Cyber Security Final Exam
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. What type of device should you use?
Anomaly-based IDS
An attacker is browsing social media accounts associated with a targeted organization. Why is the attacker MOST likely using social media in this manner?
Attackers can leverage social media as a vector to launch attacks against targets.
You have performed a SQL injection attack against a website using Burp Suite and see the following results. What are you looking for
Any results that show something unexpected being passed back from the server
A company is investigating a potential incident on its network. They have collected data and logs from various sources and are preparing to validate the integrity of the data. Why should the company avoid deleting irrelevant log entries during the incident response?
Because they may contain relevant evidence.
You want to use a SCAP language that uses an XML schema and helps describe the three main aspects of an evaluated system: system information, machine states, and reporting. Which of the following SCAP languages would BEST fit your requirements?
Open Vulnerability and Assessment Language (OVAL)
How are cloud system and network architecture concepts essential for securing hybrid and on-premises systems?
Cloud system and network architecture concepts enable organizations to consolidate and streamline their security operations, regardless of where their data resides.
What is the name for a mock attack exercise that simulates an actual network attack?
tabletop
A silicon valley-based technology startup recently suffered a cyber-attack targeting key intellectual property and defacing the company website, painting an impolite mustache on the picture of the CEO's face. The CEO is enraged and directs the cybersecurity team to "hit the attackers hard!" What process is the CEO directing the cybersecurity team to undertake?
Active Defense
A large oil filter manufacturer for mid-size sedans has noticed an unusual amount of network traffic leaving their systems to unfamiliar IP addresses. Upon further investigation, they discover that a group of attackers has been using a combination of spear-phishing emails and malware to infiltrate their network and exfiltrate sensitive data. The attackers are highly skilled and have been able to evade detection by traditional security measures. What type of attack is this an example of?
Advanced persistent threat (APT)
On rare occasions, an individual computer contains information that is highly confidential and must remain separated from both internal and external networks. Which of the following segmentation solutions would BEST achieve this goal?
Air Gap
The security team at a large organization is analyzing a recent cyberattack that targeted their network infrastructure. They must focus on the attack stages and the relationships between the adversary, infrastructure, and capabilities to understand the attack and plan for future security measures. What should the security team prioritize to address the current situation effectively and improve their security operations?
Analyzing the attack using the Diamond Model of Intrusion Analysis and the cyber kill chain
A company recently hired a new Chief Information Security Officer (CISO) to help improve the company's security posture. This decision occurred after the company ran into the issue of siloed teams not working together to protect the security of their systems. What is the CISO's most important responsibility in this situation?
Awareness Training
Which of the following are the three metrics used to determine a CVSS score?
Base, temporal, and environmental
Which of the following SQL injection attack types uses true/false questions to perform reconnaissance?
Blind injection attack
When it comes to data monitoring, heuristics programs typically take one of several approaches. Which of the following are approaches that heuristics programs often take? (Select two.)
Bring a file into a virtual testing environment and running it to identify its behavior. Detect suspicious files through identification of genetic signatures that are similar to previously known malware.
The Results section of an assessment report contains four subtopics. Which of the following subsections contains the origin of the scan?
Classification
As a security precaution, you have implemented IPsec to be used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
Which of the following statements is true regarding IDS and IPS?
IDS is a passive system; IPS is an active system.
A large organization has recently experienced a significant cyberattack that disrupted its daily operations. The organization's management team reviews the incident and improves its business continuity and disaster recovery strategies. They want to focus on patch management concepts as part of the lessons learned. Which patch management best practices would most effectively enhance their BC/DR preparedness?
Implementing a risk-based patch prioritization
A security analyst is writing a script to automate security operations. However, the analyst is confused about which data format to use for the script: JSON or XML. Which data format should the analyst use for the script?
JSON
A security operations center (SOC) incident response analyst needs to know the entanglement of systems during an attack as quickly as possible. Therefore, the analyst needs the recommendation to help quickly identify the relationships through visualization. Which tool could help the analyst investigate an emerging attack?
Maltego
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources should you consider using to find an answer to your question?
NVD
Which of the following would be the best open-source tool to use if you were looking for a web server scanner?
Nikto
Why is security for VMs more important than security for physical machines?
One bad configuration could be replicated across your network.
A network administrator at a large business is performing a security assessment of the company's network infrastructure. The administrator must determine the most appropriate framework for conducting a comprehensive security assessment. Which of the following frameworks would be the most appropriate for the network administrator?
