- All Exams Instant Download
A security analyst suspects that a workstation may be beaconing to a command and control server. You must inspect the logs from the company’s web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization
HOTSPOT A security analyst suspects that a workstation may be beaconing to a command and control server. You must inspect the logs from the company’s web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to...
Which of the following describes what the analyst should do NEXT?
A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?A . The analyst should create a backup of the drive and then hash the drive.B . The analyst should begin analyzing the image and begin to...
Which of the following should the analyst implement?
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?A . HoneypotB . Jump boxC . SandboxingD . VirtualizationView AnswerAnswer: A
Which of the following is MOST likely to be incorporated in the AUP?
A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?A . Sponsored guest passwords must be at least ten...
Which of the following is the BEST logical control to address the failure?
An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which...
Which of the following technologies meet the compatibility requirement?
An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the following technologies meet the compatibility requirement? (Select three.)A . 3DESB . AESC . IDEAD . PKCSE . PGPF . SSL/TLSG . TEMPESTView AnswerAnswer: BDF
Which of the following has occurred?
Review the following results: Which of the following has occurred?A . This is normal network traffic.B . 123.120.110.212 is infected with a Trojan.C . 172.29.0.109 is infected with a worm.D . 172.29.0.109 is infected with a Trojan.View AnswerAnswer: A
Which of the following can a system administrator infer from the above output?
A system administrator has reviewed the following output: Which of the following can a system administrator infer from the above output?A . The company email server is running a non-standard port.B . The company email server has been compromised.C . The company is running a vulnerable SSH server.D . The...
Which of the following recommendations will BEST prevent the same attack from occurring in the future?
An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in...
After determining the alert was a true positive, which of the following represents the MOST likely cause?
A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?A . Attackers are running...
