What is the data classification of the information stored, processed, or transmitted by the system?

72 / 158

What steps should be taken when configuring vulnerability management tools to perform scans?

A. Just start the scan and hope for the best

B. Launch the tool’s automatic configuration wizard

C. Identify the appropriate scope for the scan, configure the scan to meet the organization’s requirements, and maintain the currency of the scanning tool

D. Ignore the organization’s scan specifications

73 / 158

What is a potential security risk of using continuous integration and continuous deployment methods?

A. It reduces the amount of automated security testing

B. It increases the time taken for code deployment

C. It could result in new vulnerabilities being deployed into production

D. It decreases the necessity for logging, reporting, and monitoring

74 / 158

Which statement is NOT one of the basic premises of Agile software development?

A. Face-to-face interactions are preferable to emails

B. Working software is preferable to comprehensive documentation

C. Responding to change is key, rather than following a plan

D. Customer collaboration replaces contract negotiation

75 / 158

Which of the following best describes the role of vulnerability scanning in corporate policy according to the text?

A. It is mandatory under PCI DSS and FISMA regulations

B. It is mandated by most organizations, irrespective of regulatory requirements

C. It is only required for organizations processing retail transactions and operating government systems.

D. It is not considered a crucial part of any information security program.

76 / 158

What information does the first section of a CVSS vector provide?

A. The required privileges for an attack

B. The version of the CVSS being used

C. The complexity of the attack

D. The score for availability impact

77 / 158

Which method can administrators use to protect against password reuse vulnerabilities?

A. Implementing multifactor authentication

B. Encouraging users to use common passwords

C. Encouraging users to reuse passwords across many different sites

D. Reducing the security systems in place

78 / 158

Which of the following is the purpose of using industry standards in a security professional’s work?

A. To detect and reduce all vulnerabilities in an organization’s environment

B. To create a unique set of security controls for the organization

C. To reduce the chance of vulnerabilities and better position the organization to detect and mitigate undetected vulnerabilities

D. To replace the organization’s existing security standards

79 / 158

What is the purpose of Open Vulnerability and Assessment Language (OVAL) in SCAP standards?

A. It provides a standardized approach for measuring and describing the severity of security-related software flaws

B. It provides a standard nomenclature for describing product names and versions

C. It specifies low-level testing procedures used by checklists

D. It provides a standard nomenclature for discussing system configuration issues

80 / 158

What does the Privileges Required (PR) metric measure in the CVSS system?

A. The level of security required to protect against an attack.

B. The level of privileges an attacker would need to exploit a vulnerability.

C. The type of encryption needed to secure data against an attack.

D. The type of device required to execute an attack.

81 / 158

What is the primary purpose of implementing a bug bounty program?

A. To allow public disclosure of vulnerabilities

B. To incentivize responsible disclosure of vulnerabilities

C. To allow organizations to exploit vulnerabilities

D. To restrict the activity of security testers

82 / 158

Which of these statements is true about the RAD (Rapid Application Development) model?

A. The model includes a planning phase before code is written

B. RAD does not involve data modeling

C. Business modeling is not a part of RAD

D. Functional components of the code are developed in parallel and then integrated

83 / 158

What are the two best ways to protect against SQL injection attacks?

A. Firewall enforcement and server patching

B. Using encryption and digital signatures

C. Input validation and enforcement of least privilege restrictions on database access

D. Using VPNs and changing default usernames/passwords

84 / 158

Based on the given text, which of the following is NOT true about guidelines?

A. They provide best practices and recommendations

B. Compliance with guidelines is mandatory

C. They often provide information helpful in establishing policy or rule

D. They can be optional depending on the organization’s culture

85 / 158

What should be done after deploying a fix in a system?

A. Immediately implement the fix in all other systems

B. Repeating the vulnerability scan to confirm that the issue is no longer present

C. Update the security patch on a random basis.

D. Ignore the configuration baseline

86 / 158

What is the formula used to calculate the severity of a risk?