Open Source Security Testing Methodology Manual (OSSTMM)
An incident that impacts a company's primary functions to the point that it cannot continue with business as usual is considered to have which type of impact?
Organizational impact
A security researcher identifies a financial fraud scheme targeting multiple pharmaceutical companies. What type of actor is most likely responsible for this activity?
Organized crime
A company's security team recently discovered an unknown device connected to their network, and they suspect it could be a rogue device. The team wants to conduct scans and sweeps to locate and remove any unauthorized devices on the network. Which of the following are common types of scans or sweeps the team can use to locate rogue devices in the network? (Select two.)
Passive Scanning Active Scanning
A company has employees working from different sites and needs to ensure secure access to company resources. Which of the following is the primary benefit of using Secure Access Service Edge (SASE) to provide secure access to company resources?
Providing end-to-end protection for all users, regardless of location
A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent?
Rapid elasticity
An information security manager is creating a compliance report that will include data on policies and procedures, audit results, employee training, and gap analysis. What is the company promising to follow?
Regulatory requirements
Business email compromise attacks have been increasingly waged against corporations' email systems. Attackers exploit an auto-forwarding email vulnerability to set emails that contain keywords to be redirected to their own inboxes. Which of the following BEST helps protect against this form of attack?
Sync email accounts settings.
A security administrator is reviewing a vulnerability report generated by a scanner. The report lists various types of vulnerabilities found on different systems, including missing patches, weak passwords, and misconfigured settings. What information should the report include about these vulnerabilities?
The affected systems and devices
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data.
A security analyst is to assess the risk levels of vulnerabilities discovered during a recent scan. What is the purpose of the analyst's assignment of risk levels?
To determine the severity of a vulnerability
A financial institution experiences a security breach due to a phishing email that compromised employee credentials. The incident response team responds promptly by implementing the incident response plan (IRP) and restoring services using the business continuity plan (BCP). After the incident, the team conducts a lessons learned review. What benefit can a lessons learned review provide to the incident response team?
To identify areas for improvement in incident response plan (IRP) and business continuity plan (BCP)
What is the primary objective of recovery after a security incident?
To restore all system capabilities and services so that business can return to normal.
A large pest control company's web application allows users to schedule monthly appointments with their technicians. The application runs on outdated software and represents a security risk, but the software is also critical for business operations. The company decides to outsource the software's functionality to a contractor who can contractually guarantee a certain level of operational safety through insurance. What kind of risk response does this represent?
Transference
Which of the following BEST describes a beaconing intrusion?
A command issued to a botnet pool to verify that a bot is still alive.
Keith, a systems administrator, forgot to change the router's default credentials. What vulnerability could this cause?
An opening for attackers to exploit.
A security analyst is reviewing an announcement from the Cybersecurity and Infrastructure Agency. Which source of Defensive OSINT does the Agency represent?
Government bulletins
An Information Security Project Manager needs to find resources that promote awareness of web application security issues and develop resources to educate developers and users. In addition, the project manager is looking for these resources to offer various testing tools to help organizations identify and fix security vulnerabilities. Which of the following resources would be BEST for the project manager to use?
OWASP
Which term describes the process of sniffing traffic between a user and server and then re-directing the traffic to the attacker's machine, where the information can be forwarded to either the user or server?
On-path
Which of the following is true about rule-writing?
Rules could be as simple as looking for unsuccessful logins or could include more complex behavioral patterns.
A support technician examines the Windows Registry for a host on a local area network (LAN). Which subkey should the technician use to find username information for accounts on the computer?
SAM
A security analyst is investigating an incident and needs to identify possible malicious activity within the network. Which technology should the analyst focus on to better manage network traffic and dynamically configure security policies?
SDN
There is an ongoing stress test of your company network that you are participating in. You have set up Ettercap to perform a DoS attack against a target server using the dos_attack plug-in, and it is currently running on a Kali Linux machine. So far, the target machine is handling the incoming traffic without noticeable service interruption. What might you do next?
Start additional DoS attacks from other machines, making this a DDoS attack.
Which of the following is a standard for sending log messages to a central logging server?
Syslog
A breach occurred in a company's customer database due to an insider threat. The incident response team has concluded its investigation and is moving on to the lessons learned phase. The team is meeting with staff to review the incident and its response. What is the purpose of this meeting?
