Black Friday / Cyber Monday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CS0-002 Questions and Answers

Question # 6

A security learn implemented a SCM as part for its security-monitoring program there is a requirement to integrate a number of sources Into the SIEM to provide better context relative to the events being processed. Which of the following B€ST describes the result the security learn hopes to accomplish by adding these sources?

A.

Data enrichment

B.

Continuous integration

C.

Machine learning

D.

Workflow orchestration

Full Access
Question # 7

An organization is focused on restructuring its data governance programs and an analyst has been Tasked with surveying sensitive data within the organization. Which of the following is the MOST accurate method for the security analyst to complete this assignment?

A.

Perform an enterprise-wide discovery scan.

B.

Consult with an internal data custodian.

C.

Review enterprise-wide asset Inventory.

D.

Create a survey and distribute it to data owners.

Full Access
Question # 8

A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:

Which of the following BEST describes what the analyst Just found?

A.

Users 4 and 5 are using their credentials to transfer files to multiple servers.

B.

Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

C.

An unauthorized user is using login credentials in a script.

D.

A bot is running a brute-force attack in an attempt to log in to the domain.

Full Access
Question # 9

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

Which of the following ports should be closed?

A.

22

B.

80

C.

443

D.

1433

Full Access
Question # 10

A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network Customers are not authorized to alter the configuration The company deployed a software process to manage unauthorized changes to the appliance log them, and forward them to a central repository for evaluation Which of the following processes is the company using to ensure the appliance is not altered from its ongmal configured state?

A.

CI/CD

B.

Software assurance

C.

Anti-tamper

D.

Change management

Full Access
Question # 11

A development team has asked users to conduct testing to ensure an application meets the needs of the business. Which of the fallowing types of testing docs This describe?

A.

Acceptance testing

B.

Stress testing

C.

Regression testing

D.

Penetration testing

Full Access
Question # 12

A security analyst discovers suspicious host activity while performing monitoring activities. The analyst pulls a packet capture for the activity and sees the following:

Which of the following describes what has occurred?

The host attempted to download an application from utoftor.com.

B. The host downloaded an application from utoftor.com.

C. The host attempted to make a secure connection to utoftor.com.

D. The host rejected the connection from utoftor.com.

Full Access
Question # 13

An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

A.

Duplicate all services in another instance and load balance between the instances.

B.

Establish a hot site with active replication to another region within the same cloud provider.

C.

Set up a warm disaster recovery site with the same cloud provider in a different region

D.

Configure the systems with a cold site at another cloud provider that can be used for failover.

Full Access
Question # 14

A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns:

Which of the following source IP addresses does the analyst need to investigate further?

A.

10.18.76.179

B.

10.50.180.49

C.

192.168.48.147

D.

192.168.100.5

Full Access
Question # 15

Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient.

Which of the following controls would have MOST likely prevented this incident?

A.

SSO

B.

DLP

C.

WAF

D.

VDI

Full Access
Question # 16

A team of network security analysts is examining network traffic to determine if sensitive data was exfitrated Upon further investigation, the analysts believe confidential data was compromised. Which of me following capattlnes would BEST defend against tnts type of sensitive data eifiitraUon?

A.

Deploy an edge firewal.

B.

Implement DLP

C.

Deploy EDR.

D.

Enaypi the hard drives

Full Access
Question # 17

Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

A.

Smart cards

B.

Multifactor authentication

C.

Biometrics

D.

Increased password-rotation frequency

Full Access
Question # 18

Which of the following BEST explains the function of a managerial control?

A.

To help design and implement the security planning, program development, and maintenance of the security life cycle

B.

To guide the development of training, education, security awareness programs, and system maintenance

C.

To create data classification, risk assessments, security control reviews, and contingency planning

D.

To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

Full Access
Question # 19

During the threal modeling process for a new application that a company is launching, a security analyst needs to define methods and items to take into consideralion Wtiich of the following are part of a known threat modeling method?

A.

Threat profile, infrastructure and application vulnerabilities, security strategy and plans

B.

Purpose, objective, scope, (earn management, cost, roles and responsibilities

C.

Spoofing tampering, repudiation, information disclosure, denial of service elevation of privilege

D.

Human impact, adversary's motivation, adversary's resources, adversary's methods

Full Access
Question # 20

An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

A.

SCADA

B.

CAN bus

C.

Modbus

D.

IoT

Full Access
Question # 21

The Chief information Officer of a large cloud software vendor reports that many employees are falling victim to phishing emails because they appear to come from other employees. Which of the following would BEST prevent this issue

A.

Induce digital signatures on messages originating within the company.

B.

Require users authenticate to the SMTP server

C.

Implement DKIM to perform authentication that will prevent this Issue.

D.

Set up an email analysis solution that looks for known malicious Iinks within the email.

Full Access
Question # 22

After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

A.

Header analysis

B.

File carving

C.

Metadata analysis

D.

Data recovery

Full Access
Question # 23

An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?

A.

Require all remote employees to sign an NDA

B.

Enforce geofencmg to limit data accessibility

C.

Require users to change their passwords more frequently

D.

Update the AUP to restrict data sharing

Full Access
Question # 24

A security analyst is running a tool against an executable of an unknown source. The Input supplied by the tool to the executable program and the output from the executable are shown below:

Which of the following should the analyst report after viewing this Information?

A.

A dynamic library that is needed by the executable a missing

B.

Input can be crafted to trigger an Infection attack in the executable

C.

The toot caused a buffer overflow in the executable's memory

D.

The executable attempted to execute a malicious command

Full Access
Question # 25

A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?

A.

Violating national security policy

B.

Packet injection

C.

Loss of intellectual property

D.

International labor laws

Full Access
Question # 26

An organization has several systems that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

A.

Use SSO across all applications

B.

Perform a manual privilege review

C.

Adjust the current monitoring and logging rules

D.

Implement multifactor authentication

Full Access
Question # 27

A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.

Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

A.

Tool A is agent based.

B.

Tool A used fuzzing logic to test vulnerabilities.

C.

Tool A is unauthenticated.

D.

Tool B utilized machine learning technology.

E.

Tool B is agent based.

F.

Tool B is unauthenticated.

Full Access
Question # 28

A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 29

Which of the following BEST articulates the benefit of leveraging SCAP in an organization’s cybersecurity analysis toolset?

A.

It automatically performs remedial configuration changes to enterprise security services

B.

It enables standard checklist and vulnerability analysis expressions for automation

C.

It establishes a continuous integration environment for software development operations

D.

It provides validation of suspected system vulnerabilities through workflow orchestration

Full Access
Question # 30

Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.

INSTRUCTIONS

Click on me ticket to see the ticket details Additional content is available on tabs within the ticket

First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

Full Access
Question # 31

A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?

A.

Risk exception

B.

Risk avoidance

C.

Risk tolerance

D.

Risk acceptance

Full Access
Question # 32

A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality.

Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

A.

Deidentification

B.

Encoding

C.

Encryption

D.

Watermarking

Full Access
Question # 33

A cybersecurity analyst is responding to an incident. The company’s leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

A.

Intelligence cycle

B.

Diamond Model of Intrusion Analysis

C.

Kill chain

D.

MITRE ATT&CK

Full Access
Question # 34

A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

Which of the following should the analyst review to find out how the data was exfilltrated?

A.

Monday's logs

B.

Tuesday's logs

C.

Wednesday's logs

D.

Thursday's logs

Full Access
Question # 35

Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client’s company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

A.

Enumeration and OS fingerprinting

B.

Email harvesting and host scanning

C.

Social media profiling and phishing

D.

Network and host scanning

Full Access
Question # 36

The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance audit and meet the following objectives:

  • Reduce the number of potential findings by the auditors.
  • Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the regulations.
  • Prevent the external-facing web infrastructure used by other teams from coming into scope.
  • Limit the amount of exposure the company will face if the systems used by the payment-processing team are compromised.

Which of the following would be the MOST effective way for the security team to meet these objectives?

A.

Limit the permissions to prevent other employees from accessing data owned by the business unit.

B.

Segment the servers and systems used by the business unit from the rest of the network.

C.

Deploy patches to all servers and workstations across the entire organization.

D.

Implement full-disk encryption on the laptops used by employees of the payment-processing team.

Full Access
Question # 37

A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

A.

Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report

B.

Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.

C.

Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate

D.

Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.

Full Access
Question # 38

An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

A.

Patching logs

B.

Threat feed

C.

Backup logs

D.

Change requests

E.

Data classification matrix

Full Access
Question # 39

A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.

Which of the following solutions would meet this requirement?

A.

Establish a hosted SSO.

B.

Implement a CASB.

C.

Virtualize the server.

D.

Air gap the server.

Full Access
Question # 40

An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

A.

Root-cause analysis

B.

Active response

C.

Advanced antivirus

D.

Information-sharing community

E.

Threat hunting

Full Access
Question # 41

As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.

Which of the following BEST describes this test?

A.

Walk through

B.

Full interruption

C.

Simulation

D.

Parallel

Full Access
Question # 42

A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future?

A.

Motion detection

B.

Perimeter fencing

C.

Monitored security cameras

D.

