Which two technologies or methods can the organization use to passively monitor all inbound and outbound network traffic? (Select TWO.), Sinkhole, Fingerprinting, Network tap, Port mirror, How is bus encryption used in PCs?, To assist with data encryption before storage to improve performance., To provide a secure communication path between PCs and internet resources., To help enforce DRM. (Digital Rights Management), To prevent rootkit or bootkit malware infections., An NIDS on a company perimeter network alerts on a rapid increase in traffic. Analysis shows a small number of external computers sending high levels of traffic to a perimeter web server that hosts a business-critical service. What should the company do first to resolve this issue?, Deploy a honeypot, Change server IP, Block IPs via ACL, Relocate the server, A company decides to use fuzz testing to perform dynamic tests for software and operating system vulnerability testing. The company plans to initially use blackbox fuzzing but follow up with whitebox fuzzing in potential areas of concern. Which two types of vulnerabilities is the company MOST likely to see reported in the fuzz testing result report? (Choose two.), Weak encryption, Keyloggers, SQL injection, Buffer overflow, Spyware, Which two types of vulnerabilities is the company MOST likely to see reported in the fuzz testing result report? (Choose two.), Buffer overflow, SQL injection, Spyware, Keyloggers, Weak encryption, Which of the following MOST likely refers to communication to be sent only to technical stakeholders and not leadership?, Step-by-step escalation instructions, Daily updates on remediation, Notice of major findings, Summary with KPIs, A security administrator receives the results of a vulnerability scan. Upon investigation, the administrator discovers the information shown in the exhibit. Which of the following is the best recommendation for mitigating this and similar risks in the future?, Configuration management, Asset management, Patch management, Vulnerability management, Following a serious security breach in which a virus infected an email server, an organization deploys an IDS that alerts on known IOCs. The security administrator ensures the IDS is updated daily. However, the organization recently suffered another malware outbreak. What is the BEST way to mitigate the risk of similar future attacks?, Configure the IDS to ingest data from a TAXII server., Enable DLP on the mail server., Implement behavior-based detection on the existing IDS., Deploy a NIPS between the core switch and the firewall., As part of an organization’s risk mitigation planning, an incident response (IR) team has been formed and an incident response plan (IRP) has been drafted and approved by management. The IR team leader would like to meet with the team and review each member’s role. The team leader also plans to guide the team through a simple IR scenario. What should the IR team leader do?, Threat modeling exercise, Parallel test w/ IT, Schedule tabletop exercise, Review IRP checklist, A security consultant prepares a risk impact probability chart based on risk assessment. For which risk assessment ranking should the consultant recommend that the organization develop contingency plans?, Low likelihood / high impact, High likelihood / high impact, Low likelihood / low impact, High likelihood / low impact, A company’s perimeter network includes a secure web server, a NAT server, an FTP server, and a DNS server. Remote clients have been targeted by man-in-the-middle attacks. The company wants to require remote client connections through encrypted VPN connections only. Clients need to connect with multiple server types, and firewall changes must be kept to a minimum. What type of VPN should the company use?, L2TP, SSL portal VPN, PPTP, SSL tunnel VPN, Which of the following is NOT a common vulnerability in SCADA systems?, Malware infection risk, Public technical info, Inability to use IDS, Corporate internet links, A bank’s website was recently hacked and encryption keys were stolen. The bank has upgraded the web and database servers but wants to ensure encryption keys are stored as securely as possible. Which is the best method for securely storing encryption keys?, Install a TPM, Use SSL accelerator, Use an HSM, Encrypt with AES, When should law enforcement be contacted as part of an incident response?, Only after getting authorization from management, Immediately, once it is verified that an incident has occurred., Immediately, when it is obvious that a law has been broken, Only when directed to do so by the internal legal department, A company’s disaster recovery plan (DRP) includes: “Continued business operations require at least one public web server to be returned to service with the content not older than the last 24 hours.” “ContinWhich of the following is this an example of?, RPO, MTTR, RTO, MTBF, Hospital plans to deploy a patient management app on tablets. Потрібно захистити дані під час передачі (in transit). Умова: solution does not require any special configuration on the tablets, Deploy a firewall, VPN concentrator, Federated authentication, Deploy PKI and require TLS (працює на рівні протоколу HTTPS), Which three of the following are types of static code analysis?, Data flow analysis, Symbolic execution, Hoare logic, Fuzzing, After a breach, an organization follows NIST SP 800-61. During the final phase, it is considering legal action against the attacker. What should the organization consider regarding collected evidence data?, Data retention policy, File hashes, Security training, IPsec transport, A company suffered a data breach when a user installed a malware-infected movie player on their work tablet. The system administrator must prevent unauthorized software installations on all company-owned devices. Which technology should be implemented?, Host-based IDS, Group Policy, Anti-malware, Application whitelist, When should human resources (HR) be notified in incident response?, When an employee is aware, When sensitive data is compromised, When user data is compromised, When an employee is involved, When should law enforcement be contacted by the incident response team?, Any time an incident is detected., After incident is resolved., Only if PII or IP is involved., Any time a crime is suspected., A software development team develops ecommerce software. The team needs to actively search their code for bugs, coding mistakes, and vulnerabilities, and fix them as quickly as possible. What should the development team do?, Perform unit testing, Deploy infrastructure as code, Deploy continuous integration, Perform regression testing, A security consultant ran a vulnerability scan. Many assets that should be in scope are not appearing in the scan results. What change should be made in the scan configuration?, Run outside business hours, Run credentialed assessment, Include all required subnets, Set scan to use less resources, The incident response team collects a hard disk at an incident site and it may be used as evidence in a trial. The team needs to be able to show that the drive contents have not changed since collection. What should the team use?, Chain of custody form, Write blocker, Forensic disk image, Hash utility, An organization discovers that its systems are frequently being breached due to inconsistent or improper configurations. The organization needs a way to scan systems and ensure that they are in compliance with a hardened system configuration baseline. Which technology or platform should the organization deploy?, STIX, SIEM, SOAR, SCAP, A government contractor discovers that a batch of recently procured laptops are infected with malware. The contractor determines that the malware was installed at a shipping warehouse. In order to prevent this issue in the future, which two methods can the contractor employ to verify hardware and software authenticity? (Select TWO.), Anti-tampering devices, Full disk encryption, PKI, File system hashing, You need to ensure that select network data, such as company emails, are not deleted or changed. If an unauthorized change does occur, the original version of the file should remain available. What should you use to accomplish this?, Hashing, Chain of custody, DLP, Legal hold, You need to ensure that select network data, such as company emails, are not deleted or changed. If an unauthorized change does occur, the original version of the file should remain available. What should you use to accomplish this?, Chain of custody, Hashing, DLP, Legal hold, A banking customer reports that an unapproved transfer has been posted to their account. Upon investigation, a security analyst determines that the bank’s website does not properly manage user sessions and it is vulnerable to CSRF attacks. What should the bank do to mitigate this risk?, Use Base64 to encode all data sent by web clients., Implement message throttling on all web servers., Append unpredictable challenge tokens to requests., Implement strict input validation on all web forms., An ecommerce auction site allows clients to post auctions using a REST API. A security analyst is concerned about API key security. Which two methods should the analyst recommend for securing API keys? (Choose two.) A. Store keys in the API configuration. B. Restrict key usage to known IPs. C. Require TLS for all connections. D. Require clients to hash API keys., A. Store keys in the API configuration., C. Require TLS for all connections., B. Restrict key usage to known IPs., D. Require clients to hash API keys., Для чого використовують TLS при роботі з API keys?, Щоб збільшити швидкість, Щоб ключ не перехопили, Щоб приховати DNS, Щоб вимкнути логування, Що дає IP restriction для API keys?, Зберігання в браузері, Авто видалення логів, Відключення шифрування, Дозвіл лише з IP, Що означає key rotation?, Регулярна зміна ключів, Відкритий доступ до ключів, Відключення обмежень, Збереження ключів у коді, Навіщо потрібні short-lived tokens?, Ключ у URL, Без автентифікації, Менший час дії, Постійний доступ, Який підхід краще для зменшення ризику компрометації ключа?, Key rotation, HTTP без TLS, Ключ у Git, Один ключ назавжди, Що є правильною практикою для обмеження використання API key?, Передавати у відкритому вигляді, Вставити у фронтенд, IP restriction, Ділитись публічно, Яка