- All Exams Instant Download
Which of the following should the security analyst perform NEXT?
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful . Which of the following should the security analyst perform NEXT?A . Begin blocking all IP addresses within that subnet. B. Determine the attack vector and total attack...
Which of the following commands would work BEST to achieve the desired result?
A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log: Which...
Which of the following should the cybersecurity analyst do FIRST?
A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?A . Apply the required patches to remediate the vulnerability. B. Escalate the incident to senior management for guidance. C. Disable all privileged user accounts on the network....
Which of the following would BEST meet that goal?
An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations . Which of the following would BEST meet that goal?A . Root-cause analysis B. Active response C. Advanced antivirus D. Information-sharing community E. Threat huntingView...
Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint . Which of the following data sources will BEST help the analyst to determine whether this event constitutes an...
Which of the following are components of the intelligence cycle? (Select TWO.)
Which of the following are components of the intelligence cycle? (Select TWO.)A . Collection B. Normalization C. Response D. Analysis E. Correction F. DissensionView AnswerAnswer: B,E
Which of the following is the MOST likely cause of this issue?
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame. Which of the following is...
Which of the following should be done to prevent this issue from reoccurring?
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features....
Which of the following is the BEST course of action?
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month. The affected servers are virtual machines. Which of the following is the...
Which of the following would be the BEST solution to recommend to the director?
A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future. Which of the following would be the BEST...
