Developers commit code frequently, automated builds and tests run, and integration issues are found early?, CI/CD, Continuous Delivery, Continuous Deployment, Continuous Integration, Everything is automated up to release, production deployment is manual, and the system is always ready to release?, Continuous Delivery, CI/CD, Continuous Deployment, Continuous Integration, A fully automated pipeline releases every validated change to production with no manual approval?, CI/CD, Continuous Delivery, Continuous Deployment, Continuous Integration, A combined approach that joins integration and delivery or deployment into one automated pipeline?, Continuous Delivery, CI/CD, Continuous Integration, Continuous Deployment, The practice of frequently merging code changes into a shared repository, followed by automated builds and tests?, Continuous Delivery, Continuous Integration, Continuous Deployment, CI/CD, Code changes are automatically built, tested, and prepared for release to production, but deployment needs manual approval?, Continuous Deployment, CI/CD, Continuous Delivery, Continuous Integration, Every validated change is automatically released to production without human intervention?, Continuous Deployment, CI/CD, Continuous Integration, Continuous Delivery, Which term matches this definition: a unified automated pipeline that combines continuous integration and continuous delivery or deployment?, Continuous Deployment, Continuous Delivery, Continuous Integration, CI/CD, Which concept focuses on code integration and testing?, CI/CD, Continuous Deployment, Continuous Integration, Continuous Delivery, Which concept focuses on end-to-end automation from code to production?, CI/CD, Continuous Integration, Continuous Deployment, Continuous Delivery, An attacker uses PsExec to create and start a service on a remote workstation after obtaining valid administrator credentials. What activity is MOST likely occurring?, B. Lateral movement, A. Credential dumping, C. DNS tunneling, D. Initial access via phishing, A security analyst reviews SIEM logs and sees the following event: RPC SVCCTL: CreateService "PSEXESVC" on a remote host Which activity is MOST likely occurring?, Data exfiltration, DNS tunneling, Web application fuzzing, Lateral movement, An EDR alert shows that powershell.exe executed a command containing DownloadString and connected to an external URL to retrieve additional code. Which activity is MOST likely occurring?, Payload download and execution, Passive discovery, Time synchronization, Password spraying, An endpoint detection tool reports that an unknown process attempted to access lsass.exe memory on a Windows workstation. Which attacker objective is MOST likely associated with this activity?, Backup restoration, DNS cache poisoning, Credential access, Initial reconnaissance, A file server generates alerts showing a large number of files being modified and renamed with the .enc extension within a short period of time. Which attack phase or objective is MOST likely represented?, Passive scanning, Impact, Secure configuration baseline, Credential dumping, During incident containment, analysts identify outbound connections from internal hosts to a known command-and-control IP address 203.0.113.55. The team must completely sever all communication with this destination. Which firewall ACL rule is BEST?, Allow only DNS traffic to 203.0.113.55, Allow ANY source to 203.0.113.55 over TCP 443, Deny 203.0.113.55 only for inbound traffic from the internet, Deny ANY source to 203.0.113.55 using IP/ANY protocol, A vulnerability is found on a customer-facing application server. The vulnerability has a CVSS score of 8.8, and public exploit code is available. What remediation priority should be assigned?, High, Low, Informational, Medium, Enter the general term for a measurable value used to show trends or performance in vulnerability management reporting., B. KPI, C. Indicator, A. Metric, D. Measurement, The SOC wants to map observed behaviors such as credential dumping, remote service creation, and scheduled-task persistence to a framework that supports detection engineering. Which framework is the best fit?, Cyber kill chain, MITRE ATT&CK, Chain of custody, Diamond Model of Intrusion Analysis, A company contracts with a cyber security analyst as part of a risk identification exercise. The analyst plans to interview individuals from each department in order to assess the risks each of them perceives related to the systems they own. Which of the following is the analyst planning to perform?, Qualitative risk analysis, Quantitative risk analysis, Risk prioritization, Threat modeling, A senior vulnerability analyst is reviewing the results of a recent vulnerability scan. There are multiple critical severity vulnerabilities in the findings, and the analyst has been tasked with identifying which vulnerabilities to remediate first. Which specific CVSS 3.1 metric would the analyst seek out to find which critical vulnerabilities