Page: 1
/ 29
Total 428 questions
Which of the following is the BEST way to gather patch information on a specific server?
- A. Event Viewer
- B. Custom script
- C. SCAP software
- D. CI/CD
Answer : C
Reference:
https://www.open-scap.org/features/standards
A security analyst reviews SIEM logs and discovers the following error event:
Which of the following environments does the analyst need to examine to continue troubleshooting the event?
- A. Proxy server
- B. SQL server
- C. Windows domain controller
- D. WAF appliance
- E. DNS server
Answer : C
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-client-krb-ap-err-modified-error
A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked. Which of the following methods would be MOST appropriate to use?
- A. The Cyber Kill Chain
- B. The MITRE ATT&CK framework
- C. An adversary capability model
- D. The Diamond Model of Intrusion Analysis
Answer : D
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future?
- A. Implement a UTM instead of a stateful firewall and enable gateway antivirus.
- B. Back up the workstations to facilitate recovery and create a gold image.
- C. Establish a ransomware awareness program and implement secure and verifiable backups.
- D. Virtualize all the endpoints with daily snapshots of the virtual machines.
Answer : C
A computer hardware manufacturer is developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one. Which of the following can the hardware manufacturer implement to prevent firmware downgrades?
- A. Encryption
- B. eFuse
- C. Secure Enclave
- D. Trusted execution
Answer : D
Reference:
https://www.chrislockard.net/posts/ios-android-code-protections/
An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application.
The working hypothesis is as follows:
✑ Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.
✑ The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.
✑ The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?
- A. Improving detection capabilities
- B. Bundling critical assets
- C. Profiling threat actors and activities
- D. Reducing the attack surface area
Answer : D
A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?
- A. Make sure the scan is credentialed, covers all hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.
- B. Make sure the scan is uncredentialed, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
- C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
- D. Make sure the scan is credentialed, uses a limited plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.
Answer : D
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
- A. DNSSEC
- B. DMARC
- C. STP
- D. S/IMAP
Answer : B
Reference:
https://dmarc.org/
A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with adware. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?
- A. Blacklist the hash in the next-generation antivirus system.
- B. Manually delete the file from each of the workstations.
- C. Remove administrative rights from all developer workstations.
- D. Block the download of the file via the web proxy.
Answer : A
A newly appointed Chief Information Security Officer has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
- A. Planning
- B. Continuous monitoring
- C. Risk response
- D. Risk analysis
- E. Oversight
Answer : C
Which of the following allows Secure Boot to be enabled?
- A. eFuse
- B. UEFI
- C. HSM
- D. PAM
Answer : C
A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?
- A. Implement UEM on all systems and deploy security software.
- B. Implement DLP on all workstations and block company data from being sent outside the company.
- C. Implement a CASB and prevent certain types of data from being downloaded to a workstation.
- D. Implement centralized monitoring and logging for all company systems.
Answer : B
A security analyst is reviewing a vulnerability scan report and notes the following finding:
As part of the detection and analysis procedures, which of the following should the analyst do NEXT?
- A. Patch or reimage the device to complete the recovery.
- B. Restart the antiviruses running processes.
- C. Isolate the host from the network to prevent exposure.
- D. Confirm the workstation's signatures against the most current signatures.
Answer : C
After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:
Which of the following is the BEST solution to mitigate this type of attack?
- A. Implement a better level of user input filters and content sanitization.
- B. Properly configure XML handlers so they do not process &ent parameters coming from user inputs.
- C. Use parameterized queries to avoid user inputs from being processed by the server.
- D. Escape user inputs using character encoding conjoined with whitelisting.
Answer : A
A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation recommendation?
- A. Use TLS for all data exchanges.
- B. Use effective authentication and authorization methods.
- C. Implement parameterized queries.
- D. Validate all incoming data.
Answer : B
30 days access 