Which of the following is MOST likely to drive up the incident’s impact assessment?
During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately...
Which of the following frameworks would BEST support the program?
Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team . Which of the following frameworks would BEST support the program? (Select two.)A . COBITB . NISTC . ISO 27000 seriesD . ITILE . OWASPView AnswerAnswer: B,D
Which of the following should the analyst recommend to the company officer?
A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline . Which of the following should the analyst recommend to the company...
Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?
A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users . Which of the following recommendations would meet both the mobile data...
Which of the following combinations BEST describes the situation and recommendations to be made for this situation?
A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs. Given the following snippet of code: Which of the following combinations BEST describes the situation and recommendations to be made for this situation?A . The cybersecurity analyst has discovered...
Which of the following actions should be taken to remediate this security issue?
A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows: Which of the following actions should be taken to remediate this security...
Which of the following compensating controls would help prevent this from reoccurring?
A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the...
Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?
A security analyst received a compromised workstation. The workstation’s hard drive may contain evidence of criminal activities . Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?A . Make a copy of the hard drive.B...
Which of the following has occurred?
Review the following results: Which of the following has occurred?A . This is normal network traffic.B . 123.120.110.212 is infected with a Trojan.C . 172.29.0.109 is infected with a worm.D . 172.29.0.109 is infected with a Trojan.View AnswerAnswer: A
Which of the following MOST likely happened in this situation?
While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine . Which of the following MOST...