could result in sensitive information being accessed or exfiltrated by attackers?, Confidentiality Impact, Confidentiality Requirement, Integrity Impact, Attack Vector, Representatives from cybersecurity, technical support, network administration, and corporate management are working together to develop business impact analysis (BIA) as part of the company’s business continuity plan. The team needs to develop guidelines for assessing criticality related to an incident. What should the team use as guidelines to help them to determine the criticality of an incident?, MTD, RPO, WRT, MTTR, A security analyst is contracted to identify security risks in an organization. The analyst discovers several instances in which sensitive information was disclosed outside of the organization. It appears that most, if not all, the disclosures were inadvertent. Most instances occurred through email messages. The company has a training program to help users better recognize what is and what is not considered sensitive data. The analyst recommends implementing technical controls to prevent the release of data. What should the company implement?, Watermarking, DLP, DRM, NDA, A company that processes protected health information (PHI) needs to provide remote access to its systems. Which of the following offers root of trust security and ensures that only trusted devices are allowed when connected via untrusted networks? VPN concentrator TPM-based attestation IPsec Transport mode MFA, MFA, VPN concentrator, TPM-based attestation, IPsec Transport mode, The CISO wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are in use that increase organizational risk. Which of the following solutions will best help reduce this risk?, Deploy a CASB and enable policy enforcement, Deploy an API gateway, Configure MFA with strict access, Enable SSO to the cloud applications, When starting an investigation, which of the following must be done first?, Notify law enforcement, Interview the witnesses, Seize all related evidence, Secure the scene, A company is implementing a vulnerability management program but has concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce access while still providing the most accurate vulnerability scan results?, Agent-based scanning, Passive scanning, Dynamic scanning, Credentialed network scanning, Cross-Domain Misconfiguration. Which tuning recommendations should the analyst share?, Set an HttpOnly flag to force communication by HTTPS, Disable the cross-origin resource sharing header, Block requests without an X-Frame-Options header, Configure an Access-Control-Allow-Origin header to authorized domains, During security scanning, a security analyst regularly finds the same vulnerabilities in a critical application. Which of the following recommendations would best mitigate this problem if applied along the SDLC phase?, Use application security scanning as part of the pipeline for the CI/CD flow, Ensure that all implemented coding libraries are regularly checked, Conduct regular red team exercises over the application in production, Implement proper input validation for any data entry form, An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?, Local law enforcement, PCI Security Standards Council, Federal law enforcement, Card issuer, The CEO of an organization learns that new attacks are being exploited roughly 45 days after a patch is released. Which of the following would best protect the organization against these attacks?, A mean time to detect of 45 days, A mean time to respond of 15 days, A mean time to remediate of 30 days, Third-party application testing, A business-critical machine is controlled by a PC running an operating system that is about to reach end-of-life. Which of the following is the primary security concern for the analyst?, Support will not be available for the critical machinery, There are no compensating controls in place for the OS, Any discovered vulnerabilities will not be remediated, An outage of machinery would cost the organization money, An organization has deployed a cloud-based storage system for shared data. The data is currently in phase two of the data life cycle (data in use/storage phase). Which of the following controls should the security team ensure are implemented? (Choose two.), Data loss prevention, Encryption, Backups, Access controls, Data classification, Data destruction, A security analyst detects a ransomware attack after investigating a phishing email. The analyst has already downloaded a copy of the malicious file and isolated the affected workstation from the network. The analyst has already downloaded a copy of the malicious file and isolated the affected workstation from the network. What should the analyst do next? Shut down the email server and quarantine it from the network Acquire a bit-level image of the affected workstation Search for other mail users who have received the same file, Shut down the email server and quarantine it from the