CySA+ missed
Which of the following are common indicators of compromise of unauthorized permission changes? (Select two.) After-hours access Installing new programs Failed logins Using an open port for remote access Opening new network ports
After-hours access Failed logins
The OWASP Top 10 is an important list of application security vulnerabilities given in order of importance. The following on the left are among the top five vulnerabilities on the list (as of 2021). Drag each OWASP Top 10 vulnerability on the left to its proper place of importance (priority) on the list.
Broken access control Cryptographic failures Injection Unsecure design Security misconfiguration Vulnerable and outdated components Identification and authentication failures Software and data integrity failures Security logging and monitoring failures Server-side request forgery
A company experienced a cyberattack that disrupted its normal operations. The attack resulted in the loss of customer data and a halt in product and service delivery. What is this scenario an example of? Business process interruption Shareholder accountability Degraded functionality Organizational governance
Business process interruption
Which of the following are the MOST valuable tools when identifying recommended changes in your IR report? (Select two.) Lessons learned report Executive summary Digital forensics Chain of custody After-action report
Lessons learned report After-action report
A growing e-commerce company is concerned about potential cybersecurity threats and has decided to invest in threat-hunting. The company tasks its security team with proactively identifying and mitigating threats before they escalate. Which threat-hunting technique would be MOST effective for the security team to prioritize their efforts toward? answer Analyze historical security incidents. Conduct vulnerability assessments. Focus on high-impact and broad-scope threats. Perform regular log analysis.
Focus on high-impact and broad-scope threats
A growing e-commerce company is concerned about potential cybersecurity threats and has decided to invest in threat-hunting. The company tasks its security team with proactively identifying and mitigating threats before they escalate. Which threat-hunting technique would be MOST effective for the security team to prioritize their efforts toward? answer Perform regular log analysis. Incorrect answer: Conduct vulnerability assessments. Focus on high-impact and broad-scope threats. Analyze historical security incidents.
Focus on high-impact and broad-scope threats.
You have decided to implement a Cloud Access Security Broker (CASB) software application. You want to position it at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy. Which of the following CASB implementation methods are you using? Forward proxy Federation Reverse proxy API
Forward proxy
Which of the following is a potential security risk associated with implementing a single sign-on (SSO) solution in a security operations environment? answer Greater reliance on physical devices for authentication Incompatibility with multi-factor authentication (MFA) Increased complexity of authentication process Increased risk of phishing attacks
Increased risk of phishing attacks
Which of the following BEST describes system logs? answerIncorrect answer: Indicate dropped connections on a blocked port Alert you when a known virus signature is detected on a system Alert you when an automated port scan is detected Indicate logins with escalated privileges
Indicate logins with escalated privileges
Which of the following is an example of a Key Performance Indicator (KPI) that can indicate a trend in an organization's cybersecurity incidents over time? Indicators of Compromise (IoCs) Detection Time Resource Allocation Risk Assessment
Indicators of Compromise (IoCs)
A financial technology startup has tasked a cybersecurity analyst with preventing malicious or corrupted data from entering into their proprietary ML (Machine Learning) model through data poisoning. Which of the following actions does the analyst NOT need to take? (Select two.) answer Anomaly detection Data validation Incorrect answer: Data diversity Input validation Network segmentation
Input validation Network segmentation
There are several types of signature evasion techniques. Which of the following BEST describes the obfuscated code technique? answer Inserts in-line comments between SQL keywords Is a SQL statement that is hard to read and understand Can be used to represent a SQL query Uses the CHAR function to represent a character
Is a SQL statement that is hard to read and understand
An IT professional is responsible for identifying potential threats within the organization's isolated network. The professional wants to focus on vulnerabilities that attackers could exploit, even if not connected to the internet. Which of the following focus areas should the IT professional focus on to achieve this goal? answer Misconfiguration hunting Business-critical asset management Business-critical asset hunting Isolated network hunting
Isolated network hunting
A systems administrator is searching for potential vulnerabilities in the network. Which threat-hunting focus area should the administrator examine, as attackers often exploit it through connected systems or physical access? answer Lateral movements Misconfigured systems Isolated networks Business-critical assets
Isolated networks
Which of the following BEST describes the Qualys Vulnerability Management assessment tool? answer It has more than 50,000 vulnerability tests with daily updates. It is a cloud-based service that keeps all your data in a private virtual database. It scans for known vulnerabilities, malware, and misconfigurations. It scans for more than 6,000 files and programs that can be exploited.
