Question 1

After identified weaknesses have been remediated, which of the following should be completed NEXT?

Options :

A : Perform a validation scan before moving to production.

B : Perform software code testing.

C : Perform a software quality assurance (QA) activity.

D : Move the fixed system directly to production.

Answer: A

Question 2

During a post-mortem incident review meeting, it is noted that a malicious attacker attempted to achieve network persistence by using vulnerabilities that appeared to be lower risk but ultimately allowed the attacker to escalate their privileges. Which ofthe following did the attacker MOST likely apply?

Options :

A : Exploit chaining

B : Brute force attack

C : Cross-site scripting

D : Deployment of rogue wireless access points

Answer: A

Question 3

Which of the following is theMOSTimportant component oftheasset decommissioning process from a data risk perspective?

Options :

A : Informing the data owner when decommissioning is complete

B : Destruction of data on the assets

C : Updating the asset status in the configuration management database (CMD8)

D : Removing the monitoring of the assets

Answer: B

Question 4

A penetration tester has been hired and given access to all code, diagrams,and documentation. Which type oftesting is being conducted?

Options :

A : Full knowledge

B : Unlimited scope

C : No knowledge

D : Partial knowledge

Answer: A

Question 5

An organization has received complaints from a number of its customers that their data has been breached. However, after an investigation, the organization cannot detect any indicators of compromise. The breach was MOST likely due to which type of attack?

Options :

A : Supply chain attack

B : Zero-day attack

C :

injection attack

D : Man-in the-middle attack

Answer: A

Free CCOA Mock Exam – Practice Online Confidently

Buying Options: