Pg18 Flashcards
(17 cards)
A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic to search for malicious activity?
A. WAF
B. Wireshark
C. EDR
D. Nmap
Wireshark
A system that provides the user interface for a critical server has potentially been corrupted by malware. Which of the following is the best recommendation to ensure business continuity?
A. System isolation
B. Reimaging
C. Malware removal
D. Vulnerability scanning
Reimaging
Which of following attack methodology frameworks should a cybersecurity analyst use to identify similar TTPs utilized by nation-state actors?
A. Cyber kill chains
B. Diamond Model of Intrusion Analysis
C. OWASP Testing Guide
D. MITRE ATT&CK matrix
MITRE ATT&CK matrix
An analyst is trying to capture anomalous traffic from a compromised host. Which of the following are the best tools for achieving this objective? (Choose two.)
A. tcpdump
B. SIEM
C. Vulnerability scanner
D. Wireshark
E. Nmap
F. SOAR
tcpdump
Wireshark
An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Choose two.)
A. Implement an IPS in front of the web server.
B. Enable MFA on the website.
C. Take the website offline until it is patched.
D. Implement a compensating control in the source code.
E. Configure TLS v1.3 on the website.
F. Fix the vulnerability using a virtual patch at the WAF.
Take the website offline until it is patched.
Fix the vulnerability using a virtual patch at the WAF.
Executives want to compare certain metrics from the most recent and last reporting periods to determine whether the metrics are increasing or decreasing. Which of the following would provide the necessary information to satisfy this request?
A. Count level
B. Trending analysis
C. Impact assessment
D. Severity score
Trending analysis
A SOC manager reviews metrics from the last four weeks to investigate a recurring availability issue. The manager finds similar events correlating to the times of the reported issues. Which of the following methods would the manager most likely use to resolve the issue?
A. Vulnerability assessment
B. Root cause analysis
C. Recurrence reports
D. Lessons learned
Root cause analysis
A security analyst must assist the IT department with creating a phased plan for vulnerability patching that meets established SLAs. Which of the following vulnerability management elements will best assist with prioritizing a successful plan?
A. Affected hosts
B. Risk score
C. Mitigation strategy
D. Annual recurrence
Risk score
A Chief Information Security Officer has requested a dashboard to share critical vulnerability management goals with company leadership. Which of the following would be the best to include in the dashboard?
A. KPI
B. MOU
C. SLO
D. SLA
KPI
Numerous emails were sent to a company’s customer distribution list. The customers reported that the emails contained a suspicious link. The company’s SOC determined the links were malicious. Which of the following is the best way to decrease these emails?
A. DMARC
B. DKIM
C. SPF
D. SMTP
DMARC
A security analyst is conducting a vulnerability assessment of a company’s online store. The analyst discovers a critical vulnerability in the payment processing system that could be exploited, allowing attackers to steal customer payment information. Which of the following should the analyst do next?
A. Leave the vulnerability unpatched until the next scheduled maintenance window to avoid potential disruption to business.
B. Perform a risk assessment to evaluate the potential impact of the vulnerability and determine whether additional security measures are needed.
C. Ignore the vulnerability since the company recently passed a payment system compliance audit.
D. Patch the vulnerability as soon as possible to ensure customer payment information is secure.
Patch the vulnerability as soon as possible to ensure customer payment information is secure.
Results of a SOC customer service evaluation indicate high levels of dissatisfaction with the inconsistent services provided after regular work hours. To address this, the SOC lead drafts a document establishing customer expectations regarding the SOC’s performance and quality of services. Which of the following documents most likely fits this description?
A. Risk management plan
B. Vendor agreement
C. Incident response plan
D. Service-level agreement
Service-level agreement
A systems administrator needs to gather security events with repeatable patterns from Linux log files. Which of the following would the administrator most likely use for this task?
A. A regular expression in Bash
B. Filters in the vi editor
C. Variables in a PowerShell script
D. A playbook in a SOAR tool
A regular expression in Bash
An analyst is reviewing a dashboard from the company’s SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
A. MITRE ATT&CK
B. OSSTMM
C. Diamond Model of Intrusion Analysis
D. OWASP
MITRE ATT&CK
Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?
A. STIX/TAXII
B. APIs
C. Data enrichment
D. Threat feed
APIs
A security analyst needs to develop a solution to protect a high-value asset from an exploit like a recent zero-day attack. Which of the following best describes this risk management strategy?
A. Avoid
B. Transfer
C. Accept
D. Mitigate
Mitigate
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
A. Reverse engineering
B. Static
C. Fuzzing
D. Debugging
Fuzzing
