It is important to assess sources when adding information to a data set. Considering threat intelligence, this data is likely to derive from external sources. Which factor is key in disseminating updates?
A Confidence levels B Relevancy C Accuracy D Timeliness.
Threat intelligence reveals a new type of malware is infecting Windows desktops in many companies. Security specialists at a company initiate threat hunting activities to investigate a potential infection. Which areas do the engineers investigate in implementing the hunt? Select all that apply.
A Network traffic B Data acquisition C Process lists D Data exfiltration.
A systems engineer at an organization tightens security by enabling sandboxing on a crucial system. This measure is in place to help prevent ransomware. Which valid features does the engineer enable on the system? Select all that apply.
A Retrieve a crash dump B Monitor network sockets C Data exfiltration D Periodic snapshots.
In contrast to traditional packet sniffing, Zeek, a packet capture tool, offers which benefits? Select all that apply.
A Log only data of potential interest B Reduce storage requirements Only reports traffic metadata Highlighting of trends.
A systems administrator for a large corporation is reviewing security settings on Windows PCs after a small malware incident. After finishing the review, the administrator establishes a group policy that prevents users from using any executables on a system, except within specifically designated folders. Which policies does the administrator implement? Select all that apply.
Software restriction policies Windows defender application control Applocker Execution control.
An IT expert troubleshoots an email server issue for security purposes. During troubleshooting, the expert discovers that SMTP logs indicate that the service is not available. Which code indicates this type of issue?
421 250 220 443.
A systems administrator configures syslog to collect system events on a network. The admin’s past experience with an older implementation of syslog did not go so well, as messages were sent in clear text and lost on the network. Currently, the admin is configuring the syslog and notices it works quite well. Which of the following technologies did the systems admin utilize?
Select all that apply. UDP HTTPS TCP TLS.
An organization needs to block traffic to deter command and control (C&C) traffic. Which traffic type is the most difficult to block?
IRC HTTPS Social media Cloud services.
An attacker compromises a user's single-sign on account by harvesting cached credentials on a system. Which attack type does the attacker utilize to accomplish this specific action?
Pass the hash Golden ticket Pivoting Lateral movement.
Cybersecurity analysts are considering a feasible approach to restoring a compromised cloud-based virtual machine. All systems are based on templates. Which approach do the analysts utilize? Reimage Reconstitution Sanitization Containment.
Analysts are deploying a new IT infrastructure with enhanced security controls. Stakeholders show concern for the state of the deployment as it is behind schedule. Of the given choices, stakeholders show concern in what area?
Prescriptive Governance Risk-based Regulatory
.
A network engineer is reviewing a recent vulnerability report from a colleague. The report conclusively contains many false positives related to hosts that another colleague debunked recently as non-issues. How can the network engineer manage information in the next batch of reports so that the team focuses on real vulnerabilities and threats? Select all that apply.
Exclude hosts Use exceptions Remediate the exploit Change priority
.
To reduce overall systems monitoring effort, an engineer increases the hardening of all workstations. Which approach ensures that unused hardware components do not become a security concern? Disable services Enforce an ACL Disable devices Disable accounts.
An IT manager is performing vendor due diligence with a new server supplier. Of the given choices, which are valid standards? Select all that apply.
Cybersecurity risk management program Certificate Management Trusted platform Financial and regulatory reliability
.
There are different levels of data privacy categorization that follow military usage. Which level has the highest privacy rating? Secret Top-secret Confidential Classified.
A user tries to copy a sensitive file in the office. Since a data loss prevention service is in place, the file will not copy. The user opens the file to investigate and sees a message describing how their actions violated a policy. Which data loss prevention remediation method is the user experiencing?
Quarantine Block Tombstone Alert.
A lead developer has a concern that a junior developer is routinely writing compromising code. In which way is the compromise possible? Select all that apply. Software development kit File inclusion Third-party library Code-reuse.
A developer researches a fix for a vulnerability that targets what is known as a network channel. Which platform does the developer reference? Select all that apply. Web Client/server Mobile Embedded.
An administrator configures a cloud access security broker (CASB) to mediate access to cloud services by users across all types of devices. Which functions does a CASB provide? Select all that apply.