It is a cloud-based service that keeps all your data in a private virtual database.
A security analyst reviews the communication between the company's web application and a third-party Application Programming Interface (API). The analyst must ensure that data exchanged between the systems is lightweight and easy to parse for humans and machines. Which of the following data formats would be the most suitable for this purpose? answer CSV HTML JSON XML
JSON
A security analyst is investigating a recent incident where a web application experienced intermittent service interruptions. The analyst suspects that the interruptions are a network-related issue. Which network indicators should the analyst prioritize examining to determine the root cause of the service interruptions? answer NetFlow data Application logs Packet captures Firewall logs
Packet captures
The security operations center (SOC) manager has ordered an analyst to fingerprint some of a new client's systems. Which of the following aligns most with performing fingerprinting as the SOC manager requested? answer Perform a set of processes on how much information can be extracted from delivered software. Perform a scan identifying and assessing the vulnerabilities that malicious attackers can exploit on or in the systems. Perform a scan identifying devices connected to a network or network segment. Perform a scan looking to focus attention on individual devices to understand their purpose better.
Perform a scan looking to focus attention on individual devices to understand their purpose better.
A cybersecurity analyst is investigating a potential security incident within an organization. The analyst needs to apply knowledge of host indicators to ensure an accurate and thorough analysis. What action should the analyst prioritize? Perform data and log analysis Validate the integrity of data Implement data loss prevention solutions Update antivirus signatures
Perform data and log analysis
A company conducted a web vulnerability assessment on its web applications and identified several security issues. The company now needs suitable techniques to analyze the assessment output to respond to potential threats and indicators of compromise (IoCs). Which techniques would MOST effectively analyze web vulnerability assessment output in detecting IoCs? Perform data and log analysis. Use a security information and event management (SIEM) solution. Deploy a web application firewall (WAF). Implement network segmentation.
Perform data and log analysis.
A financial institution has recently experienced a cyber attack that has compromised sensitive customer data. The IT security team is investigating the incident using the Cyber Kill Chain and MITRE ATT&CK frameworks. Which of the following statements accurately describes the Cyber Kill Chain and MITRE ATT&CK frameworks? answer Both frameworks focus on assessing an organization's security maturity level but differ in their level of detail and granularity of analysis. The Cyber Kill Chain focuses on identifying and analyzing the stages of a cyber attack, while MITRE ATT&CK focuses on assessing an organization's security maturity level. Both frameworks focus on identifying and analyzing the stages of a cyber attack but differ in their level of detail and granularity of analysis. The Cyber Kill Chain focuses on assessing an organization's security maturity level, while MITRE ATT&CK focuses on identifying and analyzing th
The Cyber Kill Chain focuses on identifying and analyzing the stages of a cyber attack, while MITRE ATT&CK focuses on assessing an organization's security maturity level. Both frameworks focus on identifying and analyzing the stages of a cyber attack but differ in their level of detail and granularity of analysis.
