Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?
An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?A . A simulated breach scenario involving the incident response teamB . Completion of annual information security...
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)A . Parameterized queriesB . Session managementC . Input validationD . Output encodingE . Data protectionF . AuthenticationView AnswerAnswer: A,C Explanation: Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
Which of the following describes the type of vulnerability that was MOST likely expiated?
A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely expiated?A . Insider threatB . Buffer overflowC . Advanced persistent threatD...
When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?
When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?A . nmap CsA CO <system> -nopingB . nmap CsT CO <system> -P0C . nmap CsS CO <system> -P0D . nmap CsQ CO <system> -P0View...
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host.
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period: To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.A . DST 138.10.2.5.B . DST 138.10.25.5.C . DST 172.10.3.5.D . DST...
In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?
A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?A . Public relations must receive information promptly in...
Which of the following cloud recovery strategies would work BEST to attain the desired outcome?
An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?A . Duplicate all services in another...
Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?
A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below: Based on the scenario...
Which of the following commands would work BEST to achieve the desired result?
A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log: Which...
After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?
As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?A . Critical asset listB ....