A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a
report with 2.450 pages. Which of the following would most likely decrease the number of false positives?
Manual validation
Penetration testing
A known-environment assessment
Credentialed scanning.
A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs
to be accessible when entenng www company com into the browser Additionally web pages require frequent
updates which are performed by a remote contractor Given the following output:
Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO). Uninstall the DNS service
Perform a vulnerability scan
Change the server's IP to a private IP address
Disable the Telnet service Block port 80 with the host-based firewall
Change the SSH port to a non-standard port.
After examine a header and footer file, a security analyst begins reconstructing files by scanning the raw data
bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?
Header analysis
File carving
Metadata analysis
Data recovery.
A security analyst is attempting to resolve an incident in which highly confidential company pricing
information was sent to clients. It appears this information was unintentionally sent by an employee who
attached it to public marketing material. Which of the following configuration changes would work BEST to
limit the risk of this incident being repeated? Add client addresses to the blocklist.
Update the DLP rules and metadata.
Sanitize the marketing material.
Update the insider threat procedures.
A vulnerability scanner has identified an out-of-support database software version running on a server. The
software update will take six to nine months to complete. The management team has agreed to a one-year
extended support contract with the software vendor. Which of the following BEST describes the risk treatment
in this scenario? The extended support mitigates any risk associated with the software.
The extended support contract changes this vulnerability finding to a false positive.
The company is transferring the risk for the vulnerability to the software vendor.
The company is accepting the inherent risk of the vulnerability.
A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability
scan was completed:
Which of the following options can the analyst conclude based on the provided output? The scanning vendor used robots to make the scanning job faster
The scanning job was successfully completed, and no vulnerabilities were detected
The scanning job did not successfully complete due to an out of scope error
The scanner executed a crawl process to discover pages to be assessed.
A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful
login attempts during a five-day period, the analyst produces the following report:
Which of the following BEST describes what the analyst Just found? Users 4 and 5 are using their credentials to transfer files to multiple servers.
Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In
the cloud.
An unauthorized user is using login credentials in a script.
A bot is running a brute-force attack in an attempt to log in to the domain.
Which of the following, BEST explains the function of TPM? To provide hardware-based security features using unique keys
To ensure platform confidentiality by storing security measurements
To improve management of the OS installation To implement encryption algorithms for hard drives.
During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came
from a suspicious IP address. Law enforcement requires access to a VoIP call
that originated from the suspicious IP address. Which of the following should the analyst use to accomplish
this task? Wireshark
iptables
Tcpdump
Netflow.
While reviewing system logs, a network administrator discovers the following entry:
psexec \\10.1.11.2 -u administrator -p testpw cmd.exe
Which of the following occurred?
An attempt was made to access a remote workstation.
The PsExec services failed to execute.
A remote shell failed to open.
A user was trying to download a password file from a remote system.
An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the
company recently purchased. Which of the following attack vectors is the vulnerability MOST likely
targeting?
SCADA
CAN bus
Modbus
IoT.
In response to an audit finding, a company's Chief Information Officer (CIO) instructed the security department to increase the security posture of the vulnerability management program. Currently, the company's vulnerability management program has the following attributes:
✑ It is unauthenticated.
✑ It is at the minimum interval specified by the audit framework.
✑ It only scans well-known ports.
Which of the following would BEST increase the security posture of the vulnerability management program? Expand the ports Being scanned lo Include al ports increase the scan interval to a number the business
win accept without causing service interruption. Enable authentication and perform credentialed scans
Expand the ports being scanned to Include all ports. Keep the scan interval at its current level Enable
authentication and perform credentialed scans.
Expand the ports being scanned to Include at ports increase the scan interval to a number the business
will accept without causing service Interruption. Continue unauthenticated scans.
Continue scanning the well-known ports increase the scan interval to a number the business will accept
without causing service Interruption. Enable authentication and perform credentialed scans.
A development team recently released a new version of a public-facing website for testing prior to production.
The development team is soliciting the help of various teams to validate the functionality of the website due to
its high visibility. Which of the following activities best describes the process the development team is
initiating? Static analysis
Stress testing
Code review
User acceptance testing.
During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of
a compromised machine. Which of the following actions should the analyst perform next to ensure the data
integrity of the evidence? Generate hashes for each file from the hard drive.
Create a chain of custody document.
Determine a timeline of events using correct time synchronization.
Keep the cloned hard drive in a safe place.
A company has alerted planning the implemented a vulnerability management procedure. However, to security
maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization.
Which of the following should be completed FIRST? A business Impact analysis
A system assessment
Communication of the risk factors
A risk identification process.
During an investigation, an analyst discovers the following rule in an executive's email client:
The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the
potential impact of this security incident? Check the server logs to evaluate which emails were sent to <someaddress@domain,com>.
Use the SIEM to correlate logging events from the email server and the domain server.
Remove the rule from the email client and change the password.
Recommend that the management team implement SPF and DKIM.
An organization has the following risk mitigation policies:
✑ Risks without compensating controls will be mitigated first if the risk value is greater than $50,000.
✑ Other risk mitigation will be prioritized based on risk value.
The following risks have been identified:
Which of the following is the ordei of priority for risk mitigation from highest to lowest? A80%/100k B20%/500k C50%/120k D40%/80k A, C, D, B B, C, D, A C, B, A, D C. D, A, B D, C, B, A.
A SIEM analyst receives an alert containing the following URL: filename../..././/././././..Which of the following BEST describes the attack? Password spraying
Buffer overflow
insecure object access
Directory traversal.
A systems administrator believes a user's workstation has been compromised. The workstation's performance
has been lagging significantly for the past several hours. The administrator runs the task list
/ v command and receives the following output:
Which of the following should a security analyst recognize as an indicator of compromise? dwm.exe being executed under the user context
The high usage of vscode. exe * 32
The abnormal behavior of paint.exe
svchost.exe being executed as SYSTEM.
A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence.
Which of the following types of media are most volatile and should be preserved? (Select two).
Memory cache
Registry file
SSD storage
Temporary filesystems
Packet decoding
Swap volume.
|