To improve procedures for incident response
A company is implementing PKI to enhance the security of its network after a recent series of intercepted emails. What is the purpose of PKI in this context?
To verify the authenticity of digital documents and the identity of users or devices
A security analyst investigates a suspected network attack on a company's server. The analyst needs to capture and analyze network traffic to identify the source and type of attack. The analyst decides to use tcpdump and Wireshark for the analysis. Which of the following statements is true about tcpdump and Wireshark when used for network traffic analysis in a security investigation?
tcpdump and Wireshark are both network traffic capture and analysis tools that identify the source and type of an attack.
Which team is often used to oversee a tabletop exercise?
white
A large corporation has suffered a ransomware attack, significantly disrupting its operations and losing critical data. The attacker was able to exploit a known vulnerability in the organization's software due to a lack of proper updates. What could have helped prevent this attack?
Consistently applying patches using proper patch management procedures
Which of the following BEST describes the isolation-based containment method?
Involves disconnecting a device, VLAN, or network segment from the rest of the network
Which of the following is true regarding a screened subnet (demilitarized zone)?
Packet filters on the inner firewall of the screened subnet prevent unauthorized traffic from reaching the private network.
What are the benefits of network segmentation in security operations, specifically in relation to system and network architecture concepts and operating system (OS) concepts? (Select two.)
Reducing the attack surface by limiting access to sensitive resources Allowing for more effective monitoring of network traffic and detection of anomalous activity
Which of the following BEST describes the purpose of the wireless attack type known as wardriving?
To find information that will help breach a victim's wireless network.
A company experiences a security incident that results in a data breach. The incident response team conducts an investigation and implements the incident response plan. After the incident, the team reviews the lessons learned and identifies areas for improvement in the incident response plan. They decided to provide additional training to staff members to improve their knowledge of incident response procedures. What is the primary reason the team should review the lessons learned after the security incident?
To identify areas for improvement in the incident response plan
Which of the following analysis methods involves looking at data over a period of time and then uses those patterns to make predictions about future events?
Trend
Converting the word ATTACK to \u0041 \u0054 \u0054 \u0041 \u0043 \u004b is an example of what obfuscation technique?
Unicode evasion
A security analyst is evaluating the company's infrastructure to optimize security operations. How can the analyst best improve the company's security operations?
Utilize virtualization
You want to display the following text on a command line from a shell script: Watermelons cost $6.99 today only! Which of the following commands would you use to make sure the text is displayed?
echo "Watermelons cost $6.99 today only!"
An employee contacts a company system administrator complaining that each time they try to change a display configuration setting in the Windows operating system, the setting is restored to its original configuration. Which of the following is MOST likely causing this issue?
CCMS
Which statement BEST explains the importance of cloud system and network architecture concepts in security operations as they relate to hybrid and on-premises systems?
Cloud system and network architecture concepts are essential for securing both hybrid and on-premises systems.
The economic impact of an incident can be tangible or intangible. Which of the following costs would be considered intangible? (Select two.
Damage to reputation Loss of potential customers
A cyber security specialist, responsible for threat intelligence and threat hunting in an organization, is looking to collect open-source intelligence (OSINT). The specialist wants to gather intelligence on potential cyber threats. Which sources should the cyber security specialist consider to achieve this information? (Select two.)
HTML code of an organization's web page Social Media Profiles
A hacker launches an attack that requires specialized knowledge and tools, including significant time and resources. What is the Attack Complexity score for this attack as part of the CVSS framework?
High
As a security analyst, you are tasked with monitoring a company's threat feed. Which of the following should you look for as part of your analysis?
IP addresses that might be malicious.
A company has increased the security operation center (SOC) budget to reassess its cybersecurity framework. The current company's framework revolves around the National Institute of Standards and Technology (NIST) guidelines. What other organizational framework could the company use its SOC budget for in order to achieve a better security posture?
ISO
A cybersecurity analyst has to identify active threats within their organization. To preserve relevant data and logs for potential legal proceedings, what action should the analyst take while conducting the investigation?
Implement a legal hold.
Which of the following is an example of a Key Performance Indicator (KPI) that can indicate a trend in an organization's cybersecurity incidents over time?