Your company has decided to use a Pentbox honeypot to learn which types of attacks may be targeting your site. They have asked you to install and configure the honeypot. You have already installed Pentbox. Which menu allows you to configure the honeypot? answer 1- Cryptography tools 2- Network tools 3- Web 4- Ip grabber 5- Geolocation ip 6- Mass attack 7- License and contact
2- Network tools
A security analyst is reviewing a vulnerability report and notices that the report has presented the same vulnerability for the past three months. The report also shows that the vulnerability is present in the same system each month. What does this indicate? A recurring vulnerability trend Inadequate training and awareness A configuration management issue Lack of vulnerability management tools
A recurring vulnerability trend
What does a router use to protect a network from attacks and to control which types of communications are allowed on a network? Access control list Hardware root of trust Air gap Screened subnet
Access control list
The recommendations in your IR report include details about what to do in response to the incident. Which of the following should be important characteristics of your response recommendations? (Select two.) answer Illustrated Measureable Trackable Actionable Specific
Actionable Specific
A security analyst at a large financial institution monitors network traffic for any unusual activity. The analyst notices an unusual spike in network traffic occurring on an unexpected port, indicating possible malicious activity. Which of the following actions should the analyst take in response to this anomalous activity? (Select two.) answerIncorrect answer: Immediately block traffic on the unexpected port. Alert the manager and other relevant parties about the anomalous activity. Monitor the activity for a longer period to confirm that it is not simply a temporary anomaly. Investigate the traffic to determine its source and destination. Avoid reviewing port traffic with a sniffer.
Alert the manager and other relevant parties about the anomalous activity Investigate the traffic to determine its source and destination.
Which of the following are true regarding parameterized queries? (Select two.) answerCorrect Answer: Are pre-compiled SQL statements Debug application code Help prevent SQL injection attacks Perform a quick review of code Discover code vulnerabilities
Are pre-compiled SQL statements Help prevent SQL injection attacks
Which of the following incident response documents is used to track critical details about an incident? Incident form Incorrect answer: Incident checklist Escalation list Incident response playbook
Incident form
A software development company has launched a new e-commerce website for their client. The client has expressed concerns about the website's security and has asked the development team to ensure that the website is secure from any potential threats. The development team has decided to conduct a web application security assessment to address these concerns. Which of the following tools best suits this task, considering its ability to identify security vulnerabilities and support automated testing? answerIncorrect answer: Zed Attack Proxy (ZAP) Arachni Aircrack-ng Maltego
Arachni
Your Intrusion Detection System (IDS) doesn't seem to be listing any new security attacks on your network. Which of the following DDoS attack methods is MOST likely being used? TCP SYN flood attack Amplification DDoS Protocol DDoS Application Layer DDoS
Application Layer DDoS
A TCP is targeted to overload a firewall. A TCP SYN flood attack is used by the attacker. A large number of DNS queries are sent to multiple open DNS servers with the victim's IP address spoofed as the sender. An IDS central logging server is attacked directly, causing it to shut down. A large number of HTTP requests are sent to a web server causing it to repeatedly load a web page. Application Layer DDoS Protocol DDoS Amplification DDoS
Application Layer DDoS An IDS central logging server is attacked directly, causing it to shut down. A large number of HTTP requests are sent to a web server causing it to repeatedly load a web page. Protocol DDoS A TCP is targeted to overload a firewall. A TCP SYN flood attack is used by the attacker. Amplification DDoS A large number of DNS queries are sent to multiple open DNS servers with the victim's IP address spoofed as the sender.
When reviewing the issues on the Arachni web user interface (UI), how can a web administrator determine the way in which the system detected a cross-site scripting vulnerability on a targeted site? Check the input section Check the repeater section Check the intruder section Check the dispatchers section
Check the input section
Which of the following are phases of an attack as described by the kill chain model? (Select three.) answer Infrastructure ATT&CK Correct Answer: Command and control Capacity Actions on objectives Exploitation Adversary
Command and control Actions on objectives Exploitation
Which of the following are the objectives of the Open Source Security Testing Methodology Manual (OSSTMM) and actions related to incident response and management? (Select three.) answer Encapsulating the malware code Executing a malware file on a target system Configuring firewalls and intrusion prevention systems Conducting vulnerability assessments Evaluating network security Conducting command and control Identifying assets and critical systems
Conducting vulnerability assessments Evaluating network security Identifying assets and critical systems
As a developer for a software application company, you frequently merge changes into the repository as quickly as possible to make sure that the changes are automatically tested so they don't break the application. Which of the following techniques are you using? answer Playbook Continuous deployment Continuous delivery Continuous integration (CI)
Continuous integration (CI)
As a developer for a software application company, you frequently merge changes into the repository as quickly as possible to make sure that the changes are automatically tested so they don't break the application. Which of the following techniques are you using? answerIncorrect answer: Continuous delivery Continuous deployment Continuous integration (CI) Playbook
Continuous integration (CI)
Which of the following BEST describe functions of a Cloud Access Security Broker (CASB) software application? answer Allow one entity to be responsible for the authentication of the user. Store a user's credentials so that trusted third parties can authenticate using those credentials without seeing the credentials. Provide a trust relationship that exists between organizations or applications. Enables single sign-on authentication and enforce access controls and authorizations from the enterprise network to the cloud provider. Scan for malware and rogue or noncompliant device access.
