- All Exams Instant Download
Which of the following is the first action the analyst should take in this situation?
A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation?A . Develop a dashboard to track the indicators of compromise.B . Develop a query to search for...
Which of the following is the first step that should be performed when establishing a disaster recovery plan?
Which of the following is the first step that should be performed when establishing a disaster recovery plan?A . Agree on the goals and objectives of the planB . Determine the site to be used during a disaster C Demonstrate adherence to a standard disaster recovery processC . Identity applications...
Which of the following is an important aspect that should be included in the lessons-learned step after an incident?
Which of the following is an important aspect that should be included in the lessons-learned step after an incident?A . Identify any improvements or changes in the incident response plan or proceduresB . Determine if an internal mistake was made and who did it so they do not repeat the...
Which of the following is the best priority based on common attack frameworks?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack...
Which of the following most accurately describes the result of the scan?
The security team reviews a web server for XSS and runs the following Nmap scan: Which of the following most accurately describes the result of the scan?A . An output of characters > and " as the parameters used m the attemptB . The vulnerable parameter ID hccp://l72.31.15.2/1.php?id-2 and unfiltered...
Which of the following best describes what is happening?
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . BeaconinqB . Domain Name System...
Which of the following describes what the analyst has noticed?
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?A . BeaconingB . Cross-site scriptingC . Buffer overflowD . PHP traversalView AnswerAnswer: A Explanation:
Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?
Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?A . Command and controlB . Actions on objectivesC . ExploitationD . DeliveryView AnswerAnswer: A Explanation: Command and control (C2) is a phase of the Cyber Kill Chain that...
Which of the following must be collected first in a computer system, related to its volatility level?
During an incident, an analyst needs to acquire evidence for later investigation. Which of the following must be collected first in a computer system, related to its volatility level?A . Disk contentsB . Backup dataC . Temporary filesD . Running processesView AnswerAnswer: D Explanation: The most volatile type of evidence...
Which of the following would be the best threat intelligence source to learn about this new campaign?
An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain...
