FINAL

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

wo different organizations are merging and throughout the acquisition process, all data on the virtualized file server must be shared by the respective departments of both the organizations. These organizations consider data ownership to determine which of the following?

Which user will have access to which data

Ed, Barb, and Sophia are cybersecurity analysts in an XYZ company. The company is conducting a cybersecurity exercise designed to test the effectiveness of its security controls. For conducting the cybersecurity exercise, participants have been divided into different teams to perform different functions. The team led by Ed is responsible for facilitating the exercise and arbitrating rules disputes. Barb's team is responsible for securing the systems in the exercise environment and defending the systems against attacks. Sofia's team is conducting offensive operations and attempting to break into the systems protected by Barb's team. Which of the following terms best describes the role that Ed's team is playing in the exercise?

White team

Alex works as an application developer in an organization. He wants to prohibit software that is not expressly allowed by his organization's desktop management team from being installed on workstations. Which type of tool should Alex use to accomplish his task in the given scenario?

Whitelisting

Bob's manager has asked him to ensure that a compromised system has purged of the compromise. What is Bob's best course of action to ensure this?

Wipe and rebuild the compromised system.

Alice works as a security analyst in an organization. During her data acquisition process, she wants to copy a drive without modifying it even accidentally by the copying process. Which type of device should she use to ensure that this modification does not happen?

Write blocker

A vulnerability is discovered in an application. Before a patch is available, this vulnerability is used to gain access to sensitive data. What type of vulneraWhich of the following is not a purging activity? ability is being described in the given scenario?

Zero-day

Jake is building a forensic image of a compromised drive using the dd command with its default settings. He finds out that the imaging process is very slow. Which of the following flags should he adjust first to resolve the issue in the given scenario?

bs

Greg works as a cybersecurity analyst in an organization. He recently conducted an assessment of his organization's security controls and discovered a potential control gap that the organization does not use full-disk encryption on laptops. Which type of control gap exists in this scenario?

Preventive

Shelly works as a risk analyst in an organization. She is writing a document that describes the steps that incident response teams will follow on the basis of the first notice of a potential incident. Which type of document is she creating in the given scenario?

Procedure

Karen works as a security analyst in an organization. She is responding to a security incident that resulted from an intruder stealing files from a government agency. These files contained unencrypted information about protected critical infrastructure. In which of the following category, can Karen rate the information impact of this loss from intruder stealing?

Proprietary breach

Which of the following Open Web Application Security Project (OWASP) best practices is satisfied using TLS to protect application traffic?

Protect data

Which of the following activities applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques?

Purge

Asa works as a customer executive in an organization. She believes that her organization is using data, which was collected from customers for technical support, for commercial and marketing purposes without the customer's permission. Which principle is most likely being violated in the given scenario?

Purpose limitation

Harry is a security analyst for the ABC project. He is working with his project team to prioritize identified risks within the ABC project. He and his team are prioritizing risks for further analysis or action by assessing and combining the probability of the occurrence and impact of the risk by substituting subjective judgment for objective data. Which of the following is Harry performing in the given scenario?

Qualitative risk assessment

Taylor is reviewing the results of a security assessment and evaluating potential risk treatment strategies. To prioritize response actions, she uses cost-based metrics to identify the exposure factor of the weakness identified. Which of the following is she performing to review the results in the given scenario?

Quantitative risk assessment

In which format does the dd utility is used to clone drives?

RAW

Which of the following flaw types is an application that needs to take action on an object that may be sensitive to what is occurring or has occurred to that object?

Race condition

Rena works as an employee in a company. She is facing an issue that her system's screen becomes blank with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Rena's system?

Ransomware

Ed, Barb, and Sophia are cybersecurity analysts in the Golden Dome enterprise. The enterprise is conducting a cybersecurity exercise designed to test the effectiveness of its security controls. For conducting the cybersecurity exercise, participants have been divided into different teams to perform different functions. The team led by Ed is responsible for facilitating the exercise and arbitrating rules disputes. Barb's team is responsible for securing systems in the exercise environment and defending systems against attacks. Sofia's team is conducting offensive operations and attempting to break into systems protected by Barb's team. Which of the following terms best describes the role that Sofia's team playing in the exercise?

Red team

Curt is conducting a forensic analysis of a Windows system and needs to determine whether a program was set to run automatically. Which of the following locations should he check to determine the program setting given in the scenario?

Registry

A user is responding to a security incident and determines that an attacker is using the Internet on systems on the user's network to attack a third party. Which of the following containment approaches will prevent the user's system from being used by the attacker in the given scenario?

Removal

After observing an attacker on the wireless connection of a system, a user decides to detach the Internet connection entirely, leaving the system running but inaccessible from outside the quarantine VLAN. Which strategy is the user pursuing to accomplish his goals in the given scenario?

Removal

Jamie works as a security worker in an organization. After a major compromise in an organization, he needs to conduct a forensic examination of the compromised systems. Which containment method should Jamie use to ensure that he can fully investigate systems that were involved while minimizing the risk to his organization's other production systems?

Removal

Jen works as a Windows server administrator in an organization. She identified a missing patch on a Windows server that might allow an attacker to gain remote control of her system. After consulting with her manager, Jen applied the patch on the Windows server where the patch was missing. From a risk management perspective, what has she done by applying a patch in the given scenario?

Removed the vulnerability

Kathleen works as a project manager in an organization. She wants to build a public API for modern service-oriented architecture. Which of the following models is likely Kathleen's best choice to build this architect in the given scenario?

Representational State Transfer (REST)

Which of the following is not a purging activity?

Resetting a device to a factory state

Which of the following is a process of discovering the technological principles of a device, an object, or a system through analysis of its structure, function, and operation?

Reverse engineering

Which of the following actions is not a common activity during the recovery phase of an incident response process?

Reviewing accounts and adding new privileges

Grace works as a risk analyst in an organization. She recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. After considering a variety of approaches, including the expensive insurance policy for securing data, she decided not to take any additional action. Which of the following risk management strategies is being used by Grace in the given scenario?

Risk acceptance

James during a code review notices a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risks. So, the management has decided that the code will not be rewritten. The given scenario is an example of which of the following risk response techniques?

Risk acceptance

Rio is a risk manager for a large-scale company. The company recently evaluated the risks of mudslides in the Texas's region for the company's project. Due to these risks, the company determined that the cost of responding to risks is greater than the benefits of any controls, which the company could implement. So, as a risk manager, Rio chose not to take any action at this time. What risk strategy did Rio pursue in the given scenario?

Risk acceptance

A company is considering services it can successfully provide to its customers. One of the services, however, is deemed to be difficult to offer with a high Risk transferencedegree of certainty of success. The organization has decided not to offer the service because of the risk in offering the service and failing. What risk management technique is used in this scenario?

