Pg17 Flashcards
(16 cards)
When undertaking a cloud migration of multiple SaaS applications, an organization’s systems administrators struggled with the complexity of extending identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project?
A. OpenID
B. SASE
C. ZTNA
D. SWG
OpenID
Which of the following explains the importance of a timeline when providing an incident response report?
A. The timeline contains a real-time record of an incident and provides information that helps to simplify a postmortem analysis.
B. An incident timeline provides the necessary information to understand the actions taken to mitigate the threat or risk.
C. The timeline provides all the information, in the form of a timetable, of the whole incident response process including actions taken.
D. An incident timeline presents the list of commands executed by an attacker when the system was compromised, in the form of a timetable.
The timeline provides all the information, in the form of a timetable, of the whole incident response process including actions taken.
An auditor is reviewing an evidence log associated with a cyber crime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferring the evidence between individuals responsible for the investigation. Which of the following best describes the evidence handling process that was not property followed?
A. Validating data integrity
B. Preservation
C. Legal hold
D. Chain of custody
Chain of custody
A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?
A. Randomly generate and store all possible file hash values.
B. Create a default rule to alert on any change to the system.
C. Integrate with an open-source threat intelligence feed.
D. Manually add known threat signatures into the tool.
Integrate with an open-source threat intelligence feed.
Which of the following responsibilities does the legal team have during an incident management event? (Choose two).
A. Coordinate additional or temporary staffing for recovery efforts.
B. Review and approve new contracts acquired as a result of an event.
C. Advise the incident response team on matters related to regulatory reporting.
D. Ensure all system security devices and procedures are in place.
E. Conduct computer and network damage assessments for insurance.
F. Verify that all security personnel have the appropriate clearances.
Review and approve new contracts acquired as a result of an event.
Which of the following characteristics ensures the security of an automated information system is the most effective and economical?
A. Originally designed to provide necessary security
B. Subjected to intense security testing
C. Customized to meet specific security threats
D. Optimized prior to the addition of security
Originally designed to provide necessary security
Which of the following is the most likely reason for an organization to assign different internal departmental groups during the post-incident analysis and improvement process?
A. To expose flaws in the incident management process related to specific work areas
B. To ensure all staff members get exposure to the review process and can provide feedback
C. To verify that the organization playbook was properly followed throughout the incident
D. To allow cross-training for staff who are not involved in the incident response process
To expose flaws in the incident management process related to specific work areas
An analyst has discovered the following suspicious command:
”; $xyz = ($_REQUEST[‘xyz’]); system($xyz); echo “”; die; }?>
Which of the following would best describe the outcome of the command?
A. Cross-site scripting
B. Reverse shell
C. Backdoor attempt
D. Logic bomb
Backdoor attempt
Question #330Topic 1
A company classifies security groups by risk level. Any group with a high-risk classification requires multiple levels of approval for member or owner changes. Which of the following inhibitors to remediation is the company utilizing?
A. Organizational governance
B. MOU
C. SLA
D. Business process interruption
Organizational governance
Which of the following attributes is part of the Diamond Model of Intrusion Analysis?
A. Delivery
B. Weaponization
C. Command and control
D. Capability
Capability
An analyst is creating the final vulnerability report for one of the company’s customers. The customer asks for a scanning profile with a CVSS score of 7 or higher. The analyst has confirmed there is no finding for missing database patches, even if false positives have been eliminated by manual checks. Which of the following is the most probable reason for the missing scan result?
A. The server was offline at the moment of the scan.
B. The system was not patched appropriately before the scan.
C. The scan finding does not match the requirement.
D. The output of the scan is corrupted.
The scan finding does not match the requirement.
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target’s information assets?
A. Structured Threat Information Expression
B. OWASP Testing Guide
C. Open Source Security Testing Methodology Manual
D. Diamond Model of Intrusion Analysis
Diamond Model of Intrusion Analysis
A security analyst is improving an organization’s vulnerability management program. The analyst cross-checks the current reports with the system’s infrastructure teams, but the reports do not accurately reflect the current patching levels. Which of the following will most likely correct the report errors?
A. Updating the engine of the vulnerability scanning tool
B. Installing patches through a centralized system
C. Configuring vulnerability scans to be credentialed
D. Resetting the scanning tool’s plug-ins to default
Configuring vulnerability scans to be credentialed
A threat intelligence analyst is updating a document according to the MITRE ATT&CK framework. The analyst detects the following behavior from a malicious actor:
“The malicious actor will attempt to achieve unauthorized access to the vulnerable system.”
In which of the following phases should the analyst include the detection?
A. Procedures
B. Techniques
C. Tactics
D. Subtechniques
Tactics
A newly hired security manager in a SOC wants to improve efficiency by automating routine tasks. Which of the following SOC tasks is most suitable for automation?
A. Conducting security assessments and audits of IT systems
B. Investigating security incidents and determining the root causes
C. Reviewing logs and alerts to identify security threats and anomalies
D. Generating incident reports and notifying the appropriate stakeholders
Reviewing logs and alerts to identify security threats and anomalies
Which of the following is a circumstance in which a security operations manager would most likely consider using automation?
A. The generation of NIDS rules based on received STIX messages
B. The fulfillment of privileged access requests to enterprise domain controllers.
C. The verification of employee identities prior to initial PKI enrollment
D. The analysis of suspected malware binaries captured by an email gateway
The generation of NIDS rules based on received STIX messages
