- All Exams Instant Download
Which of the following would be BEST to implement in the legacy application?
Portions of a legacy application are being refactored to discontinue the use of dynamic SQL. Which of the following would be BEST to implement in the legacy application?A . Multifactor authenticationB . Web-application firewallC . SQL injectionD . Parameterized queriesE . Input validationView AnswerAnswer: C
A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities. The type of vulnerability that should be disseminated FIRST is one that:
A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities. The type of vulnerability that should be disseminated FIRST is one that:A . enables remote code execution that is being exploited in the wild.B . enables data leakage but is not known to be in the environmentC ....
Which of the following BEST describes the firewall rule?
A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall’s behavior and responses. The analyst executes the following commands: The analyst then compares the following results for port 22: nmap returns “Closed” hping3 returns “flags=RA” Which of the following BEST describes...
Which of the following commands should the analyst use?
An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use?A . tcpdump CX dst port 21B . ftp ftp.server Cp 21C . nmap Co ftp.server Cp 21D . telnet...
Which of the following should the security analyst perform NEXT?
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?A . Begin blocking all IP addresses within that subnet.B . Determine the attack vector and total attack surface.C...
Which of the following is the NEXT step the analyst should take?
During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content. Which of the following is the NEXT step the analyst should take?A . Only allow whitelisted binaries to execute.B . Run an...
Which of the following should be used to identify the traffic?
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices. Which of the following should be used to identify the traffic?A . CarvingB...
Which of the following is a benefit of having these communication plans?
An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers. Which of the following is a benefit of having these communication plans?A . They can help to prevent the inadvertent release of damaging...
Understanding attack vectors and integrating intelligence sources are important components of:
Understanding attack vectors and integrating intelligence sources are important components of:A . proactive threat huntingB . risk management compliance.C . a vulnerability management plan.D . an incident response plan.View AnswerAnswer: C
Which of the following is the MOST likely reason for this vulnerability?
A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output: Which of the following is the MOST likely reason for this vulnerability?A . The developer set input validation protection on the specific field of search.aspx.B...