Risk avoidance

A company named HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would amplify distributed denial-of-service (DDoS) attacks. Which type of risk management strategy did this company pursue with its NTP services?

Risk avoidance

Sasha, the project manager of a computer networking project, is monitoring the performance of her project. She decides to change the project plan to eliminate risks to protect the objectives of the project. Which of the following strategies is she using for tackling the risk in the given scenario?

Risk avoidance

Jack works as a risk administrator for a company. He is concerned about the risk of phones which is introducing security risks to the network. However, many employees need these devices for their work. So, he decides to allow phones only if they meet specific security criteria. Which risk response technique is best for him to implement?

Risk mitigation

Sasha recently implemented an intrusion prevention system, which is designed to block common network attacks from affecting her organization. Which type of risk management strategy is she pursuing on the system in the given scenario?

Risk mitigation

In dealing with risks, which response is accomplished when an organization purchases insurance to protect the income when a disaster or threat is realized?

Risk transfer

After conducting a qualitative risk assessment of her organization, Sia recommends purchasing a cybersecurity breach insurance policy. What type of risk response behavior is she recommending to her organization in the given scenario?

Risk transference

Ria works as a cybersecurity analyst in an organization. She recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. After installing the web application firewall, she was worried about risks that are not addressed by the firewall and considered purchasing an insurance policy to cover those risks. Which of the following risk management strategies is being used by Ria to control the risk in the given scenario?

Risk transference

Which of the following is unauthorized equipment that is attached to a network or assets which create a side channel for an attack?

Rogue hardware

Which of the following pieces of information is most critical to conduct a solid incident recovery effort?

Root cause of an attack

Monica, a security administrator, wants to use a tool that will aggregate log and event data from the virtual and real networks, applications, and systems and also provides real-time reporting and alerting on information or events that may require intervention or other types of response. Which tool should she use in the given scenario?

SIEM

Kieran is evaluating forensic tools and would like to consider the use of an open source forensic suite. Which of the following toolkits would best meet his needs?

SIFT

Sofia works as a security analyst in an organization. She suspects that a system in her datacenter may be sending beaconing traffic to a remote system. Which of the following is not a useful tool to verify Sofia's suspicions about sending traffic in a given scenario?

SNMP

Alex has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is a common method of monitoring network bandwidth usage? Each correct answer represents a complete solution. Choose all that apply.

SNMP Packet sniffing Flow

What are SNMP alert messages called?

SNMP traps

Which NIST publication contains guidance on cybersecurity incident handling?

SP 800-61

A U.S. company stores data in an EU datacenter and finds that it is now subject to the requirements of GDPR. This is an example of __________.

data sovereignty

Sam works as a cybersecurity analyst for a company. He wants to make a full copy of an image for forensics use. Which of the following command utilities would he use to achieve the given task?

dd

Which of the following Linux commands will show a user how much disk space is in use?

df

Which of the following commands is not useful for monitoring memory usage in Linux?

df

Which of the following tools may be used to isolate attackers so that they may not cause damage to production systems but may still be observed by cybersecurity analysts?

Sandbox

Which of the following is an act of permanently removing all the data from a storage device?

Sanitization

Which law requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results?

Sarbanes-Oxley

Which law governs the financial records of publicly traded companies?

Sarbanes-Oxley Act

Which of the following activities does CompTIA classify as part of the recovery validation effort?

Scanning

Alex works for an organization that classifies security-related events using the National Institute of Standards and Technology's (NIST's) standard definitions. Which classification should Alex use when he discovers keylogging software on one of his executive's laptops?

Security incident

Alice works as a cybersecurity analyst in an organization. She is responding to a cybersecurity incident and notices a system that she suspects is compromised. She places the system on a quarantine VLAN with limited access to other networked systems. Which containment strategy is Alice pursuing in the given scenario?

Segmentation

As part of her post-incident recovery process, Alicia created a separate virtual network, as shown in the figure, to contain compromised systems she needs to investigate. Which containment technique is Alicia using in the given scenario?

Segmentation

As part of his incident response program, Allan is designing a playcourse for zero-day threats. Which of the following should be in his plan to handle these threats? Each correct answer represents a complete solution. Choose all that apply.

Segmentation Using threat intelligence Whitelisting

Jordan is a network administrator who wants to specify which systems can send email messages through his company's mail servers. Which of the following will help him in accomplishing the given task?

Sender Policy Framework (SPF)

Susan is building an incident response program and intends to implement the National Institute of Standards and Technology's (NIST's) recommended actions to improve the effectiveness of incident analysis. Which of the following actions is not a NIST's recommended incident analysis improvement?

Set system BIOS clocks regularly.

Lisa is following the CompTIA process for validation after a compromise. Which of the following activities should be included in the validation phase?

Setting permissions

Which of the following is not a common use of formal incident reports?

Sharing with other organizations

During a forensic investigation, Shelly is told to look for information in the slack space on a drive. Where should she look and what is she likely to find?

She should look at the unused space left when a file is written and find file fragments from deleted files.

File carving is used to find file remnants found in clusters on disks that have been only partially rewritten by new files. Which of the following is the technical term for the location of these files in the given scenario?

Slack

Susan works as a senior software developer in an organization. Her team has been writing code for a major project for a year and recently released its third version of this code. During a post-implementation regression test, an issue that was originally seen in version 1 reappeared. Which of the following should Susan implement to avoid this issue in the future?

Source control management

Sia needs to deploy a solution that allows her to consolidate the logs for easier analysis. Which tool should she use?

Splunk

Allan works as a cybersecurity analyst in an organization. He is writing a document that lists acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. Which of the following types of documents is Allan writing?

Standard

A company wants to implement security during the software development lifecycle (SDLC) process. To achieve this task, the company wants to employ a method that detects weaknesses in an application before execution. Which code analysis method provides the feature mentioned in the given scenario?

Static

The Open Web Application Security Project (OWASP) maintains an application called Orizon. This application reviews Java classes and identifies potential security flaws. What type of tool describes the referred application?

Static code analyzer

During a testing process, Tiffany, a network administrator, slowly increases the number of connections to an application until it fails. Which of the following testing processes is Tiffany performing?

Stress

Jennifer's team has completed the initial phases of their incident response process and is assessing the time required to recover from an incident. The team has determined that they can predict the time to recovery but will require additional resources. This determination represents which of the following NIST recoverability effort categories?

Supplemented

Sam needs to deploy a tool that includes resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Which tool should Sam use?

Sysinternals

A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and the production is affected. Which of the following sources would the technician use to evaluate which services were disabled?

Syslog

Which of the following issues makes both the cloud and virtualized environments more difficult to perform forensics?

Systems may be ephemeral.

