An organization has the following policies:
*Services must run on standard ports.
*Unneeded services must be disabled.
The organization has the following servers:
*192.168.10.1 - web server
*192.168.10.2 - database server
A security analyst runs a scan on the servers and sees the following output:
Which of the following actions should the analyst take? Disable HTTPS on 192.168.10.1.
Disable IIS on 192.168.10.1.
Disable DNS on 192.168.10.2.
Disable MSSQL on 192.168.10.2.
Disable SSH on both servers. Company A is m the process of merging with Company B As part of the merger, connectivity between the
ERP systems must be established so portent financial information can be shared between the two entitles.
Which of the following will establish a more automated approach to secure data transfers between the two
entities? Set up an FTP server that both companies can access and export the required financial data to a folder.
Set up a VPN between Company A and Company B. granting access only lo the ERPs within the
connection
Set up a PKI between Company A and Company B and Intermediate shared certificates between the two
entities
Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP
authentication to allow access. An organization has specific technical risk mitigation configurations that must be implemented before a new server can be approved for production. Several critical servers were recently deployed with the antivirus missing, unnecessary ports disabled, and insufficient password complexity.
Which of the following should the analyst recommend to prevent a recurrence of this risk exposure? Perform password-cracking attempts on all devices going into production
Perform an Nmap scan on all devices before they are released to production
Perform antivirus scans on all devices before they are approved for production
Perform automated security controls testing of expected configurations pnor to production. Which of the following is the BEST way to gather patch information on a specific server?
Event Viewer
Custom script
SCAP software
CI/CD. To validate local system-hardening requirements, which of the following types of vulnerability scans would
work BEST to verify the scanned device meets security policies?
SCAP
SAST
DAST
DACS. A customer notifies a security analyst that a web application is vulnerable to information disclosure The
analyst needs to indicate the seventy of the vulnerability based on its CVSS score, which the analyst needs to
calculate
When analyzing the vulnerability the analyst realizes that tor the attack to be successful, the Tomcat
configuration file must be modified Which of the following values should the security analyst choose when
evaluating the CVSS score?
Network
Physical
Adjacent
Local. A company's domain has been spoofed in numerous phishing campaigns. An analyst needs to determine why the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC. Upon review of the record, the analyst finds the following:
v=DMARC1; p=none; fo=0; rua=mailto:security@company.com; ruf=mailto:security@company.com; adkim=r; rf=afrf; ri=86400;
Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers? The DMARC record's DKIM alignment tag Is incorrectly configured.
The DMARC record's policy tag is incorrectly configured.
The DMARC record does not have an SPF alignment tag.
The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3. Which of the following is the software development process by which function, usability, and scenarios are
tested against a known set of base requirements?
Security regression testing
Code review
User acceptance testing
Stress testing. A security learn implemented a SCM as part for its security-monitoring program there is a requirement to
integrate a number of sources Into the SIEM to provide better context relative to the events being processed.
Which of the following B€ST describes the result the security learn hopes to accomplish by adding these
sources?
Data enrichment
Continuous integration
Machine learning
Workflow orchestration. Which of the following is MOST important when developing a threat hunting program? Understanding penetration testing techniques
Understanding how to build correlation rules within a SIEM
Understanding security software technologies
Understanding assets and categories of assets. The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often
submit, requests for new users at the last minute. causing the help desk to scramble to create accounts across
many different Interconnected systems. Which of the following solutions would work BEST to assist the help
desk with the onboarding and offboarding process while protecting the company's assets?
MFA
CASB
SSO
RBAC. A company recently experienced a breach of sensitive information that affects customers across multiple
geographical regions. Which of the following roles would be BEST suited to determine the breach notification
requirements?
Legal counsel
Chief Security Officer
Human resources
Law enforcement. An analyst receives artifacts from a recent Intrusion and is able to pull a domain, IP address, email address,
and software version. When of the following points of the Diamond Model of Intrusion Analysis does this
intelligence represent?
Infrastructure
Capabilities
Adversary
Victims. An organization implemented an extensive firewall access-control blocklist to prevent internal network ranges
from communicating with a list of IP addresses of known command-and-control domains A security analyst
wants to reduce the load on the firewall. Which of the following can the analyst implement to achieve similar
protection and reduce the load on the firewall?
A DLP system
DNS sinkholing
IP address allow list
An inline IDS. security analyst is reviewing WAF logs and notes requests against the corporate website are increasing and starting to impact the performance of the web server.
The security analyst queries the logs for requests that triggered an alert on the WAF but were not blocked. Which of the following possible TTP combinations might warrant further investigation? (Choose two.) (Select TWO).
Requests identified by a threat intelligence service with a bad reputation
Requests sent from the same IP address using different user agents
Requests blocked by the web server per the input sanitization
Failed log-in attempts against the web application
Requests sent by NICs with outdated firmware
Existence of HTTP/501 status codes generated to the same IP address. Which of the following organizational initiatives would be MOST impacted by data sovereignty issues?
Moving to a cloud-based environment
Migrating to locally hosted virtual servers
Implementing non-repudiation controls Encrypting local database queries
. A financial organization has offices located globally. Per the organization’s policies and procedures, all
executives who conduct Business overseas must have their mobile devices checked for malicious software or
evidence of tempering upon their return. The information security department oversees the process, and no
executive has had a device compromised. The Chief information Security Officer wants to Implement an
additional safeguard to protect the organization's data. Which of the following controls would work BEST to
protect the privacy of the data if a device is stolen?
Implement a mobile device wiping solution for use if a device is lost or stolen.
Install a DLP solution to track data now
Install an encryption solution on all mobile devices.
Train employees to report a lost or stolen laptop to the security department immediately. A security analyst is handling an incident in which ransomware has encrypted the disks of several company
workstations. Which of the following would work BEST to prevent this type of Incident in the future? Implement a UTM instead of a stateful firewall and enable gateway antivirus.
Back up the workstations to facilitate recovery and create a gold Image.
Establish a ransomware awareness program and implement secure and verifiable backups.
Virtualize all the endpoints with dairy snapshots of the virtual machines.
|