Cysa Test 10

A security analyst is implementing a process to perform vulnerability management on an ОТ environment: • Systems must remain on an isolated network. • The process should focus on external threats. • No additional software can be deployed on the systems. • Transmitted packets cannot be modified or dropped. • Additional processing delays are not tolerated. Which of the following is the best way to securely meet the requirements?. Implement agentless sensors at the network edge. Use reverse engineering to detect flaws on the in-scope systems. Deploy an IPS In-line with the network traffic. Check the compatibility of an EDR agent with the OSs used on the ОТ environment.

A company wants to implement protection mechanisms after an incident in which customer information was sent to a third party. Which of the following tools should the company implement?. SIEM. EDR. CASB. DLP.

A security analyst discovers multiple log entries from a recently acquired tool that was bundled as a YUM package. Those entries point to attempts of privilege escalation. Which of the following Is the most likely explanation?. The package was modified during installation. The package was missing critical DLL files. The package got corrupted while being downloaded. The package was installed without a GPG check.

SQL injection. Directory brute force. Remote command execution. Cross-site scripting.

System B. System C. System D. System E. System A.

An analyst reviews the following web server log entries: %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd No attacks or malicious attempts have been discovered. Which of the following most likely describes what took place?. A SQL injection query took place to gather information from a sensitive file. A PHP injection was leveraged to ensure that the sensitive file could be accessed. Base64 was used to prevent the IPS from detecting the fully encoded string. Directory traversal was performed to obtain a sensitive file for further reconnaissance.

A security analyst IS comparing the results of the past and current active credentialed vulnerability scans: Past scan: Current scan: Which of the following should the analyst do next?. Try to avoid a data leak by immediately creating a self-signed TLS certificate to patch the NTP system. Inform management about the risk that the company’s assets will be used to perform attacks. Create a new entry on the risk register saying that all significant risks have been mitigated. Request an unauthenticated scan to confirm that vulnerabilities have been patched.

An application security analyst needs to test a web application for input validation vulnerabilities. The analyst does not have the source code and does not have documentation for the APIs. Which of the following techniques will best aid the analyst in vulnerability testing?. Fuzzing operation. Agentless scanning. Reverse engineering. Use of a SAST tool.

A security analyst investigates a malware alert from a critical system. The following information is present in the ticket: Which of the following should the analyst do first?. Block the suspicious IP address 128.210.175.23. Determine whether sssh is a malicious program. Delete the suspicious files. Review the Apache logs.

The website of a large retail chain is falling to enforce encrypted HTTPS connections, leaving customer account credentials exposed. Which of the following is the best corrective action for resolving this issue?. Remove any redirect settings of HTTP connections to HTTPS. Implement HTTP Strict Transport Security Headers. Install a self-signed certificate on the web server. Reduce the default timeout period for all web-based sessions.

During a routine review of DNS logs, a security analyst observes that Host X has been making frequent DNS requests to domains with random alphanumeric strings (e.g.. atd8ekthj.xyz). IPS anomaly rules are blocking these domains. This behavior started shortly after a new software Installation on the host. Which of the following should the analyst do first to determine whether Host X has been compromised?. Allow the domains because the DNS requests are part of a misconfigured software update. Check the software installation logs for errors and reinstall the software. Block all outbound connections from the host to prevent further DNS queries. Use threat intelligence to check if the queried domains are associated with legitimate sites.

To comply with regulatory requirements, the Chief Executive Officer (CEO) must lead the company through simulations to find which steps are missing m emergency situations or incident processes. Which of the following should the CEO do?. Implement the incident response plan. Leverage the appropriate playbook. Develop a business continuity plan. Perform a tabletop exercise.

A security analyst receives the following information about the company's systems. They need to prioritize which systems should be given the resources to improve security. Which of the following systems should the analyst remediate first?. Computer1. Server1. Computer2. Server2.

A company reports that user plain text credentials have been disclosed from their network. A security analyst is identifying the vulnerability and runs a scan to receive the following: Which of the following computers is the source of the leaked credentials?. 10.205.8.14. 10.205.8.15. 10.205.8.16. 10.205.8.17.

An incident responder is investigating a possible server data exfiltration incident with the intent to prosecute if necessary. The responder: • Captures live memory and an image of the drives. • Is given a copy of the firewall logs. • Pulls the drives from the server. Which of the following would most likely create an issue?. Lack of network capture. Chain of custody failure. Corrupt drives. Encrypted files.

A company discovers that its proprietary information is being sold on the dark web. A security analyst uses threat hunting to search for signs of compromise. After running a network packet capture tool, the analyst identifies millions of packets similar to the following: The analyst does not detect or identify any other abnormalities. Which of the following is most likely the malicious activity in this scenario?. An insider is using an IP command-and-control to sell proprietary information. A threat actor is performing exfiltration over an alternative protocol. A machine was infected with a virus that is trying to propagate. A hacktivist is conducting an ICMP DDoS attack against the company.

A security analyst is working on a suspicious email forwarded from a user. The email contains an attachment asking the user to open it. Which of the following should the security analyst review to best determine email authentication and its attack origin?. DMARC. SMTP. Joe Sandbox. URL rewriting.

When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project?. RADIUS. SDN. ZTNA. SWG.