Badged entry

Full Access
Question # 43

A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities The type of vulnerability that should be disseminated FIRST is one that:

A.

enables remote code execution that is being exploited in the wild.

B.

enables data leakage but is not known to be in the environment

C.

enables lateral movement and was reported as a proof of concept

D.

affected the organization in the past but was probably contained and eradicated

Full Access
Question # 44

Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)

A.

Parameterized queries

B.

Session management

C.

Input validation

D.

Output encoding

E.

Data protection

F.

Authentication

Full Access
Question # 45

A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team’s NEXT step during the detection phase of this response process?

A.

Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.

B.

Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.

C.

Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.

D.

Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

Full Access
Question # 46

A critical server was compromised by malware, and all functionality was lost. Backups of this server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly?

A.

Work backward, restoring each backup until the server is clean

B.

Restore the previous backup and scan with a live boot anti-malware scanner

C.

Stand up a new server and restore critical data from backups

D.

Offload the critical data to a new server and continue operations

Full Access
Question # 47

For machine learning to be applied effectively toward security analysis automation, it requires.

A.

relevant training data.

B.

a threat feed API.

C.

a multicore, multiprocessor system.

D.

anomalous traffic signatures.

Full Access
Question # 48

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.

Which of the following should the analyst do NEXT?

A.

Decompile each binary to derive the source code.

B.

Perform a factory reset on the affected mobile device.

C.

Compute SHA-256 hashes for each binary.

D.

Encrypt the binaries using an authenticated AES-256 mode of operation.

E.

Inspect the permissions manifests within each application.

Full Access
Question # 49

In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

A.

SCAP

B.

Burp Suite

C.

OWASP ZAP

D.

Unauthenticated

Full Access
Question # 50

A company’s data is still being exfiltered to business competitors after the implementation of a DLP solution. Which of the following is the most likely reason why the data is still being compromised?

A.

Printed reports from the database contain sensitive information

B.

DRM must be implemented with the DLP solution

C.

Users are not labeling the appropriate data sets

D.

DLP solutions are only effective when they are implemented with disk encryption

Full Access
Question # 51

A large organization wants to move account registration services to the cloud to benefit from faster processing and elasticity. Which of the following should be done FIRST to determine the potential risk to the organization?

A.

Establish a recovery time objective and a recovery point objective for the systems being moved

B.

Calculate the resource requirements for moving the systems to the cloud

C.

Determine recovery priorities for the assets being moved to the cloud-based systems

D.

Identify the business processes that will be migrated and the criticality of each one

E.

Perform an inventory of the servers that will be moving and assign priority to each one

Full Access
Question # 52

The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network.

Which of the following would work BEST to prevent the issue?

A.

Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed.

B.

Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property.

C.

Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network.

D.

Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network.

Full Access
Question # 53

An analyst has received a notification about potential malicious activity against a web server. The analyst logs in to a central log collection server and runs the following command: “cat access.log.1 | grep “union”. The output shown below appears:

<68.71.54.117> – – [31/Jan/2020:10:02:31 –0400] “Get /cgi-bin/backend1.sh?id=%20union%20select%20192.168.60.50 HTTP/1.1”

Which of the following attacks has occurred on the server?

A.

Cross-site request forgery

B.

SQL injection

C.

Cross-site scripting

D.

Directory traversal

Full Access
Question # 54

A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

A.

parameterize.

B.

decode.

C.

guess.

D.

decrypt.

Full Access
Question # 55

An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?

A.

Software-based drive encryption

B.

Hardware security module

C.

Unified Extensible Firmware Interface

D.

Trusted execution environment

Full Access
Question # 56

A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for remote access to a portion of its VDI environment. The analyst verified network-level

authentication is enabled

Which of the following is the BEST remediation for this vulnerability?

A.

Verify the latest endpoint-protection signature is in place.

B.

Verify the corresponding patch for the vulnerability is installed^

C.

Verify the system logs do not contain indicator of compromise.

D.

Verify the threat intelligence feed is updated with the latest solutions

Full Access
Question # 57

A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation. Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

A.

Reverse engineering

B.

Dynamic analysis

C.

Strings extraction

D.

Static analysis

Full Access
Question # 58

A company’s Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user’s activity session. Which of the following is the BEST technique to address the CISO’s concerns?

A.

Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.

B.

Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.

C.

Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.

Monitor the files for unauthorized changes.

D.

Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.

Full Access
Question # 59

A company’s change management team has asked a security analyst to review a potential change to the email server before it is released into production. The analyst reviews the following change request:

Which of the following is the MOST likely reason for the change?

A.

To reject email from servers that are not listed in the SPF record

B.

