| A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following methodologies would BEST address this task?
A. Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privileges (STRIDE) B. Software Assurance Maturity Model (SAMM) C. Open Web Application Security Project (OWASP) D. Open Source Security Information Management (OSSIM).
A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports. Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access? A. Apply a firewall application server rule. B. Add the application server to the allow list. C. Sandbox the application server. D. Enable port security. E. Block the unauthorized networks. .
Which of the following is a reason to use a risk-based cybersecurity framework? A. A risk-based approach always requires quantifying each cyber risk faced by an organization. B. A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities. C. A risk-based approach is driven by regulatory compliance and is required for most organizations. D. A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes.
The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:
A. web servers on private networks. B. HVAC control systems. C. smartphones. D. firewalls and UTM devices.
A cybersecurity analyst is working with a SIEM tool and reviewing the following table:
When creating a rule in the company's SIEM, which of the following would be the BEST approach for the analyst to use to assess the risk level of each vulnerability that is discovered by the vulnerability assessment tool? A. Create a trend with the table and join the trend with the desired rule to be able to extract the risk level of each vulnerability B. Use Boolean filters in the SIEM rule to take advantage of real-time processing and RAM to store the table dynamically, generate the results faster, and be able to display the table in a dashboard or export it as a report C. Use a static table stored on the disk of the SIEM system to correlate its data with the data ingested by the vulnerability scanner data collector D. Use the table as a new index or database for the SIEM to be able to use multisearch and then summarize the results as output.
While observing several host machines, a security analyst notices a program is overwriting data to a buffer. Which of the following controls will best mitigate this issue?
A. Data execution prevention B. Output encoding C. Prepared statements D. Parameterized queries.
An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?
A. Software-based drive encryption B. Trusted execution environment C. Unified Extensible Firmware Interface D. Hardware security module.
The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?
A. Whitelisting authorized IP addresses B. Blacklisting unauthorized IP addresses C. Enforcing more complex password requirements D. Establishing a sinkhole service.
A Chief Information Security Officer is concerned that contract developers may be able to steal the code used to design the company’s latest application since they are able to pull code from a cloud-based repository directly to laptops that are not owned by the company. Which of the following solutions would best protect the company code from being stolen? A. MDM B. SCA C. CASB D. VDI.
A security analyst recently implemented a new vulnerability scanning platform. The initial scan of 438 hosts found the following vulnerabilities:
• 210 critical
• 1,854 high
• 1,786 medium
• 48 low
The analyst is unsure how to handle such a large-scale remediation effort. Which of the following would be the next logical step?
A. Identify the assets with a high value and remediate all vulnerabilities on those hosts. B. Perform remediation activities for all critical and high vulnerabilities first. C. Perform a risk calculation to determine the probability and magnitude of exposure. D. Identify the vulnerabilities that affect the most systems and remediate them first.
Which of the following is a reason to take a DevSecOps approach to a software assurance program? A. To find and fix security vulnerabilities earlier in the development process B. To speed up user acceptance testing in order to deliver the code to production faster C. To separate continuous integration from continuous development in the SDLC D. To increase the number of security-related bug fixes worked on by developers.
Which of the following digital-forensics techniques is the analyst using?
A. Reviewing the file hash B. Debugging the binary file C. Implementing file carving D. Verifying the file type E. Utilizing reverse engineering
A security analyst for a large pharmaceutical company was given credentials from a threat intelligence resources organization for internal users, which contain usernames and valid passwords for company accounts. Which of the following is the first action the analyst should take as part of security operations monitoring?
A. Run scheduled antivirus scans on all employees’ machines to look for malicious processes. B. Reimage the machines of all users within the group in case of a malware infection. C. Change all the user passwords to ensure the malicious actors cannot use them. D. Search the event logs for event identifiers that indicate Mimikatz was used.
Which of the following weaknesses associated with common SCADA systems are the MOST critical for organizations to address architecturally within their networks? (Choose two.)
A. Boot processes that are neither measured nor attested B. Legacy and unpatchable systems software C. Unnecessary open ports and protocols D. No OS kernel mandatory access controls E. Unauthenticated commands F. Insecure filesystem permissions.
Choose one A. Reconfigure the device to support only connections leveraging TLSv1.2. B. Obtain a new self-signed certificate and select AES as the hashing algorithm. C. Replace the existing certificate with a certificate that uses only MDS for signing. D. Use only signed certificates with cryptographically secure certificate sources.
Choose one A. UDP ANY ANY ANY 20 Deny B. UDP ANY ANY 69 69 Deny C. UDP ANY ANY 67 68 Deny D. UDP ANY ANY ANY 69 Deny E. UDP ANY ANY ANY 69 Deny.
A consumer credit card database was compromised, and multiple representatives are unable to review the appropriate customer information. Which of the following should the cybersecurity analyst do first? Choose ONE
A. Start the containment effort. B. Confirm the incident. C. Notify local law enforcement officials. D. Inform the senior management team.
A. Reverse engineering using a debugger B. A static analysis vulnerability scan C. A passive vulnerability scan D. A database vulnerability scan.
A. A XSS vulnerability B. An HTTP response split vulnerability C. A credential bypass vulnerability D. A carriage-return, line-feed vulnerability.
As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO’s concerns, the assessor will most likely focus on: A. qualitative probabilities. B. quantitative probabilities. C. qualitative magnitude. D. quantitative magnitude.
A manufacturing company has joined the information sharing and analysis center for its sector. As a benefit, the company will receive structured IoC data contributed by other members. Which of the following best describes the utility of this data? A. Other members will have visibility into instances of positive IoC identification within the manufacturing company’s corporate network. B. The manufacturing company will have access to relevant malware samples from all other manufacturing sector members. C. Other members will automatically adjust their security postures to defend the manufacturing company’s processes. D. The manufacturing company can ingest the data and use tools to autogenerate security configurations for all of its infrastructure.
A large company wants to address frequent outages on critical systems with a secure configurations program. The Chief Information Security Officer (CISO) has asked the analysts to conduct research and make recommendations for a cost-effective solution with the least amount of disruption to the business. Which of the following would be the best way to achieve these goals?
A. Adopt the CIS security controls as a framework, apply configurations to all assets, and then notify asset owners of the change. B. Coordinate with asset owners to assess the impact of the CIS critical security controls, perform testing, and then implement across the enterprise. C. Recommend multiple security controls depending on business unit needs, and then apply configurations according to the organization’s risk tolerance. D. Ask asset owners which configurations they would like, compile the responses, and then present all options to the CISO for approval to implement.
A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IoC list for monitoring. Which of the following is the best suggestion for improving monitoring capabilities? A. Update the IPS and IDS with the latest rule sets from the provider. B. Create an automated script to update the IPS and IDS rule sets. C. Use an automated subscription to select threat feeds for IDS. D. Implement an automated malware solution on the IPS.
An application must pass a vulnerability assessment to move to the next gate. Consequently, any security issues that are found must be remediated prior to the next gate. Which of the following best describes the method for end-to-end vulnerability assessment? ma anunti daca esti de acord cu ce e aici.
A. Security regression testing B. Static analysis C. Dynamic analysis D. Stress testing.
An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?
A. Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner. B. Extract the server’s system timeline, verifying hashes and network connections during a certain time frame. C. Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame. D. Clone the server’s hard disk and extract all the binary files, comparing hash signatures with malware databases.