network, Search for other mail users who have received the same file, Acquire a bit-level image of the affected workstation, Wipe the computer and reinstall software, The email administrator has enabled DKIM signing for all legitimate emails sent by the organization. Which of the following would most likely indicate a malicious email if the company’s domain is listed as both the sender and the recipient?, The signature does not meet corporate standards, The sender and reply address are different, The sending IP address is the hosting provider, The message fails a DMARC check, During an incident involving phishing, a security analyst must determine the source of the malicious email. Which of the following techniques would provide this information?, Reverse engineering, Header analysis, Packet capture, SSL inspection, A systems administrator receives reports that an internet-accessible Linux server is running very slowly. Upon inspection, the server shows high memory utilization, and the administrator suspects a Denial-of-Service (DoS) attack involving half-open TCP sessions. Which of the following tools would best help confirm this behavior?, EDR, SIEM, Nmap, TCPDump, A security analyst reviews vulnerability scan results and finds vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first? CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow">]> <userInfo> <firstName>John</firstName> <lastName>&ent;</lastName> </userInfo> Which of the following vulnerability types is the security analyst validating?, Directory traversal, XSS, XXE, SSRF, A company is implementing an information security vulnerability management process. The company runs a series of vulnerability scans so that the security team can schedule remediation. Credentialed server-based scans are returning a much higher number of results than expected that appear to be false positives. The company wants to reduce the number of potential false positives as quickly as possible so that they can initially focus on the most critical threats. What should the team do?, Run the scans as non-credentialed., Switch to agent-based scans., Decrease the scan sensitivity., Configure exemptions for each of the false positives., Internal cyber security suspects that a network server is the target of a zero-day attack. What type of analysis should the cyber security team perform to verify this?, Heuristic, Packet, Trend, Availability, A government contractor works with data that has been labeled as Top Secret. The contractor has addressed encryption at rest and in motion; however, it must also be possible for data in use to be encrypted. Which technology should the contractor deploy?, RSA cryptography, Secure enclaves, TPM, HSM, A company suspects an ongoing attempt to infiltrate its network. The company sets up a honeynet and needs to collect information about activity in the network. To avoid detection by the possible attacker, the company needs to use a passive collection technology. Which technology should the company use?, EMET, IPS, IDS, WAF, What is the goal of DevSecOps?, To automate integration of security at every phase of software development, To develop guidelines for implementing static analysis, To introduce a standard format and structure for test result reporting, To provide a platform for follow-up testing after software deployment, , NetFlow, vulnerability scanner, Stateful firewall, tcpdump, The development team receives updated requirements for the number of transactions per minute, as well as the data throughput requirements for a new application under development. The team has already completed the verification phase of the development process; however, they are concerned that the new requirements could introduce new vulnerabilities and leave the application in an unstable state. Which type of test should the team perform?, Fuzz testing, Peer review, Regression testing, Stress testing, , Stateful firewall, NetFlow, vulnerability scanner, tcpdump, Your SOC team receives an alert about an exploit being used in the wild. You need to quickly validate the authenticity and details of the threat by using a government-provided, verified feed. Which source is MOST appropriate?, VirusTotal, US-CERT, MITRE ATT&CK, NVD (National Vulnerability Database).
0%
Vulnerability Management Question
Share
Share
Share
by
Vikkyodessa
Edit Content
Print
Embed
More
Assignments
Leaderboard
Show more
Show less
This leaderboard is currently private. Click
Share
to make it public.
This leaderboard has been disabled by the resource owner.
This leaderboard is disabled as your options are different to the resource owner.
Revert Options
Quiz
is an open-ended template. It does not generate scores for a leaderboard.
Log in required
Visual style
Fonts
Subscription required
Options
AI Enhanced: This activity contains content generated by AI.
Learn more.
Switch template
Show all
More formats will appear as you play the activity.
Open results
Copy link
QR code
Delete
Continue editing:
?
