A Windows server in your organization constantly runs at high CPU utilization, even when not handling heavy workloads. A security analyst suspects a system process might be the culprit. Which of the following tools would be most useful to identify the problematic process? Disk Cleanup Windows Defender Event Viewer Task Manager.
Your organization uses an on-premises network architecture and is considering integrating a Security Information and Event Management (SIEM) system. What would be the primary reason for this integration? To reduce the need for physical security. To automate patch management for all software. To centralize the collection and analysis of security alerts. To eliminate the need for an intrusion detection system.
A security analyst observed several instances of inconsistent timestamps in log files across multiple systems. This inconsistency is likely due to: Time zone settings in the systems are different. An issue with the NTP (Network Time Protocol) server. Incorrect audit policy settings. A compromise in system integrity.
What formal mechanism is designed to enhance the sharing of threat information and best practices among organizations by providing a standardized platform for industry-specific communities to exchange information about their common infrastructure? Cybersecurity Forums Information Security Organizations Information Sharing and Analysis Centers (ISACs) Industry Threat Networks.
Cybersecurity experts are working on classifying indicators of compromise (IOCs) based on the level of difficulty it would take for attackers to alter their methods and strategies. This categorization model aims to provide insights into the effort attackers need to adapt their tactics. What is the name of this model used for such classification purposes? Pyramid of Pain Pyramid of Protection Defense in Depth Model Threat Intelligence Framework.
What cybersecurity framework, designed by Mandiant (now part of FireEye), aims to facilitate the sharing and automated analysis of an attacker’s Tactics, Techniques, and Procedures (TTPs) and other indicators of compromise through a machine-readable format? STIX OpenIO TAXII Encryption.
A cybersecurity expert is concerned about the potential threats posed by incoming files and links. To bolster the organization’s defense, the expert is considering implementing a service that consolidates outcomes from various antivirus scanners and URL/domain blacklisting services. What is the name of the service that aligns with this description? Google Safe Browsing Cisco Talos Virus Total Reputation Center.
Nathan realizes a user has executed the following command on a Windows console:
psexec \10.0.11.1 -u Administrator -p examplepw cmd.exe
What has transpired? The user opened a command prompt as administrator on their workstation. The user opened an interactive command prompt as administrator on a remote workstation. The user opened a command prompt on the desktop of a remote workstation. The user opened a command prompt on their workstation.
While preparing for her certification exam, Carlos is learning about vulnerability scanning. Which principle should he be wary of to prevent causing disruptions within his organization? Avoid performing scans discreetly without informing the IT team. Only perform non-intrusive scans on live systems to prevent service disruption. Scan outside of crucial business times to prevent interruptions. Limit scan bandwidth to prevent overloading active network links.
Cruz identifies multiple logins for a consistent userID but with different passwords in his network’s authentication logs. What kind of attack is this indicative of? A security incident An adverse event An event An incident.
Dan identifies multiple logins for a consistent userID but with different passwords in his network’s authentication logs. What kind of attack is this indicative of? A password spraying attack. A session hijacking attack. An on-path (man-in-the-middle) attack. A credential stuffing attack.
Ben is drafting a management report on the outcomes of a recent vulnerability scan. To rank the results, which tool would be the most exhaustive in gauging the risk each vulnerability poses? Likelihood rating Impact rating CVSS score Confidentiality rating.
For a discreet Nmap scan of a distant network, which command would Dave use for the most unobtrusive method? nmap -P0 -sT 10.0.10.0/24 nmap -sT -T0 10.0.10.0/24 nmap -P0 -sS 10.0.10.0/24 nmap -P0 -sS -T0 10.0.10.0/24.
Identify the unique system engineered for rapid, delay-free processing of real-time information RFID RTOS SoC FPGA.
Why is a hash value generated for a drive during forensic imaging? To prove that the drive’s contents remained unchanged. To confirm that no data was removed from the drive. To ensure that no new files were added to the drive. All of the above.
After realizing that log sources from her company’s DC branch ceased reporting for a day, what type of alert should Carla set up for earlier detection next time? Availability Anomaly Behavior Heuristic.
Lou must inform his payment processing provider of a credit card data breach. What kind of notification is this? Reporting to regulators. Engaging with law enforcement. Communicating with customers. None of the options.
An organization has recently moved some of its workloads to a serverless architecture. A security analyst in the organization is tasked with implementing appropriate security measures. Which of the following is the most important security concern in a serverless environment? Physical server security. Patch management for server operating systems. Application-level security vulnerabilities. Network perimeter security.
You are a security Analyst tasked with hardening a new server that will host sensitive customer data. Which of the following actions should be your first step in this process? Installing an IPS. Disabling unnecessary services. Encrypting stored customer data. Conducting a vulnerability assessment.
An employee at your company is resistant to the implementation of Multifactor Authentication (MFA), arguing that it will be a hassle to use on a daily basis. Which of the following would be a beneficial feature of MFA that could help address his concern? MFA requires a fingerprint scan for every system login. MFA can be set to only prompt for additional authentication under certain conditions. MFA will automatically lock accounts after three failed login attempts. MFA prevents users from choosing their own passwords.
Which of the following is the most critical aspect to ensure when setting up log ingestion across multiple systems in a network? Making sure the log format is consistent across all systems. Time synchronization of the logs. Ensuring the logs are stored in a central location. Limiting access to log files to prevent unauthorized access. .
As a cybersecurity analyst, you are asked to implement a password-less authentication method that offers non-repudiation; which of the following should you consider? SMS-based One Time Password (OTP). Biometric Authentication. Email-based Authentication. A common password for all users.
As a Security Analyst, you perform a forensic analysis on a compromised Linux machine. You suspect a malicious script was executed on the system. Which file system locations are you most likely to find evidence of such script execution? /root /etc /var/log /bin.
Which of the following reasons correctly explains why containerization can be considered a critical aspect of modern hardware architecture in the context of cybersecurity? It reduces the need for monitoring by security teams. It allows for a single point of failure in the system. It encapsulates application and their dependencies into a self-contained unit. It encourages the use of legacy systems for security management. .
Your company is collaborating with several partners on a major project. Users need to access resources across organizational boundaries. Which approach should you recommend? Distributing a common password for all organizations. Implementing Single Sign-On (SSO) Federation. Requesting users to create separate accounts for each organization. Turning off all authentication mechanisms to ease access.
|