Multicloud Single sign-on authentication Auditing Infrastructure as a service (IaaS).
Which development environment uses a master copy to a greater degree than the others? Test/Integration Development Staging Production.
Proactive threat hunting provides many benefits. Which benefit correlates intelligence from different sources?
Bundling critical assets Integrated intelligence Improving detection capabilities Reducing the attack surface area.
To avoid using hard-coded IP ranges, some malware will switch to dynamically-generated domains by first using an algorithm. This algorithm, used along with another technique, can continually change an IP address that a domain resolves to. What is this process known as?
Fast flux network Domain generation algorithm Dynamic DNS Recursive queries.
An administrator needs to block traffic on a firewall. The traffic to block is unnecessary external traffic. Which traffic type does the administrator deem as unnecessary? Select all that apply.
HTTP ICMP SMB HTTPS.
A security specialist configures an internal email system with enhanced spoofing protection. The approach specifies permitted senders for multiple domains. Which solution does the specialist implement? Domain-based Message Authentication, Reporting, and Conformance Digital Signatures Domain Keys Identified Mail Sender Policy Framework
.
A Windows server does not recognize some internal hardware. IT staff suspect malicious activity has impacted the system. An administrator utilizes event logs to research any irregular activity. Which log identifies events of faulty system devices and drivers? Security System Application Setup.
An IT engineer performs a security analysis of monitoring data. For reporting purposes, the analyst focuses on a volume-based trend analysis approach. Review the possibilities and conclude which approach the analyst practices?
Acquire the sum of all values, divided by the number of samples Establish a baseline for a metric, for a specific log event, per hour of the day Determine if logs are growing much faster than they were previously Refer to narrative-based threat awareness and intelligence
.
Users at a company report that computers are suddenly acting strangely. An IT engineer suspects persistent malicious activity. Which areas does the engineer investigate? Select all that apply.
Scheduled tasks Disabled devices Cron jobs Failed logins.
An attack has compromised a virtualized server. Security experts perform forensic activity as part of a recovery effort. The experts conclude that the attack incrementally occurred over time. Evaluate the given challenges and determine which the experts face. Suspending the VM requires the hypervisor to write the contents of memory to file.
Security must merge any checkpoints to the main image, using a hypervisor tool.
VM Introspection uses tools install to the hypervisor to retrieve pages of memory for analysis.
System logs are automatically transferred to a remote logging server.
An organization's CIO is classifying a malicious attack on network servers. Which issues directly relate to economic impact? Select all that apply.
Reverse engineering Detection time Downtime Data integrity.
A security firm conducts a process of risk identification and assessment while using NIST's Managing Information Security Risk principles as a guide. Eliminating negative change is an overall goal. Which area do engineers at the security firm document?
Assess Frame Respond Monitor.
An IT professional is creating an assessment scan workflow. Which step should the IT professional implement before performing an initial scan?
Analyze the baseline Use insights generated from previous rounds Take suitable corrective actions Run suitable patches.
An organization implements password policies to tighten security. Which policy is NOT considered deprecated?
Complexity Challenge questions Aging policies 2-step verification.
A systems administrator implements the use of trusted firmware for workstations in an organization. The administrator configures the boot process to require operating system certificates. Which capability does this feature require? Secure boot Measured boot Attestation eFuse.
Which system type features a combined architecture that includes controllers, processors, and more?
Controller System-on-chip Embedded Field programmable gate array
.
While performing maintenance on one server, an engineer notices that a server database is much smaller in size than usual. The engineer suspects an exploit with the Simple Object Access Protocol (SOAP). Evaluate the exploit types and determine which an attacker may be using.
Coercive parsing Probing SQL injection External references.
Which issues may complicate a cloud-based forensics investigation? Select all that apply. Incorrect origin settings Chain of custody Data recovery Data sovereignty.
A developer seeks to automate a test area for web application development. Which phase does the developer create a sandbox environment for? Development Staging Test Integration.
A client asks a security analyst to construct a security plan for a small business. The resulting plan outlines several suggested controls. One such control is the placement of a camera system outside of a high-profile datacenter. A second control focuses on firewalls and antivirus software. Evaluate the control classes and determine those that the analyst specifies. Select all that apply.
Physical Technical Operational Managerial
.
|
