Which of the following provides an automated approach to checking a system configuration? SCAP
CI/CD
OVAL
Scripting
SOAR.
During a company’s most recent incident, a vulnerability in custom software was exploited on an externally
facing server by an APT. The lessons-learned report noted the following:
• The development team used a new software language that was not supported by the security team's
automated assessment tools.
• During the deployment, the security assessment team was unfamiliar with the new language and struggled to
evaluate the software during advanced testing. Therefore, the vulnerability was not detected.
• The current IPS did not have effective signatures and policies in place to detect and prevent runtime attacks
on the new application.
To allow this new technology to be deployed securely going forward, which of the following will BEST
address these findings? (Choose two.) Train the security assessment team to evaluate the new language and verify that best practices for secure
coding have been followed
Work with the automated assessment-tool vendor to add support for the new language so these
vulnerabilities are discovered automatically
Contact the human resources department to hire new security team members who are already familiar
with the new language
Run the software on isolated systems so when they are compromised, the attacker cannot pivot to
adjacent systems
Instruct only the development team to document the remediation steps for this vulnerability
Outsource development and hosting of the applications in the new language to a third-party vendor so
the risk is transferred to that provider.
During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of
compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the
following, should the analyst use to extract human-readable content from the partition?
strings
head
fsstat
dd.
As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack
scenarios derived from the available threat intelligence information. After forming the basis of the scenario,
which of the following may the threat hunter construct to establish a framework for threat assessment?
Critical asset list
Threat vector
Attack profile
Hypothesis.
Which of the following types of controls defines placing an ACL on a file folder?
Technical control
Confidentiality control
Managerial control
Operational control.
A security analyst is reviewing the following server statistics:
Which of the following Is MOST likely occurring?
Race condition
Privilege escalation
Resource exhaustion
VM escape.
company's legal and accounting teams have decided it would be more cost-effective to offload the risks of
data storage to a third party. The IT management team has decided to implement a cloud model and has asked
the security team for recommendations. Which of the following will allow all data to be kept on the third-party
network?
VDI
SaaS
CASB
FaaS.
An organization wants to consolidate a number of security technologies throughout the organization and
standardize a workflow for identifying security issues prioritizing the severity and automating a response
Which of the following would best meet the organization's needs'? MaaS
SIEM
SOAR
CI/CD.
A company employee downloads an application from the internet. After the installation, the employee begins
experiencing noticeable performance issues, and files are appearing on the desktop.
Which of the following processes will the security analyst Identify as the MOST likely indicator of system
compromise given the processes running in Task Manager? Chrome.exe
Word.exe
Explorer.exe
mstsc.exe
taskmgr.exe.
Which of the following is a difference between SOAR and SCAP?
SOAR can be executed faster and with fewer false positives than SCAP because of advanced heuristics
SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more
limited in scope SOAR is less expensive because process and vulnerability remediation is more automated than what
SCAP does
SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security
analysts.
After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a
critical server was found with an outdated version of JBoss. A legacy application that is running depends on
that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise
and business disruption at the same time?
Make a backup of the server and update the JBoss server that is running on it.
Contact the vendor for the legacy application and request an updated version.
Create a proper DMZ for outdated components and segregate the JBoss server.
Apply visualization over the server, using the new platform to provide the JBoss service for the legacy
application as an external service.
A security engineer is reviewing security products that identify malicious actions by users as part of a
company's insider threat program. Which of the following is the most appropriate product category for this
purpose?
SCAP
SOAR
UEBA
WAF.
A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes
in order to locate unusual traffic patterns:
Which of the following source IP addresses does the analyst need to investigate further?
10.18.76.179
10.50.180.49
192.168.48.147
192.168.100.5.
A cybersecurity analyst is concerned about attacks that use advanced evasion techniques. Which of the
following would best mitigate such attacks? intre...IPS si PROXY....
Keeping IPS rules up to date
Installing a proxy server
Applying network segmentation
Updating the antivirus software.
An organization wants to implement a privileged access management solution to belter manage the use of
emergency and privileged service accounts Which of the following would BEST satisfy the organization's
goal?
Access control lists
Discretionary access controls
Policy-based access controls
Credential vaulting.
team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated.
Upon further investigation, the analysts believe confidential data was compromised. Which of the following
capabilities would BEST defend against this type of sensitive data exfiltration?
Deploy an edge firewall.
Implement DLP
Deploy EDR.
Encrypt the hard drives.
A manufacturing company uses a third-party service provider lor Tier 1 security support One of the
requirements is that the provider must only source talent from its own country due to geopolitical and national
security interests Which of the following can the manufacturing company implement to ensure the third-party
service provider meets this requirement?
Implement a secure supply chain program with governance
Implement blacklisting for IP addresses from outside the country
Implement strong authentication controls for all contractors
Implement user behavior analytics for key staff members.
During a review of the vulnerability scan results on a server, an information security analyst notices the
following:
The MOST appropriate action for the analyst to recommend to developers is to change the web server so:
It only accepts TLSvl 2
It only accepts cipher suites using AES and SHA
It no longer accepts the vulnerable cipher suites
SSL/TLS is offloaded to a WAF and load balancer.
The Chief information Officer of a large cloud software vendor reports that many employees are falling victim
to phishing emails because they appear to come from other employees. Which of the following would BEST prevent this issue Induce digital signatures on messages originating within the company.
Require users authenticate to the SMTP server
Implement DKIM to perform authentication that will prevent this Issue.
Set up an email analysis solution that looks for known malicious Iinks within the email.
An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the
company recently purchased. Which of the following attack vectors is the vulnerability MOST likely
targeting? SCADA
CAN bus
Modbus
loT.
|