A user wants to detect a denial-of-service attack against his web server. Which of the following tools should the user avoid?

iPerf

Lauren works as a security officer for an organization. From a security point of view, she wants to ensure that devices, systems, or spaces are not accessed while she is not available in the office. Which of the following should Lauren use to achieve the task in the given scenario?

Tamper-proof seal

Susan, a network administrator in an organization, needs to capture network traffic from a Linux server that does not use a graphical user interface (GUI). She decided to use a utility that is found on many Linux systems and works from the command line. Which of the following packet capture utilities can Susan use in the given scenario?

Tcpdump

Rose, a security administrator, implements screen savers that lock the PC after five minutes of inactivity to prevent unauthorized access to the PC. Which of the following controls is being used to achieve the given implementation?

Technical

Rosy wants to implement a security control to monitor and prevent threats and attacks to computer systems and services. Which of the following security controls should she implement to accomplish the given task?

Technical

Tina, a network administrator in an organization, is creating a set of firewall rules designed to block denial-of-service attacks from entering her organization's network. Which type of control is Tina creating in the given scenario?

Technical

During which phase of the software development life cycle (SDLC) model does UAT occur?

Testing and integration

Mike works as a security analyst in an organization. While reviewing a Wireshark traffic capture, he discovers the following information. Figure A: Snapshot of a Wireshark traffic capture Which of the following details did Mike get to know about a user's device based on this TCP stream in the given scenario?

The device is a Samsung SM-N950U.

Susan works as a network administrator in an organization. While observing a router via network flows, she sees a sudden drop in network traffic levels to zero and the traffic chart shows a flat line. What has likely happened in the given scenario?

The monitored link failed.

Brian works in an XYZ organization. His network suddenly stops working at 8:40 AM, interrupting video conferences, streaming, and other services throughout his organization, and then resumes functioning. When Brian logs into his Paessler Router Traffic Grapher (PRTG) console and checks his router's traffic via the primary connection's redundant network link, he sees the following graph. What should Brian presume occurred based on the given information shown in figure A?

The primary link went down and he should check the secondary link for traffic.

Which of the following would not normally be found in an organization's information security policy?

The requirement to use Advanced Encryption Standard-256 encryption

Which of the following statements are true of proper compensating controls? Each correct answer represents a complete solution. Choose all that apply.

They must meet the intent and rigor of the original requirement. They must provide a similar level of defense as the original requirement. They must be "above and beyond" other PCI DSS procedures.

Jason, a data analyst of an XYZ company, has to provide crucial details of their customers to his manager via an email message. Accidentally, he sent this email to one of their business partners, adversely impacting the confidentiality and integrity of the information of XYZ's sensitive information. Which of the following defines the situation mentioned in the given scenario?

Threats

In which tier of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, risk management practices are approved by management but may not be established as an organization-wide policy?

Tier 2

Dylan is an IT consultant brought in to assess the maturity of risk management practices at an organization using the National Institute for Standards and Technology (NIST) cybersecurity framework. During his evaluation, he determines that the organization does use an organization-wide approach to manage cybersecurity risk but that it does not use risk informed policies, processes, and procedures to address potential cybersecurity events. In which tier of the NIST cybersecurity framework does this organization's risk management approach reside?

Tier 3: Repeatable

Rob works as a cybersecurity analyst in an organization. While studying his organization's risk management process under the NIST Cybersecurity Framework, he determines that his organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. Which of the following tiers his organization positioned to meet cybersecurity objectives in the given scenario?

Tier 4

Jeff works as a forensic analyst. He investigates a compromised system and knows that the first event was reported on October 5th. He needs to map other events found in logs and files to this date. Which forensic tool capability should he use to accomplish his task in the given scenario?

Timeline

Forensic suites typically build in ___________ that can match log entries to other forensic information, but specialized logs may require additional tools.

log viewers

Which of the following data protection techniques is reversible when conducted properly?

Tokenization

Which of the following obfuscation methods replaces sensitive values with a unique identifier using a lookup table?

Tokenization

Which of the following U.S. government classification levels requires the highest degree of security control?

Top Secret

You have been hired as a security consultant for an organization that does contract work for the U.S. Department of Defense (DoD). You must ensure that all data that is part of the contract work is categorized appropriately. What is the highest degree of data protection category you can use in the given scenario?

Top Secret

Rex, a security administrator, wants to identify irregular or unexpected behavior in network traffic communication patterns. Which of the following security analysis techniques should he perform?

Traffic analysis

Charles works as a network analyst in an organization. He is reviewing flow logs for his organization and notices that traffic witnessed a 20 percent increase on the second Thursday of each month after which the traffic returns to normal. Which type of analysis is Charles conducting in the given scenario?

Trend

James, a security analyst in an organization, wants to monitor a Linux system's filesystem for unauthorized changes. Which open source tool can he use to perform this task in the given scenario?

Tripwire

Which of the following is a chip built into a system to secure hardware through integrated cryptographic keys?

Trusted Platform Module

Which of the following processes checks to ensure that the functionality of an application or software meets customer needs?

UAT

Which of the following test types involves an evaluation of an application by end users?

UAT

Alaina works as a network administrator in an organization. She wants to deploy a tool that can monitor the behavior of users and can detect anomalous behavior to determine if a security incident has occurred. Which type of tool should Aliana acquire for monitoring in the given scenario?

UEBA

Which technology takes user behavior into account when making security determinations?

UEBA

Which of the following is not a potential issue with live imaging of a system?

Unallocated space will be captured.

Which of the following issues is the fuzz testing methodology most likely to detect?

Unvalidated inputs

Mika wants to analyze the contents of a drive without causing any changes to the drive. Which method is best suited to ensure this?

Use a write blocker.

Which of the following options is not a valid way to check the status of a service in Windows?

Use service --status at the command line.

If SLE of a specific risk is $25,000 and ARO occurs once every four years, then what will be its ALE?

$6,250

Which of the following grep flags only shows lines that do not contain any regular expression?

-v

Elaine works as an application developer in an organization. She wants to check for user logins on her organization's Linux system. Which of the following log location should she check first in the system to achieve her task?

/var/log/auth.log

Aziz works as a website administrator in an organization. He is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He is assessing the risk of an SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year. According to the given scenario, what is ARO?

0.05

Harry works as a website administrator for a firm. He is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 in fines against his firm. According to the given scenario, what is the exposure factor (EF)?

100 percent

Jim is considering locating a new business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region and determines that the area he is considering suffers from flood plain twice a year. What is the ARO of a flood in this area?

2.0

Which ISO standard applies to information security management controls?

27001

Which of the following International Organization of Standardization (ISO) standards mandates requirements that define how to implement, monitor, maintain, and continually improve an information security management system?

27001

Joy works as a website administrator in a firm. He is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 in fines against his firm. According to the given scenario, what is the AV?

