Given the following CVSS string:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Which of the following attributes correctly describes this vulnerability? A user is required to exploit this vulnerability. The vulnerability is network-based. The vulnerability does not affect confidentiality. The complexity of exploiting the vulnerability is high.
A cryptocurrency service company is primarily concerned with ensuring data accuracy on one of its systems. A security analyst has been tasked with prioritizing vulnerabilities for remediation for the system. The analyst will use the following CVSSv3.1 impact metrics for prioritization (Picture).
Which of the following vulnerabilities should be prioritized for remediation? 1 2 3 4.
Patches for two highly exploited vulnerabilities were released on the same Friday afternoon. Information about the systems and vulnerabilities is shown in the tables below (Picture).
Which of the following should the security analyst prioritize for remediation? Rogers Brady Brees Manning.
A security analyst must preserve a system hard drive that was involved in a litigation request. Which of the following is the best method to ensure the data on the device is not modified? Generate a hash value and make a backup image. Encrypt the device to ensure the confidentiality of the data. Protect the device with a complex password. Perform a memory scan dump to collect residual data.
Which of the following best describes the goal of a tabletop exercise? To test possible incident scenarios and how to react properly. To perform attack exercises to check response effectiveness. To understand existing threat actors and how to replicate their techniques. To check the effectiveness of the business continuity plan.
A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the server pool, users reported issues with the website, indicating the site could not be trusted. Which of the following is the most likely cause of the server issue? The server was configured to use SSL to transmit data securely. The server was supporting weak TLS protocols for client connections. The malware infected all the web servers in the pool. The digital certificate on the web server was self-signed.
A zero-day command injection vulnerability was published. A security administrator analyzes the following logs for evidence of adversaries attempting to exploit the vulnerability (Picture).
Which of the following log entries provides evidence of the attempted exploit? Log entry 1 Log entry 2 Log entry 3 Log entry 4.
A security analyst needs to ensure that systems across the organization are protected based on the sensitivity of the content each system hosts. The analyst is working with the respective system owners to help determine the best methodology that seeks to promote confidentiality, availability, and integrity of the data being hosted. Which of the following should the security analyst perform first to categorize and prioritize the respective systems? Interview the users who access these systems. Scan the systems to see which vulnerabilities currently exist. Configure alerts for vendor-specific zero-day exploits. Determine the asset value of each system.
A security analyst is reviewing the following alert that was triggered by FIM on a critical system (Picture).
Which of the following best describes the suspicious activity that is occurring? The user installed a fake antivirus program. A network drive was added to allow exfiltration of data. A new program has been set to execute on system start. The host firewall on 192.168.1.10 was disabled.
Which of the following best describes the document that defines the expectation to network customers that patching will only occur between 2:00 a.m. and 4:00 a.m.? SLA LOI MOU KPI.
A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originating from an internal host to a blocklisted external server. Which of the following best describes the activity that is taking place? Data Exfiltration Rogue Device Scanning Beaconing.
An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement compensating controls for a period of time. The web service must be accessible from the internet via the reverse proxy and must connect to a database server. Which of the following compensating controls will help contain the adversary while meeting the other requirements? (Choose two). Drop the tables on the database server to prevent data exfiltration. Deploy EDR on the web and database servers to reduce the adversary’s capabilities. Stop the httpd service on the web server so that the adversary can not use web exploits. Use microsegmentation to restrict connectivity to/from the web and database servers. Comment out the HTTP account in the /etc/passwd file of the web server. Move the database from the database server to the web server.
An incident response team member is triaging a Linux server. The output is shown below (Picture).
Which of the following is the adversary most likely trying to do? Create a backdoor root account named zsh. Execute commands through an unsecured service account. Send a beacon to a command-and-control server. Perform a denial-of-service attack on the web server.
A SOC analyst identifies the following content while examining the output of a debugger command over a client-server application:
getConnection(database01,"alpha","AxTv.127GdCx94GTd");
Which of the following is the most likely vulnerability in this system? Lack of input validation SQL injection Hard-coded credential Buffer overflow.
A technician analyzes output from a popular network mapping tool for a PCI audit (Picture).
Which of the following best describes the output? The host is not up or responding. The host is running excessive cipher suites. The host is allowing insecure cipher suites. The Secure Shell port on this host is closed.
A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network. Which of the following would best aid in decreasing the workload without increasing staff? SIEM XDR SOAR EDR.
An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence? Disable the user’s network account and access to web resources. Make a copy of the files as a backup on the server. Place a legal hold on the device and the user’s network share. Make a forensic image of the device and create a SHA-1 hash.
An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity? Insider Threat Ransomware group Nation-State Organized Crime.
A systems analyst is limiting user access to system configuration keys and values in a Windows environment. Which of the following describes where the analyst can find these configuration items? config.ini ntds.dit Master Boot Record Registry.
While reviewing web server logs, a security analyst found the following line:
< IMG SRC='vbscript:msgbox("test")' >
Which of the following malicious activities was attempted? Command Injection XML injection Server-Side Request Forgery Cross-Site Scripting.
A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://office365password.acme.co. The site’s standard VPN logon page is www.acme.com/logon. Which of the following is most likely true? This is a normal password change URL. The security operations center is performing a routine password audit. A new VPN gateway has been deployed. A social engineering attack is underway.
A security analyst is performing vulnerability scans on the network. The analyst installs a scanner appliance, configures the subnets to scan, and begins the network scan. Which of the following would be missing from a scan performed with this configuration? Operating System Version Registry Key Values Open Ports IP Address.
A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability? /etc/shadow curl localhost ; printenv cat /proc/self/.
A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process? Non-Credentialed Scanning Passive Scanning Agent-Based Scanning Credentialed Scanning.
A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is 9.8. Which of the following best practices should the company follow with this proxy?
Leave the proxy as is. Decommission the proxy. Migrate the proxy to the cloud. Patch the proxy.
|