Enables single sign-on authentication and enforce access controls and authorizations from the enterprise network to the cloud provider. Scan for malware and rogue or noncompliant device access.
Which of the following is the core purpose of CCMSs? answer System reliability Endpoint configuration and control Reduced time and resources Automated deployment of patches and configurations
Endpoint configuration and control
Which of the following is an activity that would be performed to maintain business continuity? answerIncorrect answer: Bringing critical systems back online Entering information into the company systems that was unavailable during disaster recovery Recovering systems after a wide-scale ransomware infection. Training employees to secure systems during a security incident
Entering information into the company systems that was unavailable during disaster recovery
A company has developed a proprietary software application to manage its manufacturing processes. What is a common inhibitor to vulnerability management reporting and communication in this context, specifically for organizations with proprietary systems? answer Lack of time to test and remediate vulnerabilities in a proprietary system. Fear of revealing proprietary information to external parties. Incompatibility with third-party vulnerability management tools. Lack of developers who created the application's underlying architecture and dependencies.
Fear of revealing proprietary information to external parties.
Which of the following are challenges that Key Performance Indicators (KPIs) can present to an organization? (Select two.) Irrelevant data Detection Time False positives Resource Allocation Risk Assessment
False positives Irrelevant data
A security auditor reviews the compliance reports of an organization to evaluate their adherence to regulations and standards. What information can typically be in this type of report? answerIncorrect answer: Vulnerability scan results Top 10 lists of security risks Employee training records Configuration management policies
Employee training records
Which of the following is an advantage of setting up a federation? answer Users must enter a PIN. There is a preset database of users and their login credentials. Employees have an easier time onboarding. Your organization is assigned a set of attributes.
Employees have an easier time onboarding.
Which of the following is an advantage of setting up a federation? answer Your organization is assigned a set of attributes. Users must enter a PIN. There is a preset database of users and their login credentials. Employees have an easier time onboarding.
Employees have an easier time onboarding.
Which data monitoring method do the steps below BEST describe? Keep a user log to document everyone that handles each piece of sensitive data. Monitor the system in real time. DGA monitoroing File monitoring DNS monitoring URL monitoring
File monitoring
Robin, an IT technician, has implemented identification and detection techniques based on the ability to distinguish legitimate traffic from illegitimate traffic over the network. Which of the following is Robin trying to achieve? Defend the network against IDS evasions. Defend the network from attacks. Defend the network against natural disasters. Defend the network against WPA/WPA2 cracking.
Defend the network against IDS evasions
Which security control makes a system more difficult to attack? Preventive Deterrent Corrective Detective
Deterrent
The cybersecurity leadership team of a company is reviewing its incident response plan (IRP) and must consider the role of business continuity (BC) and disaster recovery (DR) in the IRP. How should the company account for BC/DR in its incident response plan? Conduct regular tabletop exercises. Train employees on phishing awareness. Establish an incident response team. Develop and test BC/DR plans for operational resilience.