500,000

Sia works as a website administrator in an organization. She is responsible for the administration of an e-commerce website that generates $300,000 per day in revenue for the organization. The website uses a database that contains sensitive information about the organization's customers. She expects that a compromise of that database would result in $700,000 in fines against the organization. According to the given scenario, what is the SLE?

700,000

During a forensic investigation, Shawn discovers that he needs to recover encrypted data from live memory. If he is having the encryption key, he needs a tool to recover data. Which of the following tools is being referred to in the given scenario?

Volatility

Jennifer works as a forensics analyst. She wants to perform memory analysis and forensics for Windows, macOS, and Linux systems. Which of the following is best suited to Jennifer to accomplish her task in the given scenario?

Volatility Framework

Which tool is not used to generate the hash of a forensic copy?

AES

Which of the following options represents the ALE calculation?

ALE = SLE * ARO

Which policy should contain provisions for removing user access upon termination?

Account management

Which form of monitoring involves the injection of packets into communications to measure the performance of various elements in a network?

Active

In the National Institute of Standards and Technology (NIST) Cybersecurity Framework tiers, which of the following framework implementation tiers is labeled Tier 4?

Adaptive

What is the purpose of creating an MD5 hash for a drive during the forensic imaging process?

All of these

Which of the following is the major component of reports?

All of these

Tim works in the forensic department of an organization. During a forensic investigation, Tim discovers a program called Eraser installed on an employee's system. What should Tim expect to find as part of his investigation in the given scenario?

Antiforensic activities

Which forensic issue does the presence of a program like CCleaner indicate?

Antiforensic activities

Renee works as a security analyst in a company. She is responding to a security incident that resulted in the unavailability of a website critical to her company's operations. She is unsure of the amount of time and effort that it will take to recover the website. How should Renee classify the recoverability effort in the given scenario?

As extended

Joseph works in the security analysis team at XYZ Inc. He was reviewing a business document and identifies the cost linked to major business interruption, such as expected loss of earnings, potential fines, and potential consequences to customer service. Which of the following documents is Joseph reviewing in the given scenario?

BIA

Ryan's organization allows employees to bring personally owned devices and connect them to the organization's network. Which approach is Ryan's organization using?

BYOD

Cynthia wants to build scripts to detect malware beaconing behavior. Which of the following is not a means of identifying malware beaconing behavior for building scripts on a network?

Beacon protocol

Avika works as a network administrator in an organization. She has been asked to identify unexpected traffic on her organization's network. Which of the following is not a technique that she should use to accomplish her task in the given scenario?

Beaconing

Which of the following is an activity sent to a command and control (C&C) system as part of a botnet or a malware remote control system?

Beaconing

Which of the following terms describes a system sending heartbeat traffic to a botnet command and a control server?

Beaconing

Sayed works as a data analyst in an organization. He manages Windows workstations and is planning to prohibit a variety of files, including games, from being installed on these workstations. Which of the following tools or applications can allow Sayed to achieve his task in the given scenario?

Blacklisting

Which of the following teams is a defender who secures systems and networks from attacks?

Blue

Ed, Barb, and Sophia are cybersecurity analysts in an ABC company. The company is conducting a cybersecurity exercise designed to test the effectiveness of its security controls. For conducting the cybersecurity exercise, participants have been divided into different teams to perform different functions. The team led by Ed is responsible for facilitating the exercise and arbitrating rules disputes. Barb's team is responsible for securing the systems in the exercise environment and defending systems against attacks. Sofia's team is conducting offensive operations and attempting to break into the systems protected by Barb's team. Which of the following terms best describes the role that Barb's team is playing in the exercise?

Blue team

Which of the following is an example of an attrition attack?

Brute-force password attack

Which type of attack is typically associated with the strcpy function?

Buffer overflow

Carla is performing a penetration test of a web application and wants to use a software package that allows her to modify requests being sent from her system to a remote web server. Which of the following tools would meet Carla's needs? Each correct answer represents a complete solution. Choose all that apply.

Burp ZAP Tamper Data

Matt works as a security analyst in an organization. He is building a device and wants to prevent attackers from capturing data by directly connecting to the hardware communications components of the device. Which technique should Matt use to make sure that communications between the processor and other chips are not vulnerable?

Bus encryption

Jim works as a cybersecurity analyst in an organization. He notices a high number of SQL injection attacks against a web application run by his organization and installs a web application firewall to block many of these attacks before they reach the web server. How has Jim altered the severity of the risk of these attacks reaching the server in the given scenario?

By reducing the probability

Which of the following ESA frameworks was created by ISACA and provides a structure for IT management and governance?

COBIT

Susan has been asked to capture forensic data from a Windows PC and needs to ensure that she captures this data in their order of volatility. Which order is correct from most volatile to least volatile?

CPU cache > network traffic > disk drives > optical media

Which of the following terms is a fun way to achieve training objectives?

Capture the flag

Juan works in an investigation department. He gathers the evidence that can be used in court to convict persons of crimes. Which of the following is used to address the reliability and credibility of the evidence?

Chain of custody

Robert is finishing a draft of a proposed incident response policy for his organization by signing the policy. Which of the following is the appropriate role of Robert to accomplish his task in the given scenario?

Chief executive officer

Which of the following properly lists sanitization descriptions from least to most effective activities for media sanitization?

Clear > purge > destroy

Which type of security policy often serves as a backstop for issues not addressed in policies?

Code of conduct

After completing an incident response process and providing a final report to management, which step should Casey use to identify improvements in her incident response process?

Conduct a lessons-learned review.

Which of the following functions is not one of the five core security functions defined by the NIST Cybersecurity Framework?

Contain

The following figure signifies the concepts of virtualization vs. containerization: Figure A: Virtualization vs. containerization What is represented by the two question marks in the given figure?

Container engine and operating system

Tamara is a cybersecurity analyst for a private business that is suffering a security breach. She believes the attackers have compromised a database containing sensitive information. Which of the following activities should be Tamara's first priority?

Containment

During an incident response process, Susan heads to a compromised system and pulls its network cable. Which phase of the incident response process is Susan performing?

Containment, eradication, and recovery

During an incident response process, Susan plugs a system back into the network, allowing the system to normally access the network. Which phase of the incident response process is she performing in the given scenario?

Containment, eradication, and recovery

Which of the following phases of incident response involves active undertakings designed to minimize the damage that an attacker might cause?

Containment, eradication, and recovery

Which of the following phases of the incident response process would include measures designed to limit the damage caused by an ongoing breach?

Containment, eradication, and recovery

Every time Susan checks code into her organization's code repository, it is tested, validated, then if accepted it is immediately put into production. In which of the following methodologies is Susan operating?

Continuous delivery

Which element of the Control Objectives for Information and Related Technology (COBIT) framework contains the high-level requirements that an organization should implement to manage its information technology functions?

Control objectives

Which of the following statements is not true about compensating controls under PCI DSS?

