Pg23 Flashcards
(8 cards)
A security analyst identifies a device on which different malware was detected multiple times even after the systems were scanned and cleaned several times. Which of the following actions would be most effective to ensure the device does not have residual malware?
A. Update the device and scan offline in safe mode.
B. Replace the hard drive and reimage the device.
C. Upgrade the device to the latest OS version.
D. Download a secondary scanner and rescan the device.
Replace the hard drive and reimage the device.
After a series of UEBA alerts, a company’s SOC observes an extended period of suspicious outbound traffic all with the same destination. Which of the following steps of the cyber kill chain has this attack completed?
A. Weaponization
B. Command and control
C. Reconnaissance
D. Exploitation
Command and control
A security analyst is working on a server patch management policy that will allow the infrastructure team to be informed more quickly about new patches. Which of the following would most likely be required by the infrastructure team so that vulnerabilities can be remediated quickly? (Choose two.)
A. Hostname
B. Missing KPI
C. CVE details
D. Baseline configuration
E. IoCs
F. npm identifier
CVE details
Baseline configuration
Security analysts can review the Windows Registry on endpoints to get insights into:
A. domain account privileges.
B. mandatory access control zones.
C. system-critical configuration items.
D. application and security event logs.
system-critical configuration items.
During an internal code review, software called “ACE” was discovered to have a vulnerability that allows the execution of arbitrary code. The vulnerability is in a legacy, third-party vendor resource that is used by the ACE software. ACE is used worldwide and is essential for many businesses in this industry. Developers informed the Chief Information Security Officer that removal of the vulnerability will take time. Which of the following is the first action to take?
A. Look for potential IoCs in the company.
B. Inform customers of the vulnerability.
C. Remove the affected vendor resource from the ACE software.
D. Develop a compensating control until the issue can be fixed permanently.
Develop a compensating control until the issue can be fixed permanently.
An analyst notices that logs contain multiple events for computer account changes during monthly patch maintenance windows, resulting in a flood of tickets. The events generated are from the same system and time frame. The analyst determines that these tickets could be closed without human interaction. Which of the following is the best tool for automatically closing tickets containing the same information?
A. SOAR
B. EDR
C. CASB
D. SIEM
SOAR
A security administrator is tasked with modifying the vulnerability scan process to reduce the network traffic but maintain thorough checks. Which of the following scanning approaches should be implemented?
A. Credentialed scans
B. Individual scans
C. Security baseline scans
D. Agent-based scans
Agent-based scans
A red team engineer discovers that analyzing multiple pieces of less sensitive public information results in knowledge of a sensitive piece of confidential information. Which of the following best describes this security issue?
A. Inference
B. Stored procedure
C. Aggregation
D. Cross-origin resource sharing
Inference
