Pg8 Flashcards
(16 cards)
A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-depth scanning. Which of following best fits the type of scanning activity requested?
A. Uncredentialed scan
B. Discovery scan
C. Vulnerability scan
D. Credentialed scan
Discovery scan
Which of the following best describes the process of requiring remediation of a known threat within a given time frame?
A. SLA
B. MOU
C. Best-effort patching
D. Organizational governance
SLA
Which of the following risk management principles is accomplished by purchasing cyber insurance?
A. Accept
B. Avoid
C. Mitigate
D. Transfer
Transfer
A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the finding?
A. Establish quarterly SDLC training on the top vulnerabilities for developers
B. Conduct a yearly inspection of the code repositories and provide the report to management.
C. Hire an external penetration test of the network
D. Deploy more vulnerability scanners for increased coverage
Establish quarterly SDLC training on the top vulnerabilities for developers
An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle. Which of the following controls should the security team ensure are addressed? (Choose two.)
A. Data classification
B. Data destruction
C. Data loss prevention
D. Encryption
E. Backups
F. Access controls
Encryption
Access controls
An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner. Which of the following is the cause of this issue?
A. The scanner is running without an agent installed.
B. The scanner is running in active mode.
C. The scanner is segmented improperly
D. The scanner is configured with a scanning window
The scanner is running in active mode.
An organization’s threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?
A. Set user account control protection to the most restrictive level on all devices
B. Implement MFA requirements for all internal resources
C. Harden systems by disabling or removing unnecessary services
D. Implement controls to block execution of untrusted applications
Harden systems by disabling or removing unnecessary services
A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around?
A. OSSTMM
B. Diamond Model of Intrusion Analysis
C. OWASP
D. MITRE ATT&CK
MITRE ATT&CK
Which of the following actions would an analyst most likely perform after an incident has been investigated?
A. Risk assessment
B. Root cause analysis
C. Incident response plan
D. Tabletop exercise
Root cause analysis
After completing a review of network activity, the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m. Which of the following is potentially occurring?
A. Irregular peer-to-peer communication
B. Rogue device on the network
C. Abnormal OS process behavior
D. Data exfiltration
Data exfiltration
A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take?
A. Instruct the firewall engineer that a rule needs to be added to block this external server
B. Escalate the event to an incident and notify the SOC manager of the activity
C. Notify the incident response team that there is a DDoS attack occurring
D. Identify the IP/hostname for the requests and look at the related activity
Identify the IP/hostname for the requests and look at the related activity
Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system application, or user base is affected by an uptime availability outage?
A. Timeline
B. Evidence
C. Impact
D. Scope
Impact
A security analyst needs to provide evidence of regular vulnerability scanning on the company’s network for an auditing process. Which of the following is an example of a tool that can produce such evidence?
A. OpenVAS
B. Burp Suite
C. Nmap
D. Wireshark
OpenVAS
An organization receives a legal hold request from an attorney. The request pertains to emails related to a disputed vendor contract. Which of the following is the best step for the security team to take to ensure compliance with the request?
A. Publicly disclose the request to other vendors
B. Notify the departments involved to preserve potentially relevant information
C. Establish a chain of custody starting with the attorney’s request
D. Back up the mailboxes on the server and provide the attorney with a copy
Notify the departments involved to preserve potentially relevant information
Which of the following best describes the actions taken by an organization after the resolution of an incident that addresses issues and reflects on the growth opportunities for future incidents?
A. Lessons learned
B. Scrum review
C. Root cause analysis
D. Regulatory compliance
Lessons learned
An analyst is becoming overwhelmed with the number of events that need to be investigated for a timeline. Which of the following should the analyst focus on in order to move the incident forward?
A. Impact
B. Vulnerability score
C. Mean time to detect
D. Isolation
Impact