Controls used to fulfill PCI DSS requirement that may be used to compensate for the absence of control needed to meet another requirement.

Which two files may contain encryption keys normally stored only in memory on a Windows system?

Core dumps and hibernation files

Which of the following is not an objective of the NIST Cybersecurity Framework?

Create specific technology requirements for an organization.

What is a function of the dd command in Linux?

Creating an image of a boot disk for duplication

Which of the following items is not typically found in corporate forensic kits?

Crime scene tape

An evidence investigation for a physical incident is going on an organization's premises. Which tool should be used by an organization's investigation team to isolate that premises while the investigation is underway?

Crime tape

NIST SP 800-61 identifies six outside parties with which an incident response team generally communicates. Which of the following represents those parties? Each correct answer represents a complete solution. Choose all that apply.

Customers, constituents, and media Internet service providers Law enforcement agencies

Betty works as a security administrator at XYZ Inc. Her network is being flooded by ICMP packets. She observes that these packets came from multiple different IP addresses. Which type of attack can be the result of such a situation?

DDoS

Ben wants guidance on grouping information into varying levels of sensitivity. He plans to use these groupings to assist with decisions related to the security controls that an organization will apply to storage devices containing that information. Which of the following policies is most likely to have relevant information for Ben's decision-making process?

Data classification

Tim works as a security analyst in an organization. He is assigned to add third-party threat data feeds to his organization's SIEM. Once his work is completed, he will spend time reviewing syslog data feeds to ensure that he contains the information that is needed for responses. Which of the following processes the analyst is performing in the given scenario?

Data enrichment

Mike's company recently suffered a security incident where they lost control of thousands of personal customer records. Many of these records were from projects that ended long ago and served no business purpose. Which type of policy, if followed, would have best limited the impact of the security incident in the given scenario?

Data retention

Which of the following policies would typically answer questions about when an organization should destroy records?

Data retention

Your organization enforces new data privacy laws, such as general data protection regulation (GDPR), which significantly restricts that information should be converted and stored in binary digital form. Which of the following concepts does this law encompass?

Data sovereignty

You work as a security assistant at XYZ company and asked to analyze malware dynamically on the company's web site. Which of the following tools will you use to achieve the given task?

Debugger

As part of his forensic investigation, Scott intends to make a forensic image of a network share that is mounted by the PC. What information will he be unable to capture during his investigation in the given scenario?

Deleted files

Jordan works as a network analyst in a company. His company follows the systems development life cycle (SDLC). He works with a network systems team on various features, wiring diagrams, and the layout of a new network to support the expansion of the headquarters building. Which phase of the SDLC is Jordan working on in the given scenario?

Design

Joe works as a cybersecurity analyst. He would like to determine the appropriate disposition of a flash drive, which is used to gather highly sensitive evidence during an incident response effort. He does not need to reuse the drive but wants to return it to its owner who is an outside contractor. Which is the appropriate disposition option Joe considered to use for performing the task in the given scenario?

Destroy

Which of the following is not an objective of the containment, eradication, and recovery phase of the incident response process?

Detect an incident in progress.

In which of the incident response process phase, does a CSIRT leader analyzes precursors and indicators?

Detection and analysis

Matt's incident response team has collected log information and is working on identifying attackers using that information. Which two stages of the NIST incident response process is his team working on in the given scenario? Each correct answer represents a complete solution. Choose two.

Detection and analysis Containment, eradication, and recovery

If users are performing forensic investigations on cloud services, it will be very challenging for them to preserve data. Which of the following tasks will users perform to overcome these challenges in the given scenario? Each correct answer represents a complete solution. Choose all that apply.

Determine what users' contract says about investigations. Determine what legal recourse users have with a vendor. Identify data that users needs and whether it is available via methods, which they or their organization controls.

Which of the following control types are designed to discourage an attacker?

Deterrent

Which of the following tools is used to convert machine language into assembly language?

Disassembler

Which of the following security activities is not normally a component of the operations and maintenance phase of the software development life cycle (SDLC)?

Disposition

During the analysis of a malware sample, John reviews malware files and binaries by executing them. Which type of analysis process did John perform in the given scenario?

Dynamic

Which incident response activity focuses on removing any artifacts of an incident that may remain on an organization's network?

Eradication

Mike, a forensic analyst, is looking for information about files that were changed on a Windows endpoint system. Which of the following is least likely to contain useful information for his investigation in the given scenario?

Event log

After reaching the office, Ron found a subpoena on his desk ordering him to appear in a law court. Which type of procedure should he use to determine appropriate next steps including the people he should consult and the technical process he should follow regarding the subpoena?

Evidence production

Jim is concerned to comply with the U.S. federal act covering student educational records. Jim is attempting to comply with which of the following acts in the given scenario?

FERPA

Joe, an investigator, wants to scan a hard drive to view the deleted communication. Which of the following tools should Joe use to accomplish the given task?

FTK

Which of the following approaches is an example of a formal code review process?

Fagan inspection

Juan, a security technician, is reviewing IDS log files. He investigated and found that many alerts for multicast packets from switches on a network were reported. After investigation, he discovers that this is a normal activity for the network. Which of the following best describes the result of his investigation?

False positive

Which type of testing focuses on inserting errors into the error handling process and path in an application?

Fault injection

Which of the following is the process of extracting data from a computer when that data has no associated file system metadata?

File carving

Your organization needs to install a device that will act as a filter and permits or denies data traffic, both incoming and outgoing, using a set of rules based on traffic content and traffic pattern. Which type of device security will help in accomplishing the task in the given scenario?

Firewall

Which of the following is an example of a logical control?

Firewall rule

Which type of network information should users capture to provide a report about how much traffic systems in their network are sent to remote systems?

Flow data

You've been asked to implement a policy that defines how retired hard drives are sanitized securely. Which of the following would be the least acceptable?

Format hard drives.

Which of the following is an example of a computer security incident?

Former employee crashes a server

Patricia is evaluating the security of an application developed within her organization. She would like to assess the application's security by supplying it with invalid inputs. Which technique is Patricia planning to use in the given scenario?

Fuzz testing

A cross-site scripting attack is an example of which type of threat vector?

Web

Chelsea recently accepted a new position as a cybersecurity analyst for a privately held bank and asked to design a cybersecurity program. Which of the following regulations will have the greatest impact on her cybersecurity program?

GLBA

Which of the following regulations imposes compliance obligations specifically upon financial institutions?

GLBA

A user is authoring a document that explains to system administrators that one way to comply with an organization's requirement is to encrypt all laptops. Which type of document is the user authoring?

Guideline

Which of the following security policy framework components does not contain mandatory instructions for individuals in the organization?

Guideline

Suzanne is the chief information security officer (CISO) at a major non-profit hospital group and is given the responsibility to handle medical records. Which of the following regulations most directly covers the way she uses to handle these medical records?