A. Risk Severity=Probability+Magnitude

B. Risk Severity=Magnitude/Probability

C. Risk Severity=Probability*Magnitude

D. Risk Severity=Magnitude-Probability

87 / 158

Which of the following describes a disadvantage of a risk avoidance strategy?

A. Risk avoidance strategies are difficult to implement

B. Risk avoidance strategies efficiently eliminate all potential risks

C. Risk avoidance strategies provide complete cybersecurity protection

D. Risk avoidance strategies can have a serious detrimental impact on the business.

88 / 158

Which has been recommended as a secure replacement for FTP as mentioned in the text?

A. Secure Shell (SSH)

B. Secure File Transfer Protocol (SFTP)

C. Telnet

D. Secure Socket Layer (SSL)

89 / 158

How is the Impact Sub-Score (ISS) calculated in a CVSS base score?

A. By subtracting the sum of Confidentiality, Integrity, and Availability from 1

B. By adding the values of Confidentiality, Integrity, and Availability

C. By multiplying the values of Confidentiality, Integrity, and Availability

D. ISS=1-[(1-Confidentiality)*(1-Integrity)*(1-Availability)]

90 / 158

Why is it important to disable debug mode on systems with public exposure in terms of cybersecurity?

A. Because debug mode simplifies the user interface

B. Because debug mode improves application response times

C. Because debug mode could provide attackers with detailed information about the system’s inner workings

D. Because debug mode is obsolete and no longer supported

91 / 158

What is the Extensible Configuration Checklist Description Format (XCCDF) as part of SCAP Standards?

A. An approach to measure and describe severity of security-related software flaws

B. A language for specifying checklists and reporting checklist results

C. A nomenclature for describing product names and versions

D. A nomenclature for discussing system configuration issues

92 / 158

What does the 2016 Data Breach Investigations Report by Verizon underscore about the importance of addressing vulnerabilities, according to the text?

A. That most organizations fail to address newly discovered vulnerabilities.

B. That vulnerabilities exploited in data breaches are mostly newly discovered ones.

C. That old vulnerabilities can present significant issues to the security of organizations and many organizations fail to address them.

D. That plug-ins of vulnerability scanning systems are ineffective in detecting old vulnerabilities.

93 / 158

What is the purpose of risk mitigation in cybersecurity?

A. To reduce the amount of security controls

B. To increase the likelihood of an attack

C. To reduce the probability and/or magnitude of a risk

D. To minimize engineering trade-offs

94 / 158

What is the most common barrier to vulnerability scanning according to the text?

A. Customer Commitments

B. IT Governance and Change Management Processes

C. Service Degradations

D. Employee Resistance

95 / 158

Which environment typically serves as the live system where software, patches, and other tested and approved changes are implemented?

A. Development

B. Test

C. Preproduction

D. Production

96 / 158

What is a potential risk of a server that is not properly configured in terms of IP address disclosure?

A. The server may overheat

B. The server may get physical damage

C. The server may leak its private IP addresses to remote systems

D. The server may run out of memory space

97 / 158

What are the two basic options for addressing vulnerabilities in cases where immediate remediation is not possible?

A. Removing the vulnerable application and replacing it with a safer one

B. Implementing an external firewall or shutting down the application

C. Implementing a compensating control or deciding that the risk is acceptable and continuing business as usual

D. Hiring external security consultants

98 / 158

Which of the following best describes the Waterfall methodology in the Software Development Life Cycle (SDLC)?

A. Each phase overlaps with the next one.

B. It is highly responsive to changes and accounts for internal iterative work.

C. Each phase is followed by the next phase without overlapping and each logically leads to the next.

D. It’s an obsolete methodology that is not used for development anymore.

99 / 158

Which phase of a typical software development lifecycle focuses on gathering input from customers to determine the needs and desires for functionality, as well as providing a platform for ranking the critical requirements for project’s success?

A. The design phase

B. The testing and integration phase

C. Analysis and requirements definition phase

D. The feasibility phase

100 / 158

What is a significant advantage of reducing the scope of PCI DSS compliance through network segmentation?

