Pg9 Flashcards
(15 cards)
To minimize the impact of a security incident, a cybersecurity analyst has configured audit settings in the organization’s cloud services. Which of the following security controls has the analyst configured?
A. Preventive
B. Corrective
C. Directive
D. Detective
Detective
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?
A. MOU
B. NDA
C. BIA
D. SLA
SLA
A security team is concerned about recent Layer 4 DDoS attacks against the company website. Which of the following controls would best mitigate the attacks?
A. Block the attacks using firewall rules
B. Deploy an IPS in the perimeter network
C. Roll out a CDN
D. Implement a load balancer
Roll out a CDN
An organization needs to bring in data collection and aggregation from various endpoints. Which of the following is the best tool to deploy to help analysts gather this data?
A. DLP
B. NAC
C. EDR
D. NIDS
EDR
A regulated organization experienced a security breach that exposed a list of customer names with corresponding PII data. Which of the following is the best reason for developing the organization’s communication plans?
A. For the organization’s public relations department to have a standard notification
B. To ensure incidents are immediately reported to a regulatory agency
C. To automate the notification to customers who were impacted by the breach
D. To have approval from executive leadership on when communication should occur
To ensure incidents are immediately reported to a regulatory agency
Following an incident, a security analyst needs to create a script for downloading the configuration of all assets from the cloud tenancy. Which of the following authentication methods should the analyst use?
A. MFA
B. User and password
C. PAM
D. Key pair
Key pair
Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These computers had critical sensitive information stored locally that needs to be recovered. The department manager advised all department employees to turn off their computers until the security team could be contacted about the issue. Which of the following is the first step the incident response staff members should take when they arrive?
A. Turn on all systems, scan for infection, and back up data to a USB storage device.
B. Identify and remove the software installed on the impacted systems in the department.
C. Explain that malware cannot truly be removed and then reimage the devices.
D. Log on to the impacted systems with an administrator account that has privileges to perform backups.
E. Segment the entire department from the network and review each computer offline.
Segment the entire department from the network and review each computer offline.
A manufacturer has hired a third-party consultant to assess the security of an OT network that includes both fragile and legacy equipment. Which of the following must be considered to ensure the consultant does no harm to operations?
A. Employing Nmap Scripting Engine scanning techniques
B. Preserving the state of PLC ladder logic prior to scanning
C. Using passive instead of active vulnerability scans
D. Running scans during off-peak manufacturing hours
Using passive instead of active vulnerability scans
A team of analysts is developing a new internal system that correlates information from a variety of sources, analyzes that information, and then triggers notifications according to company policy. Which of the following technologies was deployed?
A. SIEM
B. SOAR
C. IPS
D. CERT
SIEM
Which of following would best mitigate the effects of a new ransomware attack that was not properly stopped by the company antivirus?
A. Install a firewall.
B. Implement vulnerability management.
C. Deploy sandboxing.
D. Update the application blocklist.
Deploy sandboxing.
A Chief Information Security Officer wants to implement security by design, starting with the implementation of a security scanning method to identify vulnerabilities, including SQL injection, RFI, XSS, etc. Which of the following would most likely meet the requirement?
A. Reverse engineering
B. Known environment testing
C. Dynamic application security testing
D. Code debugging
Dynamic application security testing
After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASE to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve?
A. SIEM ingestion logs are reduced by 20%.
B. Phishing alerts drop by 20%.
C. False positive rates drop to 20%.
D. The MTTR decreases by 20%.
False positive rates drop to 20%.
Which of the following threat actors is most likely to target a company due to its questionable environmental policies?
A. Hacktivist
B. Organized crime
C. Nation-state
D. Lone wolf
Hacktivist
A cybersecurity analyst is recording the following details:
- ID
- Name
- Description
- Classification of information
- Responsible party
In which of the following documents is the analyst recording this information?
A. Risk register
B. Change control documentation
C. Incident response playbook
D. Incident response plan
Risk register
A SOC manager is establishing a reporting process to manage vulnerabilities. Which of the following would be the best solution to identify potential loss incurred by an issue?
A. Trends
B. Risk score
C. Mitigation
D. Prioritization
Risk score