HIPAA

Which law creates cybersecurity obligations for healthcare providers and others in the health industry?

HIPAA

Kevin is an internal auditor at a major retailer and would like to ensure that the information contained in audit logs is not changed after it is created. Which one of the following would best meet his goal?

Hashing

Which of the following techniques uses a one-way cryptographic function to create a digest of original data?

Hashing

You work as a network administrator for a company. Your company asks you to analyze the traffic of layer 7 of the OSI model between a web client and a web server. Which of the following will you use to accomplish the given task?

Web application firewall

Charles is building an incident response playcourse for his organization that will address command and control (C&C) client-server traffic detection and response. Which of the following information sources is least likely to be part of his playcourse?

Honeypot's data

While reviewing the monthly Internet usage, Ann, a security analyst, noticed that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of an organization's acceptable use policy (AUP). Which of the following tools or technologies will work best for her to obtain more information on this traffic?

IDS logs

Roger is the chief information officer (CIO) for a midsize manufacturing firm. He recently returned from a meeting of the board of directors where he had an in-depth discussion about cybersecurity. One member of the board who is familiar with the International Organization for Standardization (ISO) standards in manufacturing quality control, asked if there was an ISO standard covering cybersecurity. Which standard is most relevant to the director's concern in the given scenario?

ISO 27001

Paul is researching models for providing guidance on best practices in the industry for implementing an information technology help desk. Which of the following standard frameworks should Paul use for this implementation?

ITIL

Rex works as a cybersecurity analyst in an organization. He has been asked to improve the delivery of IT services. Management requests him to follow the guidelines outlined in available frameworks. Which framework would Rex most likely use?

ITIL

Which of the following is not typically found in a cybersecurity incident report?

Identification of an attacker performing an attack

What strategy does the National Institute of Standards and Technology (NIST) suggest about identifying attackers during an incident response process?

Identifying attackers is not an important part of the incident response process

Roland received a security assessment report from a third-party assessor, which indicated that one of the organization's web applications is susceptible to the OAuth redirect attack vulnerability. Which type of attack would this vulnerability allow an attacker to wage?

Impersonation

Your organization is merged with another organization in legal jurisdiction and wants to improve its network security posture in ways that do not require additional resources to implement data isolation. Which of the following would be the best solution for improving the organization's network security?

Implementing network segmentation

Which of the following activities is not normally conducted during the recovery validation phase?

Implementing new firewall rules

As Lauren prepares her organization's security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via an awareness program?

Improper usage

Kathleen works as a data analyst in an organization. She needs to find data contained in memory but only has an image of an offline Windows system. Where does she have the best chance of recovering data she needs in the given scenario?

In %SystemRoot%\MEMORY.DMP

Alex, a technician in an organization, is conducting a forensic examination of a Windows system and wants to determine if an application was installed. Where can he find the Windows installer log files for a user named Jim?

In C:\Windows\Jim\AppData\Local\Temp

During an investigation, Jeff, a certified forensic examiner, is provided with a drive image created by an IT staff member and is asked to add it to his forensic case. If the case goes to court and Jeff's procedures are questioned, he can encounter an issue. Which of the following is the most important issue that Jeff can encounter?

Inability to certify the chain of custody

Who is the best facilitator for a post-incident lessons learned session?

Independent facilitator

Which of the following control models describes the five core activities associated with ITSM as service strategy, service design, service transition, service operation, and continual service improvement?

Information Technology Infrastructure Library (ITIL)

You suspect that few employees in your organization are sending confidential data outside of the organization via an email message, posing a threat to the organization. As a security administrator, which of the following will you implement to mitigate such threats?

Install a network-based DLP.

Alice works as a cybersecurity analyst in an organization. While monitoring, she confers with other team members and decides that even allowing limited access to other systems is an unacceptable risk and decides to prevent the quarantine VLAN from accessing any other systems by putting firewall rules in place that limit access to other enterprise systems to cut off an attack. Which strategy is Alice pursuing in the given scenario?

Isolation

Which of the following are characteristics of an information systems security audit? Each correct answer represents a complete solution. Choose all that apply

It is conducted on behalf of a third party. It results in a formal statement. It is conducted by internal groups.

Cheryl, a security analyst, has decided to use Wireshark for capturing and analyzing network data in a GUI. What advantages of Wireshark must be the reasons behind Cheryl's decision? Each correct answer represents a complete solution. Choose all that apply.

It provides detailed information about packets within a network. It is available for multiple platforms, such as Windows and Android.

Frederick works as an assistant manager in an organization. His organization has been informed that data must be preserved due to pending legal actions. What is this process of preserving data called?

Legal hold

Which of the following forensic tool capabilities preserves all forms of potentially relevant information when litigation is pending or reasonably anticipated?

Legal hold

Mark works as an incident team lead at XYZ Inc. Following the successful response to a data-leakage incident, he facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities. Which of the following he has facilitated in the given scenario?

Lessons learned report

Mark, a security analyst, wants to analyze an incident and determine actions that were taken during the analysis and steps needed to prevent a future occurrence. Which of the following will he use in the given scenario?

Lessons learned report

Jeff, an investigating officer, is investigating a system that is running malware, which encrypts its data on a drive. Which of the following processes should he use to have the best chance of viewing data in the given scenario?

Live imaging

Ryan is concerned about the possibility of a distributed denial-of-service attack against his organization's web portal. Which one of the following types of testing would best evaluate the portal's susceptibility to this type of attack in the given scenario?

Load

Which process is used to ensure that an application can handle very high numbers of concurrent users or sessions?

Load testing

Which of the following criteria is not normally used when evaluating the appropriateness of a cybersecurity incident containment strategy?

Log records generated by the strategy

Which of the following is not a commonly recommended best practice of the incident analysis process based on NIST's guidelines?

Maintain backups of every system and device.

During a forensic investigation Ben, a forensic analyst, asks Chris, another forensics expert, to sign off the actions he has taken. What is Ben doing by asking Chris to sign off in the given scenario?

Maintaining the chain of custody documentation

Which of the following data elements would not normally be included in an evidence log?

Malware signatures

Darren works as a risk analyst in an organization. For the security of his organization, he is updating the organization's risk management process. Which type of control is Darren creating by performing the task in the given scenario?

Managerial

Which of the following primary modes of data acquisition involves reviewing the content of the live and an unlocked phone and taking pictures and notes about what is found?

Manual access

What does the MAC address of a rogue device tells a user?

Manufacturer of the device

Which of the following is a component of the COBIT framework that allows a company to have its methods and processes assessed according to management best practices against a clear set of external benchmarks?

Maturity model

Ben is working in an IT services organization that uses the National Institute of Standards and Technology (NIST) functional impact categories to describe the impact of incidents. During a recent construction project, a contractor plugged a network device to the same switch twice, resulting in a network loop and taking down the organization's network for one-third of its users. Which functional impact category should Ben use to classify the event given in the scenario?