A. It allows for non-compliance with PCI DSS regulations

B. It reduces the cost of vulnerability scanning and remediation workload

C. It minimizes the need for cybersecurity professionals

D. It eliminates the need for quarterly compliance scans

101 / 158

What is an application of the OWASP Top Ten web application vulnerabilities list?

A. It is used as a guideline for developing secure coding practices

B. It is used as a reference in formulating the company’s IT budget

C. It is used as a checklist when conducting training for new developers

D. It is used as a core reference when vulnerability scanners conduct scans of web applications

102 / 158

What is one of the most common alerts from a vulnerability scan?

A. Systems on the network have a reduced processing speed

B. Systems on the network are running an outdated version of an operating system or application and require security patches

C. Systems on the network have an incorrect IP Address

D. Systems on the network have unnecessary applications running

103 / 158

What is the main goal of DevOps in the software development life cycle (SDLC)?

A. To optimize the SDLC

B. To reduce the time needed for testing

C. To develop apps and services

D. To manage security threats

104 / 158

Which of the following factors should a cybersecurity analyst consider when determining the severity of a vulnerability?

A. The quantity of the vulnerability on the system

B. The age of the vulnerability

C. The firmware version of the device where the vulnerability resides

D. The exposure of the vulnerability to potential exploitation

105 / 158

Which two network vulnerability scanning tools are emphasized in the CySA+ exam?

A. Rapid7’s Nexpose and Qualys’s vulnerability scanner

B. Tenable’s Nessus and Qualys’s vulnerability scanner

C. Tenable’s Nessus and OpenVAS

D. OpenVAS and Rapid7’s Nexpose

106 / 158

Which of the following are valuable sources of information while analyzing vulnerability scans?

A. Logs from servers, applications, network devices, etc.

B. Personal emails

C. Independent online forums

D. Unauthorized external scans

107 / 158

What is one risk for organizations that continue to run unsupported software products?

A. Vendor might increase the software subscription cost.

B. Vendor will continue addressing only major security flaws.

C. The product might not be compatible with new hardware.

D. Vendor will not investigate or correct security flaws.

108 / 158

Which of the following describes a typical circumstance where a mismatch between the name on the certificate and the name of the server occurs?

A. On networks that use WPA2 for their security

B. While using Tor browsers

C. On networks that use a captive portal to authenticate users joining a public wireless network

D. During times of DDoS attacks

109 / 158

Which solution is typically used by administrators to manage the configuration of mobile devices, including the automatic installation of patches and provision of remote wiping functionality?

A. Network Access Control

B. Intrusion Detection System

C. Mobile Device Management

D. Data Loss Prevention

110 / 158

Why is it important to communicate the results of a vulnerability scan to team members able to correct the issue?

A. It helps them understand the nature of the issue and how to fix it.

B. It is a requirement for the CompTIA CySA+ (CS0-003) exam.

C. It provides them with an understanding of the CVSS.

D. It is necessary for the internal audit.

111 / 158

Which of the following is a correct statement about SSL and TLS based on the provided text?

A. SSL and TLS themselves are cryptographic ciphers

B. SSL and TLS do not allow administrators to designate the cryptographic ciphers

C. The SSL and TLS protocols show how cryptographic ciphers can be used to secure network communications

D. When a client and server communicate using SSL/TLS, they do not exchange a list of supported ciphers

112 / 158

Why is it important to perform vendor due diligence and hardware source authenticity assessments?

A. To ensure the organization’s operational processes are efficient

B. To verify the vendor’s compliance with financial regulations

C. To protect the confidentiality, integrity, and availability of the organization’s data

D. To ensure that the holographic sticker on the hardware is authentic

113 / 158

What are the three methods of fault injection described in the text?

A. Compile-time injection, Dynamic Analysis, and Static Analysis

B. Protocol software fault injection, Runtime injection, and Dynamic Analysis

C. Compile-time injection, Protocol software fault injection, and Runtime injection

D. Runtime injection, Application testing, and Code Review

114 / 158

What is the purpose of mutation testing?