Develop and test BC/DR plans for operational resilience
You are using the nmap -A command to probe services on the open ports in your company network. Which of the following are the types of information you can expect to discover? (Select three.) answer Protocols Unauthorized data exfiltration Latency issues Incorrect answer: Bandwidth usage Application name and version Lost data packets Device type
Device type Protocols Application name and version
Which of the following attack types takes advantage of user input fields on a website? HTTP response splitting Directory traversal DDoS DNS attacks
HTTP response splitting
A hacker wants to check if a port is open using TCP Protocol. The hacker wants to be stealthy and not generate any security logs. Which type of port scan BEST meets the needs of this hacker? NULL scan Xmas tree scan Full open scan Half-open scan
Half-open scan
A systems administrator is researching active defense approaches. The administrator decides to install a honeypot to lure attackers away from assets of actual value. What is true of a honeypot? (Select three.) answer Honeypots seek to redirect malicious traffic away from live production systems. Honeypots help collect intelligence on the attackers and their techniques. Honeypots can provide an early warning regarding ongoing attacks. Honeypots can generate high-level summary reports for executive briefings. Honeypots give you access to an attacker's email and text messages. Honeypots assist defensive teams in identifying and responding after an attack on critical systems. Honeypots can only be configured on physical devices.
Honeypots seek to redirect malicious traffic away from live production systems. Honeypots help collect intelligence on the attackers and their techniques. Honeypots can provide an early warning regarding ongoing attacks.
Which of the following provides cybersecurity information and services to the owners and operators of critical infrastructure? answer OSINT CSIRT ISACs Threat hunting
ISACs
Implementing security controls is an essential component of mitigating application attacks. Which of the following security controls are often implemented for remote code execution? (Select two.) Implement access control and network segmentation. Regularly review and update permissions. Use IDS/IPS appliances. Implement appropriate access controls. Implement secure architecture patterns.
Implement access control and network segmentation. Use IDS/IPS appliances.
A manufacturing company has recently suffered a successful cyber attack, leading to data integrity concerns. The organization's leadership is determined to implement appropriate controls to mitigate the risk of future attacks. Which of the following controls would be MOST effective in validating data integrity and preventing a recurrence of similar attacks? Implement file integrity monitoring Re-image all systems on a regular basis Create an incident response team Deploy a network intrusion detection system
Implement file integrity monitoring
A U.S.-based financial company collects sensitive PII data from its customers, including U.S. social security numbers, biometric information, and financial records. What measures can the company take to protect the data from breaches or unauthorized access? (Select two.) answer Manage data accuracy Implement SAML Implement multi-factor authentication Introduce access controls Implement monitoring user consent
Implement multi-factor authentication Introduce access controls
A healthcare facility tasked a cybersecurity analyst with recommending controls to mitigate successful application attacks. Which of the following controls should the analyst prioritize to help protect the application and prevent future attacks? answer Conducting a thorough code review Incorrect answer: Conducting regular vulnerability assessments Implementing remediation measures Implementing compensating controls
Implementing compensating controls
Security vulnerabilities often manifest in a few common ways. Which of the following vulnerabilities involves incorrect configuration or maintenance of firewalls, antimalware tools, and access controls? Misconfigurations Inadequate infrastructure protection Outdated operating systems Unpatched software
Inadequate infrastructure protection
A network security engineer provided a report to the operations manager with a large amount of public information that is accessible solely from the company's website. For example, the report shows email addresses and other company phone numbers on a graph that would otherwise be known internally. What tool did the network security engineer most likely use to gather this information with little effort? answer Maltego Angry IP scanner Metasploit Incorrect answer: Recon-ng
Maltego
Which security control category gives oversight of the information system? Managerial Preventative Operational Technical
Managerial
A large information technology department is preparing for an audit by their cyber security insurance company. While reviewing some vulnerability reports in their security information and event management (SIEM) tool, the department found critical vulnerabilities and steps to resolve them. In this type of report, what does this finding represent? answer Vulnerabilities Prioritization Mitigation Risk score