Indicators of Compromise (IoCs)
An attacker targets a web application and manipulates the URL to include a file path located on a separate server. Since the application does not properly validate the input, it executes the code residing in the remote file. As a result, the attacker can take control of the web application due to the code's execution. What type of vulnerability does this situation describe?
RFI
Which of the following could inhibit vulnerability remediation and conflict with the implementation of security changes due to governing relationships with third-party service providers, being legally binding, and having the potential for significant financial impacts for failing to meet requirements?
Service-level agreement (SLA)
While analyzing network traffic on your company network, you see the following in Wireshark. What appears to be happening?
There is an ICMP flood attack.
The recommendations in your IR report include details about what to do in response to the incident. Which of the following should be important characteristics of your response recommendations? (Select two.)
Actionable Specific
An IT professional responsible for managing critical infrastructure must ensure the SCADA system's security. Which vulnerability scanning methods would be the most appropriate?
Active Scanning
A financial institution is experiencing persistent cyberattacks from unknown sources. Which of the following active defense approaches can the company deploy to outmaneuver the attackers and gain insights into their methodologies?
Deploying honeypots to attract and identify potential attackers.
A company's cybersecurity leadership team reviews its incident response plan (IRP) and wants to ensure it is fully prepared for potential disruptions to its business operations. The team considers the role of business continuity (BC) and disaster recovery (DR) in their IRP. Which options would be the most appropriate way for the team to integrate BC/DR in their IRP?
Develop and test BC/DR plans to ensure operational resilience.
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?
Disconnect the access point from the network.
Which of the following are phases of an attack as described by the kill chain model? (Select three.)
Exploitation Actions on objectives Command and control
The chief information officer (CIO) has scheduled the quarterly vulnerability scan with a well-trusted vendor for Payment Card Industry Data Security Standard (PCI DSS). What particular scan provides a view of the company's internet-facing systems?
External Scanning
Which of the following are challenges that Key Performance Indicators (KPIs) can present to an organization? (Select two.)
False positives Irrelevant data
Troy, an expert hacker, needs to perform a pretexting operation against his target. But first, he needs to look at the building and the surrounding parking lots and entrances without driving by. Which tool would be his BEST option?
Google Maps
A cybersecurity team leader is working on a security incident that requires immediate remediation. To effectively address the issue and prevent further damage to the organization's systems, which of the following actions should the team take as a part of the security operations plan?
Isolate the affected systems from the network.
Which of the following BEST describes an attack methodology framework?
It assists in identifying malicious activity and providing a standardized approach to investigating and assessing potential threats.
A company's vulnerability management team has identified a critical vulnerability in its server software. The team has created an action plan to address the vulnerability and has identified patching as a key part of the plan. Why is this type of action plan a critical element of incident response activities?
It can prevent attackers from exploiting the vulnerability and causing damage to the company.
A technology company has experienced a security breach where an attacker gained unauthorized access to sensitive information on their servers. As a result, the company activates the incident response team and is investigating the breach. Why is collecting and preserving evidence important for incident response reporting and communication?
It can provide critical information for identifying the attacker and preventing future attacks.
Properly determining the scope of a security incident occurs during triage. Which of the following statements are true about the triage phase? (Select two.)
It is focused on determining a timeline of what, where, how, and when events occurred. It includes careful curation of the data and tools useful in locating any indicators of compromise.
Which of the following BEST describes the countermeasures you would take against a cross-site request forgery attack?
Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details.
As a cybersecurity analyst dealing with a security breach that requires collecting digital evidence from multiple sources, what action should the analyst take to ensure the proper handling and preservation of the evidence?
Maintain a comprehensive log of actions during the evidence collection process.
File fingerprinting, scanning, string searches, and disassembly are all used to identify malware. When these techniques are used, what is the identifying information called?
Malware signature
A company is considering entering into a collaboration with a potential partner. The potential partner is a large, well-respected company with a strong track record in cybersecurity. The company has a concern about the potential partner's ability to comprehend and meet all its needs per its standard operating procedures. What is best to ensure mutual comprehension and communication methods short of legal recourse?
Memorandum of understanding (MoU)
During a digital forensic analysis, an analyst may generate what kinds of useful information? (Select three.)
Misconfig IoCs Vulnarabilities
Security vulnerabilities often manifest in a few common ways. Which of the following vulnerabilities involves using default settings, guessing, or using Google for help when provisioning services?