A. To change the inputs to the program

B. To introduce faults to the program

C. To make small modifications to the program itself and test the altered versions

D. To test the execution speed of a program

115 / 158

What does the Attack Vector (AV) metric in the Common Vulnerability Scoring System (CVSS) illustrate?

A. It describes the potential impact of a vulnerability

B. It illustrates the likelihood of a breach occurring due to the vulnerability

C. It describes how an attacker would exploit the vulnerability

D. It provides a numeric rating for the severity of the vulnerability

116 / 158

What are some of the parameters that can be configured when setting up vulnerability scans?

A. The scheduling of automated scans and production of reports

B. The types of checks performed by the scanner and the provision of credentials to access target servers

C. The installation of scanning agents on target servers and conducting scans from a variety of network perspectives

D. All of the above

117 / 158

What is the purpose of fuzz testing during dynamic code analysis?

A. To send valid, expected data to the application to confirm it behaves as expected

B. To identify complex logic or business process issues within the code

C. To send invalid or random data to the application to test its ability to handle unexpected data

D. To ensure complete code coverage without any need for monitoring

118 / 158

Why is regular patching of scanner software necessary?

A. To provide important bug fixes to the software

B. To protect the organization against scanner-specific vulnerabilities

C. To enhance scanner software features

D. All of the above

119 / 158

What is the main purpose of Common Vulnerabilities and Exposures (CVE) as a part of the Security Content Automation Protocol (SCAP)?

A. Provides a standard nomenclature for discussing system configuration issues

B. Provides a standard nomenclature for describing product names and versions

C. Provides a standard nomenclature for describing security-related software flaws

D. Provides a standardized approach for measuring and describing the severity of security-related software flaws

120 / 158

What is the role of the Common Vulnerability Scoring System (CVSS) within the Security Content Automation Protocol (SCAP) framework?

A. It provides a standard nomenclature for discussing system configuration issues

B. It is a language for specifying low-level testing procedures used by checklists

C. It provides a standardized approach for measuring and describing the severity of security-related software flaws

D. It provides a standard nomenclature for describing product names and versions

121 / 158

Based on the given CVSS Qualitative Severity Rating Scale, into which risk category would a vulnerability with a score of 6.2 fall?

A. Low

B. Medium

C. High

D. Critical

122 / 158

Which of the following is NOT required by FISMA for all federal information systems?

A. Analysis of vulnerability scan reports

B. Remediation of legitimate vulnerabilities

C. Information sharing about similar vulnerabilities in other information systems

D. Upgrading the system immediately when new updates are available

123 / 158

Which of the following statements best explains the difference between Local File Inclusion (LFI) and Remote File Inclusion (RFI) attacks?

A. LFI attacks execute arbitrary code while RFI attacks do not.

B. RFI attacks only work on Windows servers while LFI attacks do not.

C. LFI attacks seek to execute code stored on the local web server, while RFI attacks execute code stored on a remote server.

D. RFI attacks cannot be detected by security tools while LFI attacks can be detected.

124 / 158

What level of statement in an organization generally carries mandatory requirements for information security procedures?

A. Policies

B. Guidelines

C. Standards

D. General objectives

125 / 158

Which two regulatory schemes specifically mandate the implementation of a vulnerability management program?

A. Health Insurance Portability and Accountability Act (HIPAA) and Gramm–Leach–Bliley Act (GLBA)

B. Federal Information Security Management Act (FISMA) and Gramm–Leach–Bliley Act (GLBA)

C. Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA)

D. Payment Card Industry Data Security Standard (PCI DSS) and Federal Information Security Management Act (FISMA)

126 / 158

What should cybersecurity analysts consider when determining the criticality of systems and information affected by a vulnerability?

A. The cost of the vulnerability scan tool

B. The geographic location of the systems

C. The confidentiality, integrity, and availability requirements

D. The experience level of the system administrators

127 / 158

Which of the following is NOT a requirement by the Payment Card Industry Data Security Standard (PCI DSS) for vulnerability scans?