Mitigation
A project manager needs to verify users and authorize access to systems and applications. Which security control should the project manager implement? answer Firewall Access control list Password manager Multi-factor authentication
Multi-factor authentication
A financial technology startup has tasked a cybersecurity analyst with preventing malicious or corrupted data from entering into their proprietary ML (Machine Learning) model through data poisoning. Which of the following actions does the analyst NOT need to take? (Select two.) answerCorrect Answer: Network segmentation Anomaly detection Input validation Data diversity Data validation
Network segmentation Input validation
An organization has tasked an IT team with implementing vulnerability scanning methods and concepts. They are considering different industry frameworks to use. Which of the following frameworks focuses on user interaction to prioritize vulnerabilities? answer FIPS ISO 27001 NIST OWASP
OWASP
An organization plans to conduct a security assessment and wants to utilize a comprehensive and open framework to guide the assessment process. Which of the following attack methodology frameworks would assist the organization in their assessment? answe Open Source Security Testing Methodology Manual (OSSTMM) National Institute of Standards and Technology (NIST) Cybersecurity Framework MITRE ATT&CK Open Web Application Security Project (OWASP) Top Ten
Open Source Security Testing Methodology Manual (OSSTMM)
An information security project manager of a large software firm is in charge of researching alternative vulnerability scanners for the security operations center (SOC) reduced budget. At the next stakeholder meeting, the manager proposes several free, open-source software (FOSS). Which of these vulnerability scanners fits the needs of the enterprise business? (Select two.) answer SecurityScorecard OpenVAS Nessus OpenSCAP Qualys
OpenSCAP OpenVAS
Which of the following are common indicators that an attacker has gained access to make unauthorized changes to the system? (Select two.) Opening new network ports After-hours access Failed logins New accounts Installing new programs
Opening new network ports Installing new programs
A security researcher identifies a financial fraud scheme targeting multiple pharmaceutical companies. What type of actor is most likely responsible for this activity? Hacktivists Nation state Organized crime Script kiddie
Organized crime
Which of the following log types records information about system resource use, such as use by printers and servers? answerIncorrect answer: Access logs IDS logs Firewall logs Performance logs
Performance logs
A security analyst is conducting an assessment of the network security of a large organization. The analyst must determine if any unauthorized devices and services are on the network. What type of scan/sweep would indicate to the security analyst that unauthorized devices and services are running on the network? answer TCP sweep Port scan Ping sweep UDP sweep
Port scan
Which phase includes taking the recommendations that can be put into action through security implementations, policies, and procedures? answer Preparation Containment Post-incident feedback Post-incident activity
Post-incident feedback
A security engineer is looking to improve the security of their email system. The system has a built-in reporting mechanism that shows what things they can do to improve overall security and suggested fixes with different percentages to show importance. What component of vulnerability reporting does this relate to? answer Vulnerabilities Prioritization Mitigation Risk score
Prioritization
The network IDS has sent alerts regarding malformed messages and sequencing errors. Which of the following IDS detection methods is MOST likely being used? answer Signature Trend Anomaly Protocol
Protocol
A security administrator is reviewing the company's vulnerability reports and notices a continuing issue with outdated software on employee workstations. The administrator is considering implementing a new process for vulnerability reporting and is looking for best practices. What is a common approach for maximizing the effectiveness of this practice? Awareness, training, and education Top 10 lists Recurrence Trends
Recurrence
Which of the following statements are true when describing Heuristic analysis? (Select two.) answerIncorrect answer: Analyzes data over a period of time to establish patterns. Involves security teams analyzing logs and data. Requires little human interaction. Looks at frequency, volume, and statistical deviations data. Triggers an alert when any activity falls outside a baseline.
Requires little human interaction. Triggers an alert when any activity falls outside a baseline.
Implementing security controls is an essential component of mitigating application attacks. Which of the following security controls are often implemented for broken access control? (Select two.) answerIncorrect answer: Implement appropriate access controls. Restrict access to configuration interfaces. Configure secure default settings. Regularly review and update permissions. Implement secure architecture patterns.
Restrict access to configuration interfaces. Configure secure default settings.