Misconfigurations
A security administrator has identified a new Zero-day vulnerability in the company's operating system. The administrator is responsible for addressing the vulnerability in the most efficient way possible. What action should the administrator take to address the vulnerability?
Mitigate the vulnerability using compensating controls.
A company has conducted a vulnerability assessment and identified multiple vulnerabilities in its system. However, the IT team has limited resources and cannot address all vulnerabilities at once. What are the MOST appropriate steps for the company to take in this situation? (Select two.)
Mitigate vulnerabilities as rapidly as possible, before a threat actor can exploit them.
A project manager needs to verify users and authorize access to systems and applications. Which security control should the project manager implement?
Multi-factor authentication
A company's IT security team must perform a comprehensive vulnerability assessment on its network infrastructure to identify potential security weaknesses and misconfigurations. The team requires a tool to scan various systems, devices, and applications and provide detailed reports with actionable recommendations. What tool can accomplish this task?
Nessus
A security analyst needs a data loss prevention (DLP) solution to prevent users from transferring data without authorization. What components typically makeup DLP solutions? (Select three.)
Network agents Endpoint agents Policy Server
Which of the following are metacharacters that need to be indicated as text when using them in a script?
New-line, space, and tab
As a member of your company's security team, you are currently monitoring data trends and investigating any deviations from those trends. Select the commonly used name for these deviations from the dropdown list below.
Outliers
Which of the following gives legal protection for information shared within an ISAC in the United States?
PCII program
A large financial institution is considering passwordless authentication and SSO as part of a new incident response and management plan to improve security and streamline operations. Which of the following is true about passwordless authentication and SSO in incident response and management?
Passwordless authentication and SSO can help reduce incident response and management time.
Which devices are responsible for forwarding packets in a virtual network?
Physical networking devices
A security analyst has identified a compromised system on the network and needs to take action to prevent further damage. The analyst has decided to implement compensating controls to limit the potential damage. After implementing compensating controls, the security analyst wants to isolate the compromised system from the network for further analysis. Which of the following is the BEST approach for isolating the system?
Physically disconnecting the system from the network
Which of the following attacks is a SYN flood attack an example of?
Protocol DDoS
The CIS benchmark implementation tool allows your organization to select and configure a set of CIS Benchmarks based on their industry and organization type. What else does the implementation tool allow you to do?
Provides access to a repository of detailed configuration settings for specific technologies and systems.
Which type of KPI (Key Performance Indicator) indicates the percentage of cybersecurity resources an organization assigns to different areas (such as prevention and detection)? Select the correct answer from the drop-down list.
Resource Allocation
The following are several common Linux commands with a brief description on the right. Drag a command on the left to its appropriate description on the right.
Retrieves content from an HTTP server.-wget Displays the contents of a directory.-Ls Displays the content of a file.-cat Copies a file or directory.-cp Creates an empty file.-touch
A security engineer is looking to improve the security of their email system. The system has a built-in reporting mechanism showing what can improve overall security and rates the current setup. What component of vulnerability reporting does this feature relate to?
Risk Score
A tire sales and servicing company has implemented a security patch to fix a known vulnerability in their web server's ordering system. But shortly after implementation, the company receives calls from customers that the ordering system is no longer functioning as intended. What is the BEST course of action to take next?
Rollback
EternalBlue, also known as CVE-2017-0148, has a CVSS score of 9.3. It is an exploit that allows remote attackers to execute arbitrary code via crafted packets and applies to many Windows operating systems prior to recent versions of Windows 10, an extremely popular and ubiquitous operating system. Which CVSS metric is likely the most influential factor in generating such a high CVSS score?
Scope
Costs that are easily identifiable and quantifiable (such as damaged hardware, stolen passwords, and lost or corrupted data) are considered which type of impact?
Tangible
A company has experienced a series of cyber attacks over the past few months, including phishing emails, malware infections, and ransomware attacks. The security team wants to implement a new system to monitor and identify potential vulnerabilities. What type of metric can help the company process and prioritize remediation efforts?
Top 10 lists
During which phase of the kill chain framework is malware code encapsulated into commonly used file formats, such as PDF files, image files, or Word documents?
Weaponization
Which of the following BEST defines a vulnerability report action plan?
An action plan outlines the steps, resources, and timelines required to achieve specific goals in response to a vulnerability report.
During which phase of the incident response life cycle do you isolate affected systems and restrict communication to only trusted individuals?