A. Organizations must run both internal and external vulnerability scans.

B. PCI DSS requires organizations to conduct their own scans first to assure themselves that they will achieve a passing result before requesting an official scan from an ASV.

C. Organizations must remediate any high-risk vulnerabilities and repeat scans to confirm that they are resolved until they receive a “clean” scan report.

D. External scans must be conducted by an Approved Scanning Vendor (ASV) authorized by PCI SSC.

128 / 158

What factors should a Cybersecurity analyst consider in order to understand the exposure of a vulnerability?

A. Just the internal server accessibility

B. Just the severity of the issue

C. The exposure of a vulnerability to potential exploitation and the type of network accessible by the vulnerability

D. Only the number of vulnerabilities found

129 / 158

What factors should be considered while evaluating a vulnerability?

A. The specific context of your organization and the environment

B. The system’s connection to the internet

C. The asset value of the affected systems

D. All of the above

130 / 158

What are the three types of controls to protect against directory traversal attacks?

A. Avoiding file extensions in queries, validation of input, and IP address restrictions

B. Avoiding filenames in queries, validation of input using special characters, and access controls on storage servers

C. Hiding actual file paths, SQL injection prevention, and Two-Factor Authentication

D. Avoiding directory structure in queries, validation of input fields, and secure hashing of filenames

131 / 158

What factors should the cybersecurity analysts consider when deciding the order of vulnerability remediation according to the text?

A. Severity and cost of remediation

B. Exposure and severity of the vulnerability

C. Monetary cost of immediate notification of key personnel

D. Detail of the vulnerability report

132 / 158

What was the source of traffic that overwhelmed the servers of Dyn in the widespread DDoS attack of October 21, 2016?

A. Spam emails

B. Phishing attempts

C. An IoT botnet named Mirai

D. Hacked social media accounts

133 / 158

Which of the following common software development security issues is characterized by errors in handling authentication?

A. Insecure object references

B. Invalid error handling

C. Broken authentication

D. Use of insecure functions

134 / 158

What is the purpose of configuring the scan sensitivity levels in a vulnerability management solution?

A. To determine the types of checks that the scanner will perform

B. To identify the target servers

C. To schedule automated scans

D. To install scanning agents on target servers

135 / 158

What is the main function of Scout Suite in cloud environment security?

A. Scout Suite provides automatic resolution for cloud service issues.

B. Scout Suite is primarily used to increase the speed and efficiency of cloud services.

C. Scout Suite audits user cloud accounts for configuration information and potential security issues.

D. Scout Suite’s function is to create accounts for users across multiple cloud service platforms.

136 / 158

What is the main difference between Cross-site request forgery attacks (CSRF) and Server-Side Request Forgery (SSRF) attacks?

A. CSRF attacks exploit the trust that remote sites have in a user’s system, while SSRF attacks exploit the same trust in a server.

B. SSRF attacks are a subset of CSRF attacks and therefore work exactly the same.

C. CSRF attacks need the user to be logged into the target site, while SSRF attacks do not.

D. SSRF attacks exploit the trust in a user’s computer, while CSRF attacks exploit this trust in a website.

137 / 158

What platforms can the Prowler security configuration testing tool scan?

A. AWS, Microsoft Azure, and Google Compute Platform

B. Microsoft Azure, Google Compute Platform, and IBM Cloud

C. AWS, Google Compute Platform, and Oracle Cloud

D. AWS, Microsoft Azure, and Alibaba Cloud

138 / 158

What are the two forms of request forgery attacks?

A. Cross-site scripting and Server-side scripting

B. Authentication forgery and Server-side scripting

C. Cross-site request forgery and Server-side request forgery

D. Authentication forgery and Cross-site request forgery

139 / 158

Which of the following best describes risk transference?

A. Cutting down potential risks within an organization

B. Moving the impact of a risk from one entity to another

C. Avoiding risks completely

D. Mitigating risks by developing new strategies

140 / 158

In the Waterfall SDLC model, which phase immediately follows the software design process?