практика зменшує наслідки витоку API key?, Зберігати в чаті, Вимкнути TLS, Один ключ для всіх, Short-lived tokens, Який метод захищає API key під час передачі мережею?, Plain HTTP, TLS, Відкритий Wi‑Fi, Публічний лог, Що потрібно робити з API keys протягом життєвого циклу?, Публікувати у README, Передавати у URL, Робити rotation, Ніколи не змінювати, Для API keys правильні методи, TLS — щоб ключ не перехопили, key rotation, IP restriction — щоб ключ працював тільки з певних IP, short-lived tokens, Any of above , An organization receives, processes, and stores highly sensitive data. As part of a multipronged approach to secure data in use, at rest, and in motion, the company has decided to deploy Trusted Platform Module (TPM) technology. Which of the following describes the primary benefit of this technology?, Whole disk encryption, Exfiltration prevention, Trusted execution environments, Host-based intrusion detection, A company recently hired a dedicated security administrator. The administrator’s first action will be to deploy a HIDS that makes decisions based on statistical data. What benefit will the new HIDS provide?, Cyber threat intelligence will be synchronized to detection nodes., Higher throughput for latency-sensitive applications will be ensured., Node behavior will be tracked and analyzed against a baseline., Systems will be protected from unintentional data exfiltration., A company recently hired a dedicated security administrator. The administrator’s first action will be to deploy a HIDS that makes decisions based on statistical data. What benefit will the new HIDS provide?, Node behavior will be tracked and analyzed against a baseline., Systems will be protected from unintentional data exfiltration., Higher throughput for latency-sensitive applications will be ensured., Cyber threat intelligence will be synchronized to detection nodes., A company detects an incident that impacts multiple offices in various locations in its network. The incident has been verified, but the incident response team has not yet been able to determine the scope of the incident or all of the devices and servers that are involved. The incident response team includes personnel from different departments within the company. The need for secure and timely communication between team members is critical. What should they use for communication?, Email , Printed and face-to-face communication, Personal mobile devices, VoIP communication, A company wants to log only warning, error, and critical syslog messages. Which message severity level values should be included in the log?, 5 and higher, 4 and higher, 4 and lower, 3 and lower, A hardware supplier plans to bid for a government contract. The contract stipulates that bidders must provide evidence to show that component authenticity and integrity are closely monitored. What should the supplier do to meet this requirement?, Deploy TEMPEST at all supply chain source locations., Ensure that processes are compliant with Trusted Foundry., Configure all IDS and IPS systems to utilize TAXII feeds., Ensure that all communications are protected with S/MIME., An incident response analyst has been told to be extremely cautious with forensic evidence and to always document the chain of custody. Which of the following are important components of chain of custody reporting in incident response? (Select TWO.), Time evidence was collected, Type of malware detected, Who handled the evidence, Identity of the suspected threat actor, A security consultant notices that a client they are working with is giving users local administrator rights so that they can install the specialized software they need for their roles. What should the consultant suggest as a way to increase security, automate the process, and reduce the need for human interaction during system deployment?, Create and deploy golden images based on job roles., Only give managers local administrator rights and have them install the software., Only use cloud-based SaaS., Put all of the software any employee needs across the entire company on every system., At what point in the SDLC is test planning initiated?, During the test phase, During implementation and coding, After design and before implementation and coding, After requirement gathering and analysis, and before design, A cybersecurity analyst is responding to an incident that involves ePHI. What would be impacted by the reporting of this incident?, GDPR, PCI DSS, COPPA, HIPAA, Which statement about SED security is accurate?, SED wiped when moved, Change DEK periodically, Remains unlocked after restart, TPM 2.0 only, The incident response team is investigating a possible incident. To which parties should communication be limited during the initial investigation?, Trusted parties , Affected users, Management, Law enforcement, A company completes its vulnerability scans as part of the implementation for an information security management process. The company is finalizing its remediation plans, and the legal team is working with in-house technicians to determine if there are any inhibitors to remediation. Which agreements should the legal team consider as inhibitors to