Containment
The lead security administrator of a diploma manufacturing and distribution company has discovered a vulnerability in the company's ordering software. Luckily, the software vendor has come out with a patch. The administrator would like to start work on this effort during the upcoming maintenance window. What is the BEST way to ensure that the patch does not cause any unintended consequences or disruptions to the system?
TEsting
A security analyst performs incident response activities after a recent security incident. They need to analyze a suspicious email attachment and verify the email's authentication to determine the attack's origin. Which tool should the analyst utilize to accomplish these tasks?
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Implementing security controls is an essential component of mitigating application attacks. Which of the following security controls are often implemented for end-of-life or outdated components? (Select two.)
Implement compensating controls. Use containerization or virtualization.
A healthcare provider has recently experienced a data breach resulting from sniffing attacks against its employee web portal for authentication. The incident response team needs to provide recommendations for improving the organization's response plan. Which of the following recommendations would be the MOST effective?
Implementing multi-factor authentication
Which of the following tools allows a domain owner to specify email servers that can send an email in the domain, and which servers are not allowed to send emails?
SPF
A security administrator wants to schedule regular vulnerability scans to maintain the security of the organization's systems and networks. What is the purpose of this process?
Scanning interval
You are testing a new application using a combination of known and unknown testing. How would you BEST describe this approach?
You are engaged in partially known testing.
There are different variations of shells that are used in Linux and Unix operating systems and each has its own syntax. Which of the following shell command processor types supports many plugins to expand its functionality?
Z Shell (zsh)
A security administrator is testing their organization's database server, which services a publicly accessible web application server. The security administrator sends unexpected input combined with arbitrary commands to the web application to determine whether the database server is vulnerable. What kind of vulnerability is the security administrator testing?
Injection flaws
Mary has been receiving text messages that contain links to malicious websites. Which type of attack is Mary a victim of?
SMiShing
A security analyst is reviewing a vulnerability report and notices that the report has presented the same vulnerability for the past three months. The report also shows that the vulnerability is present in the same system each month. What does this indicate?
A recurring vulnerability trend
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?
ACME, Inc.
A security team reviews an incident where someone made unauthorized changes to a system and granted certain users unauthorized privileges. The team needs to recommend the most suitable control type to avoid such incidents in the future. Which of the following control types should the security team recommend?
Preventive controls
Which of the scenarios below might justify using a MAC address spoofing tool when connecting to your company's network? (Select two.)
A new web server that is for internal-only use has a firewall that only allows a list of six devices to access resources. You need to verify all other MAC addresses are blocked. You want to test the list of banned MAC addresses on your network.
A security administrator is struggling to prioritize vulnerability remediation due to resource constraints. Which of the following may inhibit the security administrator's task?
Business process interruption
A large grass seed corporation wants to proactively monitor for potential cyber threats to its grass seed total management system containing customer payment information, the company's own bank accounts, and all historical orders. Which type of threat hunting focus area does this most closely represent?
Business-critical assets and processes
A bitcoin millionaire logs into a crypto account and simultaneously checks their email. The millionaire sees an email tempting free bitcoin for answering survey questions. The bitcoin millionaire then clicks the link to answer the survey. Unfortunately, unbeknownst to the millionaire, the link initiates a transfer of funds from the user's crypto wallet to the wallet of a hacker syndicate. What type of vulnerability does this situation describe?
CSRF
A software development company is conducting training sessions for its employees to improve their security awareness. The company aims to ensure that the training is effective and helps prevent future security incidents. How can the company incorporate lessons learned from past security incidents to contribute to the training program's success?
Conduct tabletop exercises based on scenarios of past incidents
Threats are usually ranked from high to low. A higher number indicates a dangerous threat. A lower number indicates threats that may be annoyances but aren't necessarily malicious in nature. What is this high-to-low scale known as?
Confidence level
The cybersecurity leadership team of a company is reviewing its incident response plan (IRP) and must consider the role of business continuity (BC) and disaster recovery (DR) in the IRP. How should the company account for BC/DR in its incident response plan?
Develop and test BC/DR plans for operational resilience.
Ron, a hacker, wants to gain access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
A network administrator has noticed a series of unusual network activities that indicate a possible cyberattack. The administrator analyzes the event using a framework that explores the relationships among four core features: adversary, capability, infrastructure, and victim. Which of the following methodologies would the network administrator use for the review?