To reject email from email addresses that are not digitally signed.

C.

To accept email to the company’s domain.

D.

To reject email from users who are not authenticated to the network.

Full Access
Question # 60

A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

A.

Logs may contain incorrect information.

B.

SAML logging is not supported for cloud-based authentication.

C.

Access to logs may be delayed for some time.

D.

Log data may be visible to other customers.

Full Access
Question # 61

Which of the following data security controls would work BEST to prevent real Pll from being used in an organization's test cloud environment?

A.

Digital rights management

B.

Encryption

C.

Access control

D.

Data loss prevention

E.

Data masking

Full Access
Question # 62

An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers.

Which of the following is a benefit of having these communication plans?

A.

They can help to prevent the inadvertent release of damaging information outside the organization.

B.

They can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.

C.

They can help to keep the organization's senior leadership informed about the status of patching during the recovery phase.

D.

They can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase.

Full Access
Question # 63

While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it. Which of the following is the BEST solution for the security analyst to implement?

A.

Block the domain IP at the firewall.

B.

Blacklist the new subnet

C.

Create an IPS rule.

D.

Apply network access control.

Full Access
Question # 64

An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:

A.

the responder’s discretion

B.

the public relations policy

C.

the communication plan

D.

senior management’s guidance

Full Access
Question # 65

Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?

A.

Ensuring the session identifier length is sufficient

B.

Creating proper session identifier entropy

C.

Applying a secure attribute on session cookies

D.

Utilizing transport layer encryption on all requests

E.

Implementing session cookies with the HttpOnly flag

Full Access
Question # 66

During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content Which of the following is the NEXT step the analyst should take?

A.

Only allow whitelisted binaries to execute.

B.

Run an antivirus against the binaries to check for malware.

C.

Use file integrity monitoring to validate the digital signature.

D.

Validate the binaries' hashes from a trusted source.

Full Access
Question # 67

A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:

The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

A.

This is a false positive and the scanning plugin needs to be updated by the vendor

B.

This is a true negative and the new computers have the correct version of the software

C.

This is a true positive and the new computers were imaged with an old version of the software

D.

This is a false negative and the new computers need to be updated by the desktop team

Full Access
Question # 68

A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

A.

Enabling application blacklisting

B.

Enabling sandboxing technology

C.

Purchasing cyber insurance

D.

Installing a firewall between the workstations and Internet

Full Access
Question # 69

A company’s senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position. On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day. Which of the following describes the access management policy in place at the company?

A.

Mandatory-based

B.

Host-based

C.

Federated access

D.

Role-based

Full Access
Question # 70

While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.

The analyst sees the following on the laptop's screen:

Which of the following is the BEST action for the security analyst to take?

A.

Initiate a scan of devices on the network to find password-cracking tools.

B.

Disconnect the laptop and ask the users jsmith and progers to log out.

C.

Force all users in the domain to change their passwords at the next login.

D.

Take the FILE-SHARE-A server offline and scan it for viruses.

Full Access
Question # 71

A security analyst is reviewing the following log entries to identify anomalous activity:

Which of the following attack types is occurring?

A.

Directory traversal

B.

SQL injection

C.

Buffer overflow

D.

Cross-site scripting

Full Access
Question # 72

While reviewing a cyber-risk assessment, an analyst notes there are concerns related to FPGA usage. Which of the following statements would BEST convince the analyst's supervisor to use additional controls?

A.

FPGAs are vulnerable to malware installation and require additional protections for their codebase.

B.

FPGAs are expensive to produce. Anti-counterierting safeguards are needed.

C.

FPGAs are expensive and can only be programmed once. Code deployment safeguards are needed.

D.

FPGAs have an inflexible architecture. Additional training for developers is needed

Full Access
Question # 73

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verity that a user's data is not altered without the user's consent Which of the following would be an appropriate course of action?

A.

Use a DLP product to monitor the data sets for unauthorized edits and changes.

B.

Use encryption first and then hash the data at regular, defined times.

C.

Automate the use of a hashing algorithm after verified users make changes to their data

D.

Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

Full Access
Question # 74

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

A.

Share details of the security incident with the organization's human resources management team

B.

Note the security incident so other analysts are aware the traffic is malicious

C.

Communicate the security incident to the threat team for further review and analysis

D.

Report the security incident to a manager for inclusion in the daily report

Full Access
Question # 75

A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

A.

The extended support mitigates any risk associated with the software.

B.

The extended support contract changes this vulnerability finding to a false positive.

C.

The company is transferring the risk for the vulnerability to the software vendor.

D.

The company is accepting the inherent risk of the vulnerability.

Full Access