Medium

Ben, a security analyst in an organization, is working to classify the functional impact of an incident. The incident has disabled email services for approximately 30 percent of his organization's staff. According to the NIST scale, in which of the following categories should, Ben classify the functional impact of the incident in the given scenario?

Medium

Which phase of the Fagan inspection process identifies defects based on notes from the preparation phase?

Meeting

Which of the following tools does not provide real time drive capacity monitoring for Windows?

Microsoft Endpoint Configuration Manager

Bob recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. Which type of risk management strategy is he implementing in the given scenario?

Mitigation

Danielle works as a data analyst in an organization. As part of her job, she sets an alarm to notify her team via an email if her Windows server uses 80 percent of its memory and to send a text message if it reaches 90 percent utilization. Which of the following options represents the task performed by Danielle in the given scenario?

Monitoring threshold

Ashley is working with software developers to evaluate the security of an application they are upgrading. She is performing testing that slightly modifies the application code to help in identifying errors in code segments that might be infrequently used. Which type of testing is she performing in the given scenario?

Mutation testing

Which of the following technologies is suited to prevent wired rogue devices from connecting to a network?

NAC

Which utility will you use to connect and directly interact with a service?

Netcat

Which of the following protocols provides a common source of time information that allows the synchronizing of clocks throughout an enterprise?

Network Time Protocol (NTP)

When an organization handles sensitive data, it is required that the organization must apply a security control so that all employees working with that data are not able to share that information with unauthorized individuals. Which security control would best protect the integrity of data in the given scenario?

Nondisclosure agreement

Which of the following is an administrative control that can protect the confidentiality of sensitive information?

Nondisclosure agreement

Hank works as a security analyst in a company. He is responding to a security event where the CEO of his company had her laptop stolen. The laptop was encrypted but contained sensitive information about the company's employees. In which of the following NIST information impact categories, should Hank classify the impact of this security event?

None

Sondra works as a cybersecurity analyst. She determines that an attacker has gained access to a server containing critical business files and wishes to ensure that the attacker cannot delete those files. Which of the following strategies would meet Sondra's goal in the given scenario?

None of these

Eric leads a team of software developers and wants to help them in understanding the most important security issues in web application development. Which of the following sources would provide Eric with the most useful resource?

OWASP

Which of the following contractual obligations applies to merchants and service providers who work with credit card information?

PCI DSS

During their organization's incident response preparation, Charles and Linda are identifying critical information assets that an organization uses. Their organizational data sets include a list of customer names, addresses, phone numbers, and demographic information. By using which of the following should Charles and Linda classify this information?

PII

Testing and Integration start when the development stage is complete to make sure it conforms to the previous requirements of the SDLC

Pair programming

Precompiled SQL statements that only require variables for the input are an example of which type of application security control?

Parameterized queries

Kristen works as a software tester in an organization. She wants to implement a code review but has a distributed team that works in different shifts during the day. She also does not want to create any additional support load for her team with new development environment applications. Which type of review process will work best for Kristen's needs in the given scenario?

Pass-around

Which of the following monitoring methods relies on acquiring data about a network as traffic flows through a location on a network link?

Passive monitoring

Allen needs to evaluate, test, and deploy software updates. Which of the following management techniques will she use?

Patch

Which of the following three options are most likely to be used to handle a memory leak?

Patching, service restarts, and system reboots

Which Windows tool provides detailed information including information about USB host controllers, memory usage, and disk transfers?

Perfmon

Charles works as a security analyst in an organization. He is worried about users conducting SQL injection attacks. Which of the following solutions will best address Charles's concerns in the given scenario?

Performing user input validation

Which Domain-Based Message Authentication, Reporting, and Conformance (DMARC) tag includes a series of uniform resource identifiers (URIs) that lists where to send forensic feedback reports?

ruf=

A fire suppression system is an example of which type of control?

Physical

Catherine is working with an architect on the design of a new data center for her organization. She wants to design an intrusion alarm in the data center that will notify security personnel for an attempted break-in to the facility. Which type of control is she designing in the given scenario?

Physical

Chris works as a network administrator in an organization. He wants to use an active monitoring approach to test his network. Which of the following techniques is appropriate for Chris to test the network in the given scenario?

Pinging remote systems

Which of the following documents are the highest-level component of an organization's cybersecurity program?

Policies

Which of the following document types would outline the authority of CSIRT responding to an active security incident?

Policy

Which of the following documents must be approved by the CEO or an equivalent high-level executive?

Policy

Adam is performing an internal security assessment and wants to identify services running on servers. Which of the following will he use to identify services available on servers?

Port scan

A security administrator wants to manage both local and remote hosts together on a Windows system. Which of the following can a security administrator use to accomplish the given task?

PowerShell

Juan works as a network administrator in an organization. He wants to see a list of processes along with their CPU utilization in an interactive format. Which of the following built-in Linux commands should he use to accomplish his task in the given scenario?

top

Which protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered?

DKIM

A network administrator must install a device that will proactively stop outside attacks from reaching the LAN. Which of the following devices should a network administrator install in the given scenario?

Intrusion prevention system (IPS)

Tony and Mal are friends. Tony wants to check the digital signature of an encrypted email that he received from Mal. Which of the following keys does Tony need to verify that the email is from Mal?

Mal's public key

Tommy is a team leader of the computer security incident response team (CSIRT) for his organization and is responding to a newly discovered security incident. To respond to the incident, he is following step-by-step instructions that he might follow in the early hours of the response effort. Which of the following document is most likely to contain instructions mentioned in the above scenario?

Playcourse

During an incident response process, Cynthia conducts a lessons-learned review for project management improvement. Which phase of the incident response process is she performing in the given scenario?

Post-incident recovery

Dan is designing a segmented network that places systems with different levels of security requirements into different subnets with firewalls and other network security devices between them. In which phase of the incident response process is Dan working in the given scenario?

Preparation

During which phase of the incident response process will an organization implement cybersecurity defenses designed to reduce the likelihood of a security incident?

Preparation

What is the primary role of management in the incident response process?

Providing authority and resources required during a response

Ryan is a security tester in an XYZ organization. He needs to perform a web application vulnerability scanning. To achieve this scanning he requires some tools. Which tools will he use to accomplish the task?Each correct answer represents a complete solution. Choose all that apply.

W3AF Burp Suite

Susan works as a security analyst in an organization. She wants to use an email security protocol to determine the authenticity of an email. For security purposes, Susan wants to ensure that her organization's email server can determine if it should accept email from a sender. Which of the following options will help her to ensure the authenticity in the given scenario?

DMARC

Which of the following elements is not normally found in an incident response policy?