Diamond Model of Intrusion Analysis
A social media website for pets permits users to upload videos of their pets for others to see. However, the application does not properly sanitize the filenames, and an attacker uploads a file with a malicious filename. By manipulating the filename, the attacker can access files on the server without access authorization. What type of vulnerability does this situation describe?
Directory traversal
A network administrator at a small business is concerned about the increasing number of phishing attacks that are targeting the organization's employees. The administrator wants to implement a solution to help protect the organization from these types of attacks. Which of the following solutions would be the MOST appropriate for the network administrator to use in this scenario?
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
A security analyst is analyzing the activities of an incident response team during a recent security breach. They find that unauthorized privileges were granted to a user account, and there was unexpected outbound communication from the compromised system. Which of the following actions should the analyst prioritize to mitigate the risks associated with these issues?
Isolate the compromised system.
Which of the following describe the characteristics of a known threat? (Select two.)
It can be identified by security monitoring tools such as an antivirus program or IDS. It generates an alert when the security monitoring device comes across a matching signature.
Which of the following options describe the benefits of reducing the attack surface and limiting access to sensitive resources? (Select two.)
It helps to reduce the risk of unauthorized access to sensitive data. It enhances the ability to detect and respond to anomalous activity.
A company is trying to determine how to handle the fallout of an executive that was arrested for embezzlement. Even though their customer's money is secure, they want to ensure there is not a run on the bank for withdrawals. Who should they work with to release details to the public?
Media
Which of the following ICS components is a special network protocol that controller systems use to communicate with each other?
Modbus
What would cause the attack complexity to be high in the Common Vulnerability Scoring System (CVSS)?
More complexity may mean less chance of success.
A user might enter a password and then be prompted to enter a security code that's sent to his or her mobile device. Which of the following is this an example of?
Multi-factor authentication
The security operations center (SOC) manager has ordered an analyst to fingerprint some of a new client's systems. Which of the following aligns most with performing fingerprinting as the SOC manager requested?
Perform a scan looking to focus attention on individual devices to understand their purpose better.
During which phase of the incident response life cycle do you reinforce your systems, policies, and procedures to ensure that your resources are well secured?
Preparation
Ron, a hacker, wants to gain access to a prestigious law firm he has been watching for a while. He has been going through the law firm's official website and social media. He's also been doing some dumpster diving outside the firm's office. Which phase of the social engineering process is Ron in?
Research phase
Which of the following KPI measurements allow you to compare the results with those of other organizations?
Risk Assessment
A new Chief Information Security Officer (CISO) for a retail company wants to have real-time analysis of security incidents across the enterprise. To this end, the CISO asks a more experienced security architect for advice. What system does the security architect advise the CISO to implement for this purpose?
Security information and event management (SIEM)
An unauthenticated attacker exploited a company's web portal that contains customer information, where customers can view their account profile, such as their name, email address, and account balance. Each customer has a unique ID and password used to retrieve their information from the database. However, the attacker noticed that the system enabled the default database account on this application. As a result, the attacker successfully authenticated the account using default credentials and began stealing data. What kind of web application vulnerability did the attacker exploit?
Security misconfiguration
Which method is used to limit and identify suspicious traffic by separating a network into manageable chunks?
Segmentation
Which of the following are security benefits of using software-defined networking (SDN) and virtualization in a network environment? (Select two.)
Simplified network segmentation and isolation for easier threat containment Increased network agility for faster deployment of security controls
As the company security analyst, you are using the SIEM dashboard to follow up on some suspicious authentication failures. You click on the authentication failure number to filter the view to the matching events as illustrated below. The view of the authentication failure events indicates several other problems. Besides authentication failures, which of the following are other problems that are listed in the review? (Select two.)
Successful access to the root account A change to a user password
In which of the kill chain phases of an attack is the malware code encapsulated into commonly used file formats such as PDF files, image files, or Word documents?
Weaponization
A support manager is deploying multifactor authentication (MFA) in a corporate office. What is true of MFA? (Select three.)
With MFA in place, a username and password can be breached but are unusable without the additional factor. Using at least two of the three factors of authentication is called multifactor authentication (MFA). MFA can use multiple authentication factors combined with authentication attributes
Your network has been subject to a variety of network attacks and you are currently monitoring the user logs for suspicious activity, yet further attacks are still occurring. Which additional step could you take to increase network security?
You could regularly scan your system for vulnerabilities.
