Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CySa+ > Pg20 > Flashcards

Pg20 Flashcards

(16 cards)

Start Studying
1
Q

A user clicks on a malicious adware link, and the malware successfully downloads to the machine. The malware has a script that invokes command-and-control activity. Which of the following actions is the best way to contain the incident without any additional impact?

A. Disable the user account until the malware investigation is complete.
B. Review EDR information to determine whether the file was detected and quarantined locally.
C. Block the server on the proxy and firewall.
D. Submit a recategorization update to the vendor.

A

Block the server on the proxy and firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

During normal security monitoring activities, the following activity was observed:

cd C:\Users\Documents\HR\Employees
takeown/f .*
SUCCESS:

Which of the following best describes the potentially malicious activity observed?

A. Registry changes or anomalies
B. Data exfiltration
C. Unauthorized privileges
D. File configuration changes

A

Unauthorized privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question #384Topic 1
Which of the following should be performed first when creating a BCP to ensure that all critical functions and financial implications have been considered?

A. Failover test
B. Tabletop exercise
C. Security policies
D. Business impact analysis

A

Business impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following best describes root cause analysis?

A. It describes the tactics, techniques, and procedures used in an incident.
B. It provides a detailed path outlining the origin of an issue and how to eliminate it permanently.
C. It outlines the who-what-when-where-why, which is often used in conjunction with legal proceedings.
D. It generates a report of ongoing activities, including what was done, what is being done, and what will be done next.

A

It provides a detailed path outlining the origin of an issue and how to eliminate it permanently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security administrator has found indications of dictionary attacks against the company’s external-facing portal. Which of the following should be implemented to best mitigate the password attacks?

A. Multifactor authentication
B. Password complexity
C. Web application firewall
D. Lockout policy

A

Password complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security analyst has identified outgoing network traffic leaving the enterprise at odd times. The traffic appears to pivot across network segments and target domain servers. The traffic is then routed to a geographic location to which the company has no association. Which of the following best describes this type of threat?

A. Hacktivist
B. Zombie
C. Insider threat
D. Nation-state actor

A

Nation-state actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Based on an internal assessment, a vulnerability management team wants to proactively identify risks to the infrastructure prior to production deployments. Which of the following best supports this approach?

A. Threat modeling
B. Penetration testing
C. Bug bounty
D. SDLC training

A

Threat modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following best explains the importance of utilizing an incident response playbook?

A. It prioritizes the business-critical assets for data recovery.
B. It establishes actions to execute when inputs trigger an event.
C. It documents the organization asset management and configuration.
D. It defines how many disaster recovery sites should be staged.

A

It establishes actions to execute when inputs trigger an event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question #391Topic 1
Which of the following defines the proper sequence of data volatility regarding the evidence collection process, from the most to least volatile?

A. Routing table, registers, physical memory, archival media, hard disk, physical configuration
B. Routing table, registers, physical memory, temporary partition, hard disk, physical configuration
C. Cache, routing table, physical memory, network topology, temporary partition, hard disk
D. Cache, routing table, physical memory, temporary partition, hard disk, physical configuration

A

Cache, routing table, physical memory, temporary partition, hard disk, physical configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security analyst needs to support an organization’s legal case against a threat actor. Which of the following processes provides the best way to assist in the prosecution of the case?

A. Chain of custody
B. Evidence gathering
C. Securing the scene
D. Forensic analysis

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An end user forwarded an email with a file attachment to the SOC for review. The SOC analysts think the file was specially crafted for the target. Which of the following investigative actions would best determine if the attachment was malicious?

A. Review the file in Virus Total to determine if the domain is associated with any phishing.
B. Review the email header to analyze the DKIM, DMARC, and SPF values.
C. Review the source IP address in AbuseIPDB.
D. Review the attachment’s behavior in a sandbox environment while running Wireshark.

A

Review the attachment’s behavior in a sandbox environment while running Wireshark.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is instituting a security policy that users must lock their systems when stepping away from their desks an example of?

A. Configuration management
B. Compensating control
C. Awareness, education, and training
D. Administrative control

A

Administrative control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is the best metric to use when reviewing and addressing findings that caused an incident?

A. Mean time to restore
B. Mean time to respond
C. Mean time to remediate
D. Mean time to detect

A

Mean time to remediate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A cybersecurity analyst is setting up a security control that monitors network traffic and produces an active response to a security event. Which of the following tools is the analyst configuring?

A. EDR
B. IPS
C. CASB
D. WAF

A

IPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security analyst working for an airline is prioritizing vulnerabilities found on a system. The system has the following requirements:

  • Can store periodically audited documents required for takeoffs and landings
  • Can keep critical records regarding the company’s operations
  • Data can be made public upon request and authorization

Which of the following vulnerabilities should be remediated first?

A. A broken access control vulnerability impacting data integrity
B. A heap overflow vulnerability impacting the system’s usability
C. A DoS vulnerability impacting the system’s availability
D. A zero-day vulnerability impacting the system’s confidentiality

A

A broken access control vulnerability impacting data integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following are process improvements that can be realized by implementing a SOAR solution? (Choose two.)

A. Minimize security attacks.
B. Itemize tasks for approval.
C. Reduce repetitive tasks.
D. Minimize setup complexity.
E. Define a security strategy.
F. Generate reports and metrics.

Study These Flashcards
A

Reduce repetitive tasks.
Generate reports and metrics.

CySa+ (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions