After a remote command execution incident occurred on a web server, a security analyst found the following
piece of code in an XML file:
Which of the following it the BEST solution to mitigate this type of attack?
Implement a better level of user input filters and content sanitization.
Property configure XML handlers so they do not process sent parameters coming from user inputs.
Use parameterized Queries to avoid user inputs horn being processed by the server.
Escape user inputs using character encoding conjoined with whitelisting. White reviewing incident reports from the previous night, a security analyst notices the corporate websites
were defaced with po mcai propaganda. Which of the following BEST Describes this type of actor?
Hacktivist
Nation-state
insider threat
Organized crime. Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection
and response?
To identify weaknesses in an organization's security posture
To identify likely attack scenarios within an organization
To build a business security plan for an organization
To build a network segmentation strategy. Which of the following BEST describes how logging and monitoring work when entering into a public cloud
relationship with a service provider?
Logging and monitoring are not needed in a public cloud environment
Logging and monitoring are done by the data owners
Logging and monitoring duties are specified in the SLA and contract
Logging and monitoring are done by the service provider. A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated
packet capture and TCP stream:
Winch of the following actions should the security analyst lake NEXT? Review the known Apache vulnerabilities to determine if a compromise actually occurred
Contact the application owner for connect example local tor additional information
Mark the alert as a false positive scan coming from an approved source.
Raise a request to the firewall team to block 203.0.113.15. An organization wants to move non-essential services into a cloud computing environment. The management
team has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following
cloud recovery strategies would work best to attain the desired outcome?
Duplicate all services in another instance and load balance between the instances.
Establish a hot site with active replication to another region within the same cloud provider.
Set up a warm disaster recovery site with the same cloud provider in a different region.
Configure the systems with a cold site at another cloud provider that can be used for failover. A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?
Directory traversal
SQL injection
Buffer overflow
Cross-site scripting. During an audit, several customer order forms were found to contain inconsistencies between the actual price
of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to
manipulation of the public-facing web form used by customers to order products. Which of the following
would be the best way to locate this issue? intre v23 si examtopics ultimele 2 raspunsuri sunt diferite #264 lumea zice static code scan.
Reduce the session timeout threshold
Deploy MFA for access to the web server.
Implement input validation.
Run a dynamic code analysis. Run a static code scan. . An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are
already in use Which of the following is the BEST option?
Require all remote employees to sign an NDA
Enforce geofencing to limit data accessibility
Require users to change their passwords more frequently
Update the AUP to restrict data sharing. A security analyst is reviewing the following Internet usage trend report:
Which of the following usernames should the security analyst investigate further? User1
User 2
User 3
User 4. An online gaming company was impacted by a ransomware attack. An employee opened an attachment that
was received via an SMS attack on a company-issue firewall. Which following actions would help during the
forensic analysis of the mobile device? (Select TWO).
Resetting the phone to factory settings
Rebooting the phone and installing the latest security updates
Documenting the respective chain of custody
Uninstalling any potentially unwanted programs Performing a memory dump of the mobile device for analysis
Unlocking the device by blowing the eFuse. Which of the following solutions is the BEST method to prevent unauthorized use of an API?
HTTPS
Geofencing
Rate liming
Authentication. A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive
and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that
was collected as evidence. Which of the following should the investigator do?
Insert the hard drive on a test computer and boot the computer.
Record the serial numbers of both hard drives.
Compare the file-directory "sting of both hard drives. Run a hash against the source and the destination. A security analyst is deploying a new application in the environment. The application needs to be integrated
with several existing applications that contain SPI Pnor to the deployment, the analyst should conduct:
a tabletop exercise
a business impact analysis
a PCI assessment
an application stress test. Which of the following is the best reason why organizations need operational security controls?
To supplement areas that other controls cannot address
To limit physical access to areas that contain sensitive data
To assess compliance automatically against a secure baseline
To prevent disclosure by potential insider threats. Which of the following BEST explains the function of a managerial control?
To help design and implement the security planning, program development, and maintenance of the
security life cycle
To guide the development of training, education, security awareness programs, and system maintenance
To create data classification, risk assessments, security control reviews, and contingency planning
To ensure tactical design, selection of technology to protect data, logical access reviews, and the
implementation of audit trails. Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the
best solution to improve the equipment's security posture?
Move the legacy systems behind a WAR
Implement an air gap for the legacy systems Place the legacy systems in the perimeter network.
Implement a VPN between the legacy systems and the local network. A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST
control to help prevent these attacks from being successful?
SIEM
IDS
MFA
TLS. A developer downloaded and attempted to install a file transfer application in which the installation package is
bundled with acKvare. The next-generation antivirus software prevented the file from executing, but it did not
remove the file from the device. Over the next few days, more developers tried to download and execute the
offending file. Which of the following changes should be made to the security tools to BEST remedy the
issue?
Blacklist the hash in the next-generation antivirus system.
Manually delete the file from each of the workstations. Remove administrative rights from all developer workstations.
Block the download of the fie via the web proxy.
|