CompTIA Cybersecurity Analyst (CySA+) - Module 4: Security Architecture and Tool Sets

CompTIA Cybersecurity Analyst (CySA+)

- Module 4: Security Architecture and

Tool Sets

Which framework was designed to widen the focus of an organization to overall architecture?

COBIT TOGAF SABSA ITIL ✔✔TOGAF (The Open Group Architecture Framework)

The procedures in place to test controls need to be examined only by internal parties to ensure security.

True False ✔✔False

Which policies are responsible for securing employee profiles?

Account Management Policy Acceptable Use Policy Data Ownership Policy Password Policy ✔✔Account Management Policy & Password Policy

Which type of control would a software in charge of managing who has access to the network be?

Administrative Control Defined Parameters Logical Control

Physical Control ✔✔Logical Control

Audits should be done by a third party to get a more accurate result.

True False ✔✔True

What type of verification method is based on a judgement call?

Assessments Audit Evaluation Certification ✔✔Evaluation

Which framework is distinguished by focusing exclusively on IT security?

NIST TOGAF ISO ITIL ✔✔NIST (National Institute of Standards and Technology)

What procedure is responsible for supplementing a lack of controls?

Patching Managing Exceptions Control Testing Procedures Compensation Control Development ✔✔Compensation Control Development

Which policy might govern how guests may use the companies WiFi?

Data Retention Policy Account Management Policy Acceptable Use Policy Data Ownership Policy ✔✔Acceptable Use Policy

A guideline is an adamant step by step listing of actions to be completed for a given task.

True False ✔✔False

In which procedure is everyone in the company told how to react and alert proper members of staff?

Evidence Production Continuous Monitoring Remediation Plans Managing Exceptions ✔✔Evidence Production

Which framework is distinguished by providing information assurance and is driven by risk analysis?

TOGAF ITIL NIST SABSA ✔✔SABSA (Sherwood Applied Business Security Architecture)

In which procedure do all factors need to be considered compared and tested before a decision is made?

Managing Exceptions Remediation Plans

Evidence Production Continuous Monitoring ✔✔Remediation Plans

What are reasons that data should be retained past it's first use? (Choose Several)

Meeting legal and company policies Keeping the data from being abused Leverage Backups for frequently changed files ✔✔Meeting legal and company policies & Backups for frequently changed files

In which procedure are those involved given limited knowledge to develop from?

Evidence Production Compensation Control Testing Procedures Managing Exceptions ✔✔Testing Procedures

An evaluation is scored against a benchmark or checklist.

True False ✔✔False

Which procedure is typically put into place because it is virtually impossible to perfectly match an entire environment?

Patching Continuous Monitoring Compensation Control Managing Exceptions ✔✔Managing Exceptions