Which of the following KPI measurements allow you to compare the results with those of other organizations? answer Indicators of Compromise (IoCs) Incorrect answer: Resource Allocation Risk Assessment Incidents
Risk Assessment
An unauthenticated attacker exploited a company's web portal that contains customer information, where customers can view their account profile, such as their name, email address, and account balance. Each customer has a unique ID and password used to retrieve their information from the database. However, the attacker noticed that the system enabled the default database account on this application. As a result, the attacker successfully authenticated the account using default credentials and began stealing data. What kind of web application vulnerability did the attacker exploit? answer Software and data integrity failures Security misconfiguration Broken access control Injection
Security misconfiguration
A social media application has a feature that allows users to enter the URL of a video for users to show their favorite video. An attacker submits a specially crafted URL that includes a call for the social media company's internal network resource, and the web application processes the request without proper validation. The internal network, trusting the web application, complies with the malicious call, permitting the attacker to steal sensitive information from the internal network. What type of vulnerability does this situation describe? answer Broken access control SSRF XSS Cryptographic failures
SSRF
A security analyst is scheduling a vulnerability scan on several company critical systems. Which of the following performances does the analyst need to consider that could impact the scan? (Select three.) Scan speed Fragment packet creation Proxy use False positives IP address spoofing Sensitivity levels System identification
Scan speed False Positives System Identification
An attacker is planning to target a business-critical database for a large enterprise. What are some business-critical asset-hunting methods that security analysts use to protect systems? (Select two.) Search for unauthorized access attempts Search for weaknesses in physical access points Search for misconfigured systems Search for routine activity Search for unusual traffic patterns
Search for unauthorized access attempts Search for unusual traffic patterns
A cyber security analyst has performed a scan of multiple target endpoints on the network. The scan assesses the target endpoints configurations and cross-references them to an appointed profile. This scan ensures that devices and software maintain compliance with security requirements continuously. What type of scanning is the specialist performing? answer Internal Map/Discovery Security baseline CIS benchmarks
Security baseline
A cybersecurity organization faces challenges with Key Performance Indicators (KPIs). Which of the following is a potential challenge that they may face while setting Service Level Objectives (SLOs)? answerIncorrect answer: Service Level Objectives (SLOs) are not comprehensive enough. Key Performance Indicators (KPIs) are not measurable. Service Level Objectives (SLOs) must be measurable to be effective. Key Performance Indicators (KPIs) must be absent for Service Level Objectives (SLOs) to be measurable.
Service Level Objectives (SLOs) must be measurable to be effective.
As a security administrator for your company, you are working with the network engineer to provide a complete solution that includes gathering app requirements, developing the app, and deploying the app into production. Which of the following orchestration types would meet your requirements? answer Cloud orchestration Release orchestration Service orchestration Single pane of glass orchestration
Service orchestration
A security analyst is reviewing the results of a recent vulnerability scan on a company's web application. The analyst notices a pattern of suspicious user behavior and wants to determine if this behavior relates to a specific type of attack. Which attack method should the analyst investigate to uncover the reason behind this suspicious behavior? Cross-Site Scripting (XSS) Social engineering SQL injection Obfuscated links
Social engineering
A financial institution has experienced a cyber attack that has resulted in the theft of customer information. Which of the following is the MOST critical consideration for the incident response team? answer Timeline of breach Incident declaration Evidence Stakeholders impacted
Stakeholders impacted
Risk AA recently patched Windows machine on your network no longer responds to ping, but you have confirmed it is otherwise functioning normally and servicing incoming connections to other machines on the network. No other changes were made to the machine or its connection to the network. When you use hping3, you get the following output. Which of the following BEST explains that behavior? answerIncorrect answer: The machine is blocking SYN packets. The machine is blocking TCP connections. The machine's firewall is blocking ICMP. The machine is no longer physically connected to the same network.ssessment
The machine's firewall is blocking ICMP.
As a system administrator for a financial institution, you add a new desktop to the network, power on the desktop, and then create a new user and disable the local administrator and guest accounts. What vulnerability did you introduce when you powered on the desktop? Default credentials. Weak passwords. The system was not initialized. The system was not updated or patched.
The system was not updated or patched.