Procedures for rebuilding systems

A company has developed an application that is undergoing the testing process. According to the results of the testing process, some changes have been made to the application. The company now wishes to check whether or not the changes made in the application have caused a failure in the previously existing functionality. Which test should the company perform in the given scenario?

Regression

Haley, a security administrator, is planning to deploy a security update to an application provided by a third-party vendor. She installed a patch in a test environment and would like to determine whether applying the patch creates other issues. Which type of test can Haley run to best determine the impact of applying the patch in the given scenario?

Regression

You have implemented a security technique where an automated system generates random input data to test an application. Which of the following techniques have you implemented in the given scenario?

Fuzzing

Sam works as a software developer in an organization. He is working on a web application for its improvement. For the improvement of the web application, a major patch is released. After the release of the patch, Sam proceeds to run the security scanner against the web application to verify that it is still secure. Which of the following processes is Sam conducting in the given scenario?

Regression testing

During the Fagan code inspection, which stage can redirect to the planning stage?

Rework

Which of the following enables security personnel to take defensive actions more quickly by providing real-time or near-real-time analysis of security alerts generated by network hardware and applications?

SIEM

Which of the following concepts relies on a stack of security tools to collect data from a variety of security sources and then automatically respond to the sources?

SOAR

Which technology enables organizations to collect inputs monitored by the security operations team?

SOAR

Alan works as a security analyst in an organization. He is responsible for developing his organization's detection and analysis capabilities for identifying a security incident that is taking place. To detect potential security incidents he would like to purchase a system that can combine log records from multiple sources. Which type of system is best suited to meet Alan's security objective in the given scenario?

Security information and event management

Bruce is considering the acquisition of a software testing package that allows programmers to provide their source code as input. The package analyzes the code and identifies potential security issues without executing it. What type of analysis is Bruce performing in the given scenario?

Static analysis

A user is conducting software testing by reviewing the source code of an application. What type of software testing is the user conducting in the given scenario?

Static code analysis

Which phase of the Rapid Application Development (RAD) model focuses on the dataflow and interfaces between components?

Testing and turnover

Ian works as an application developer in an organization. He wants to view a report, which shows the current memory consumption of all data on his Linux systems and also wants to be able to read the report. Which of the following commands will help him to accomplish his task in the given scenario?

top | more

A user wants to review the syslog on a Linux system. Which directory should the user check to find it on most Linux distributions?

/var/log

Danielle's security team has found consistent evidence of system compromise for weeks with additional evidence pointing to systems, which the team is investigating. Despite her team's best efforts, Danielle has found that her team cannot seem to track down and completely remove the compromise. What type of attack is Danielle likely dealing with?

APT

As a chief information security officer (CISO) of her organization, Jennifer is working on an incident classification scheme and wants to make her design on the National Institute of Standards and Technology's (NIST's) definitions. Which of the following classification scheme should she use to describe users accessing a file that users are not authorized to view?

Adverse event

Sam works as a software developer at an XYZ company. For his current project, he wants to work in iterations of phases for the quality of the project with each iteration producing specific deliverable. Which of the following models will he use to accomplish this task?

Agile development

Which of the following are the major categories of security event indicators described by NIST 800-61? Each correct answer represents a complete solution. Choose all that apply.

Alerts from IDS, IPS, SIEM, AV, and other security systems Logs generated by systems, services, and applications Internal and external sources

A user executes the following command against the boot.log file. Which entries will this command return? grep -v error /var/log/boot.log

All lines without the string "error" in the lines

Megan works as a security analyst in an organization. She is trying to prevent impersonation attacks from impacting her company but receives the "No DMARC record found" error when she checks a frequent business partner's DNS information. Which of the following does she need to enable DMARC in the given scenario?

All of these.

A man-in-the-middle attack is an example of which type of threat vector?

Impersonation

Which of the following attacks includes an email purporting from a trusted coworker or manager?

Impersonation

During a web application test, Ben, an application developer, prepares a report for the issues reported during the testing of the application. He discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report in the given scenario?

Improper error handling

Ben works as a security analyst in an organization. His organization uses an IP reputation service to block outbound access to all sites that are flagged with a negative reputation score. Which of the following can be the consequences of this issue of negative reputation score in the given scenario?

Inadvertent blocking of sites due to false positives.

Gabby works as a software tester in an organization. She wants to insert the data into the response received from her web browser to a web application. She wants to easily make manual changes into the data sent from the web browser when she interacts with the website. Which type of tool should Gabby use to make these changes in the given scenario?

Interception proxy

Joseph works as a security analyst in an organization. While analyzing malware, Joseph notes that this malware has encrypted files. For security purposes, he instantly prevented the organization's main web application server from sharing files. Which type of impact has he noted in the given scenario?

Localized, immediate impact

Charleen's incident response team is fighting a rapidly spreading zero-day malware package on a system that silently installs a vulnerability via Adobe Flash when an email attachment is viewed through webmail. After identifying the compromised system, she determines that the system is beaconing to a group of fast flux DNS entries. Which of the following techniques is best suited to identify other infected systems?

Log DNS queries to identify compromised systems.

Mark is a cybersecurity analyst for a nonprofit company. He wants to begin a vulnerability scanning program for the company but does not have any available funds to purchase a tool. Which open source tool can he use at no cost in the given scenario?

OpenVAS

Chris works as a network administrator in an organization. He is reviewing proxy logs while monitoring for systems that are participating in a botnet. Which of the following types of data will he not be able to see in his proxy logs?

Packet payload

Jim is helping a software development team to integrate security reviews into their code review process. He would like to implement a real-time review technique. Which of the following approaches will help Jim to accomplish the given task in the given scenario?

Pair programming

Which of the following parties is not a target of external communications during an incident?

Perpetrator

Michelle is analyzing a Wireshark traffic capture and follows the TCP stream for the TIFF file download. What concern should she raise from the information displayed in the stream viewer?

The file is an executable file.

In which of the following categories, do workflow, reporting, and collaboration tools fit?

Threat and vulnerability management

What is the minimum tenure for retaining incident-handling records?

Three years


Kaugnay na mga set ng pag-aaral

Advanced Accounting 4315 Exam II Handouts FCs

View Set

Future Business Leaders of America History

View Set

Пробіжка по укр. мові

View Set

Quiz: Ch. 28: Face and Neck Injuries

View Set

AGRI 61 - Overview of extension (MOD 1)

View Set

EST 550 Environmental Impact Assessment

View Set

EF/UI: 10x: Quick Test - Grammar

View Set

Sudden Infant Death Syndrome (SIDS)

View Set

Chapter 12 Influences on Real Estate Values

View Set

NUR 2092 Pharmacology Ch 41 Drugs affecting the male reproductive system

View Set

Life - Life Insurance Policy Provisions, Options And Riders - Practice Questions

View Set