remediation? (Choose two.), NDA , AUP, SLA , MOU , EULA , security consultant recommends implementing company computers that run Microsoft Windows 10. What are the two hardware prerequisites for measured boot? (Select TWO.), FPGA, BIOS , HSM, TPM , UEFI , A critical database server is experiencing intermittent performance issues; however, it does not exhibit any other symptoms of a possible malware infection. All applications, services, and data on the server are scanned for potential problems. A signature-based analysis scan does not report any problems. A heuristic-based analysis scan reports three possible malware infections. Which statement BEST describes what is evident from the scan reports?, Signatures out-of-date, Further investigate, Take offline now, Definitely false positives, What is a role of eFuse in computing devices?, Shutdown on malware, Prevent firmware downgrade, Encrypt removable devices, Detect/archive power events, What is a role of eFuse in computing devices?, Detect/record power events, Prevent firmware downgrade, Shut down on malware, Removable encryption, The CISO states that the mean time to respond to incidents is currently unacceptably high. Which of the following options could help to reduce the mean time to respond? (Select TWO)., Update signatures, Implement a SOAR solution, Employ a 24/7/365 managed SOC, Test backups frequently, Each university in a consortium actively performs threat hunting on their networks and systems. Rather than duplicate efforts, consortium members are interested in sharing cyber threat intelligence. Which option can help the consortium meet this requirement?, TAXII, OWASP, EDR, IoA, The CISO is currently reviewing root cause analysis findings and preparing a report based on the discoveries made throughout the incident response process. What is the importance of root cause analysis in incident response reporting?, It helps to identify the underlying causes of the incident to prevent similar incidents from occurring in the future., It removes the requirement for reporting the incident to regulatory authorities., It allows organizations to mitigate possible legal liability caused by the incident., It provides documentation of the way that critical evidence was handled during the incident., A vulnerability scan (e.g., Nessus) identifies several known CVEs on a production database server. What should the analyst do FIRST to mitigate the issue?, Update anti-malware signatures., Install an HIDS on the server., Install any missing updates., Disable services listed in CVEs., ISO 27002 is a popular framework for security controls. The ISO 27002 framework document separates controls into four different categories. Which category would include the use of vulnerability scanning tools like Nessus or OpenVAS?, Technological controls, Organizational controls, People controls, Physical controls, A security administrator receives the results of a vulnerability scan. Upon investigation, the administrator discovers the information shown in the exhibit. Which of the following is the best recommendation for mitigating this and similar risks in the future?, Configuration management, Patch management, Asset management, Vulnerability management, A security analyst is contracted to identify security risks in an organization. The analyst discovers several instances in which sensitive information was disclosed outside of the organization. It appears that most, if not all of the disclosures were inadvertent. Most instances occurred through email messages. The company provides a training program to help users better recognize what is and what is not considered sensitive data. The analyst recommends implementing technical controls to prevent the release of data. What should the company implement?, DRM, DLP, NDA, Watermarking, A CISO is in the Preparation phase of NIST SP 800-61’s Incident Response Life Cycle and is working on the communication plan. Which members of staff should the CISO include in this plan from the organization?, All stakeholders, including members of the IT department and cybersecurity, senior leaders and executives, and any relevant employees from other departments, Only department managers, Only senior leaders and executives, Only the IT department and cybersecurity, A security analyst is using Burp Suite to test a web application. The analyst wants to modify a captured HTTP request, insert a payload, and send multiple requests to observe how the application responds. Which of the following Burp Suite tools should the analyst use? A) Inspector B) Target C) Sequencer D) Intruder, Inspector, Intruder, Target, Sequencer, Which of the following would NOT be considered in the scope of impact of the incident when determining the severity of the impact and prioritizing a response?, Downtime, Economic, Recovery time, Data integrity, Which information is NOT available through the firewall logs?, Firewall action, Firewall rule, Packet protocol, Source/destination MACs, Source/destination IPs.

Cysa+

by
Print
Embed

Leaderboard

Visual style

Options

AI Enhanced: This activity contains content generated by AI. Learn more.

Switch template

)
Continue editing: ?