Which of the following is the BEST way to gather patch information on a specific server?
Answer : C
Reference:
https://www.open-scap.org/features/standards
A security analyst reviews SIEM logs and discovers the following error event:
Which of the following environments does the analyst need to examine to continue troubleshooting the event?
Answer : C
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-client-krb-ap-err-modified-error
A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked. Which of the following methods would be MOST appropriate to use?
Answer : D
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future?
Answer : C
A computer hardware manufacturer is developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one. Which of the following can the hardware manufacturer implement to prevent firmware downgrades?
Answer : D
Reference:
https://www.chrislockard.net/posts/ios-android-code-protections/
An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application.
The working hypothesis is as follows:
✑ Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.
✑ The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.
✑ The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?
Answer : D
A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?
Answer : D
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
Answer : B
Reference:
https://dmarc.org/
A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with adware. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?
Answer : A
A newly appointed Chief Information Security Officer has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
Answer : C
Which of the following allows Secure Boot to be enabled?
Answer : C
A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?
Answer : B
A security analyst is reviewing a vulnerability scan report and notes the following finding:
As part of the detection and analysis procedures, which of the following should the analyst do NEXT?
Answer : C
After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:
Which of the following is the BEST solution to mitigate this type of attack?
Answer : A
A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation recommendation?
Answer : B