A. Implementation

B. Requirement gathering

C. Testing

D. Analysis

141 / 158

What is the purpose of the ’scope metric’ in vulnerability scoring systems?

A. It determines the severity of the vulnerability based on the number of affected systems.

B. It measures whether the vulnerability can affect system components beyond the scope of the vulnerability.

C. It calculates the potential impact of the vulnerability on the system’s performance.

D. It checks if the vulnerability can be exploited to gain unauthorized access to the system.

142 / 158

Why is user acceptance testing (UAT) considered a crucial stage in the testing cycle of an application or program?

A. Because it allows developers to test all business functions

B. Because it allows users to validate if the application or program meets business needs and usability requirements

C. Because it allows developers to move the application into production

D. Because it gives the application or program a formal test plan

143 / 158

What is the main intent behind a buffer overflow attack?

A. To steal user credentials

B. To overwrite information in memory with malicious instructions

C. To interrupt the communication between systems

D. To introduce a virus into the system

144 / 158

Which type of attack occurs when an attacker uses a list of common passwords and attempts to log into many different user accounts with those common passwords?

A. Impersonation

B. Password Spraying

C. Session Hijacking

D. Credential Stuffing

145 / 158

What does the value of the scope metric influence when computing the impact score from the ISS for a SSL vulnerability risk?

A. It changes the ISS

B. It determines the multiplication factor for the ISS

C. It adds onto the ISS

D. It reduces the ISS

146 / 158

What kind of testing can static code analysis be seen as, and what major advantage does it provide?

A. Black-box testing, with the advantage of being able to test without running the program

B. White-box testing, with the advantage of other tests potentially missing certain problems

C. Grey-box testing, with the ability to identify both known and unknown issues

D. Dynamic testing, with the possibility of identifying programmer-induced errors

147 / 158

What is a factor used in calculating the CVSS base score when the scope metric is changed?

A. Multiplying the sum of the impact and exploitability scores by 1

B. Multiplying the sum of the impact and exploitability scores by 1.08

C. Dividing the impact score by the exploitability score

D. Subtracting the exploitability score from the impact score

148 / 158

What is the main purpose of Pacu in the context of AWS?

A. It is a scanning tool for detecting vulnerabilities in the AWS infrastructure.

B. It is a cloud-focused exploitation framework to help attackers determine what actions can be performed with an existing AWS account.

C. It is a tool for patching vulnerabilities in AWS.

D. It is purely a plug-in for Metasploit.

149 / 158

What does the confidentiality metric describe in the context of a system vulnerability?

A. The amount of data that can be accessed if the system is exploited

B. The steps an attacker must take to exploit the system

C. The likelihood that an attacker will discover the vulnerability

D. The damage that can be caused by a system crash

150 / 158

What two important roles does a risk assessment serve in the risk management process?

A. It identifies potential threats and vulnerabilities

B. It provides guidance in prioritizing risks and helps determine whether the potential impact of a risk justifies the costs incurred by adopting a risk management approach

C. It provides a blueprint for implementing security controls

D. It delineates the responsibilities of the risk management team

151 / 158

What is the function of cloud infrastructure assessment tools in enhancing the security of a cloud environment?

A. They only conduct an exhaustive port scan to determine a system’s vulnerabilities

B. They clean up malware detected in the cloud environment

C. They detect issues that may not appear on other vulnerability scans, including long-unrotated security keys or overexposed network instances

D. They monitor the network traffic to detect any suspicious behavior

152 / 158

What does the risk information section of a vulnerability scan report include?

A. Details on how to solve the vulnerability

B. The specific insecure ciphers being used

C. The name of the vulnerability scanner plugin

D. Information for assessing the severity of the vulnerability

153 / 158

Which of the following are examples of web-specific vulnerabilities that web application scanners test for?

A. SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF)

B. Denial of Service (DoS), Man In The Middle (MITM) and phishing

C. Brute force, IP Spoofing, Dictionary attacks

D. Worms, Viruses, Trojans

154 / 158

Which of the following is a common type of unknown threat?