Which of the following BEST describes the purpose of Security Operations Centers (SOCs)? They continuously monitor threat intelligence feeds to detect new threats and indicators of compromise (IoC). They promote the philosophy that everyone in an organization is responsible for the security of the system. They streamlines the software development process for everyone, which leads to lower costs and development times. They are responsible for the detection, prevention, and response to cyber incidents across an organization's networks.
They are responsible for the detection, prevention, and response to cyber incidents across an organization's networks.
An engineer is considering appropriate risk responses using threat modeling. The engineer is trying to understand which threat actors are in scope for their organization. How does threat modeling identify the principal risks and tactics, techniques, and procedures (TTPs) for which their system may be susceptible? (Select three.) By evaluating the system from an attacker's point of view By evaluating a system from a neutral perspective By modeling hardware or software used for the attack By impersonating an employee in the organization By analyzing the system from the defender's perspective By attempting to gain physical access to the target location Through using tools such as diagrams
Through using tools such as diagrams By evaluating the system from an attacker's point of view By analyzing the system from the defender's perspective
Why is knowing what will happen during a maintenance window critical to completing the maintenance tasks successfully? answer To ignore irrelevant alerts and warnings To discern between authorized and unauthorized events To avoid restarting devices To keep the planned tasks on schedule
To discern between authorized and unauthorized events
An attacker has compromised a company's server, resulting in a data breach. The company activates its incident response team to investigate the incident and conduct a root cause and forensic analysis. Why should the incident response team conduct a root cause and forensic analysis after the security incident? (Select two.) To identify vulnerabilities in the network to improve security measures To collect evidence for legal proceedings against the perpetrator To identify the source of the incident to prevent future occurrences To identify who was responsible for the attack To improve incident response procedures to better address future incidents
To identify the source of the incident to prevent future occurrences To improve incident response procedures to better address future incidents
Which type of impact is damage to an organization's reputation and other non-cost incident consequences? answer Immediate impact Total impact Organizational impact Local impact
Total impact
A security analyst wants to create a dashboard that highlights potential problems or focuses on important activities, trends, or environmental changes. Which of the following is an example of a top 10 list to use in a dashboard? Traffic volume by device Compliance reports Risk score and priority Vulnerability report content
Traffic volume by device
A security analyst wants to create a dashboard that highlights potential problems or focuses on important activities, trends, or environmental changes. Which of the following is an example of a top 10 list to use in a dashboard? answer Compliance reports Vulnerability report content Traffic volume by device Risk score and priority
Traffic volume by device
Which of the following is beta testing also known as? Dynamic code analysis Static code analysis Security regression testing User acceptance testing
User acceptance testing
A security administrator reviews a vulnerability report for the company's network infrastructure. What are the best practices for vulnerability reporting? (Select three.) answer Including details regarding the type of vulnerability. Leveraging manual processes to generate vulnerability reports to ensure accuracy. Using automation to make the process more consistent, reliable, efficient, and easy to maintain. Providing details about the number of instances. Developing policies and procedures for generating vulnerability reports on a regular schedule. Using appropriate tools to identify reporting needs and selecting the best tools for those needs. Making recommendations.
Using appropriate tools to identify reporting needs and selecting the best tools for those needs. Developing policies and procedures for generating vulnerability reports on a regular schedule.
A security analyst is working with a company to mitigate the risk of successful attacks on their web application. The web application communicates with other systems using XML data. Which controls should the analyst recommend to ensure the integrity and confidentiality of the transmitted XML data? answer Security headers Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Web Application Firewall (WAF) XML Encryption and XML Signature
XML Encryption and XML Signature
You have configured your pfsense firewall to block URLs using DNS. You have selected the block lists that work best for your company's needs. You have tested on your machine and traffic to those sites in the list are blocked as expected. As you walk through your office several months later, you notice that a user is on a site that is supposed to be blocked. What might explain this? answer The DNS cache on the user's local machine contains the information for that site The service has stopped and is no longer functioning. The user has hacked your firewall to allow their traffic through. Your firewall allows DNS requests to outside DNS servers.
Your firewall allows DNS requests to outside DNS servers.
