What is the next step the engineer should take?
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?A . Investigate...
Which step should be taken at this stage?
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?A . Determine the assets to which the attacker has accessB...
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?A . Identify the business applications running on the assetsB . Update software to patch third-party softwareC . Validate...
Which steps should an engineer take at the recovery stage?
A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company’s infrastructure. Which steps should an engineer take at the recovery stage?A . Determine the systems involved and deploy available patchesB ....
Which data analytic technique should the engineer use to accomplish this task?
An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?A . diagnosticB . qualitativeC . predictiveD...
What should be concluded from this report?
Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?A . Threat scores are high, malicious ransomware has been detected, and files have been modifiedB . Threat scores...
An engineer is analyzing a possible compromise that happened a week ago when the company? (Choose two.)
An engineer is analyzing a possible compromise that happened a week ago when the company? (Choose two.)A . firewallB . WiresharkC . autopsyD . SHA512E . IPSView AnswerAnswer: AB
Which tool should the analyst use to identify the source IP of the offender?
Refer to the exhibit. A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?A . packet snifferB . malware analysisC . SIEMD . firewall managerView AnswerAnswer: A
How must these advisories be prioritized for handling?
Refer to the exhibit. How must these advisories be prioritized for handling?A . The highest priority for handling depends on the type of institution deploying the devicesB . Vulnerability #2 is the highest priority for every type of institutionC . Vulnerability #1 and vulnerability #2 have the same priorityD ....
Which action should be taken during this phase?
An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?A . Host a discovery meeting and define configuration and policy updatesB . Update the IDS/IPS signatures and reimage...