A. Known threat

B. Zero-day threat

C. Advanced persistent threat actors

D. Nation-state resources

155 / 158

What does the Center for Internet Security (CIS) publish?

A. Security breaches summaries

B. List of potential threats

C. Series of security benchmarks

D. Detailed encryption methods

156 / 158

Which of the following statements best describes the difference between the SSL and TLS protocols?

A. SSL and TLS are acronyms used interchangeably to refer to the same protocol

B. SSL is an outdated protocol with security flaws and has been replaced by TLS

C. SSL is a more secure version of the TLS protocol

D. TLS and SSL function differently and are not related

157 / 158

What is the primary characteristic of a remote code execution vulnerability as compared to other types of code execution vulnerabilities?

A. It allows an attacker to run software of their choice on the targeted system

B. It can be exploited over a network connection without having physical or logical access to the target system

C. It is always associated with administrative privileges

D. It is always detected by vulnerability scans

158 / 158

Which of the following activities is NOT part of attack surface management?

A. Edge discovery scanning

B. Reporting financial results

C. Security controls testing

D. Penetration testing and adversary emulation

Your score is

Share the Post:

Download Your FREE CompTIA CySA+(CS0-003) Anki Deck!

Email issues? [ [email protected] ]

Master Vulnerability Management with Our Free CompTIA CySA+ (CS0-003) Domain 2 Practice Test!

Prepare for your IT career or enhance your cybersecurity skills with our free CompTIA CySA+ Domain 2: Vulnerability Management practice test. This test mimics the real exam to help build your confidence and readiness.

Explore Other CySA+ Domains:

Key Features:

Realistic Exam Simulation: Familiarize yourself with the actual exam format.
Detailed Explanations: Learn from comprehensive explanations.
Identify Weak Areas: Focus on areas needing improvement.
Completely Free: Access our practice test at no cost.

Why Choose Our Test?

Expertly Crafted: Developed by experienced professionals.
Career Advancement: Opens doors to new IT job opportunities.
Convenient: No registration required, available online anytime.

Start mastering Domain 2: Vulnerability Management for the CompTIA CySA+ (CS0-003) exam today with our free practice test!

For more information, visit the CompTIA CySA+ Official Site.

WGU Master’s Degree Rankings 2026 | I Asked 3 AIs 300 Times to Find the Best One
Table of Contents Which WGU Master’s Degree Is Actually Worth It? If you’re considering a master’s degree from WGU and can’t figure out which program to choose — cybersecurity, software engineering, AI/ML, data analytics — you’re not alone. The options are overwhelming, and most comparisons online are either outdated or purely opinion-based. So here’s a […]
How I Made $1.3 Million in Cybersecurity (With Exact Revenue Numbers)
Table of Contents If you’re stuck at $50K–$100K and wondering, “How the hell do people make seven figures?” this is for you.I’m Josh Madakor. In 2025, I made $1.3 million in cybersecurity. Not from a corporate job. Not from VC funding. And definitely not from selling a bullshit course.In this article, I’ll break down everything: […]
The Best Laptops for Cyber Security in 2026: Stop Over-Analyzing, Start Building
Table of Contents Let’s be real: most people think that to get into cyber security, you need to be a “super elite hacker” running 10 different virtual machines on a glowing, heavy-duty gaming laptop. Spoiler alert: That’s just not how the industry works. I’ve spent years in roles ranging from Senior Analyst to Security Engineer, […]

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.

Join Now!

Domain 2 CompTIA CySA+ Vulnerability Management | Free Practice + Anki Flash Cards

Download Your FREE CompTIA CySA+(CS0-003) Anki Deck!

Master Vulnerability Management with Our Free CompTIA CySA+ (CS0-003) Domain 2 Practice Test!

Explore Other CySA+ Domains:

Key Features:

Why Choose Our Test?

Related Posts

Hands-onCybersecurity Training in a LIVE SOCwith Enterprise Security ToolsInternships Available.

Domain 2
CompTIA CySA+ Vulnerability Management | Free Practice + Anki Flash Cards

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.