Which of the following most accurately describes the result of the scan?
The security team reviews a web server for XSS and runs the following Nmap scan: Which of the following most accurately describes the result of the scan?A . An output of characters > and " as the parameters used m the attemptB . The vulnerable parameter ID hccp://l72.31.15.2/1.php?id-2 and unfiltered...
Which of the following is the best option to protect the data on the remote users' laptops?
An organization supports a large number of remote users. Which of the following is the best option to protect the data on the remote users' laptops? A. Require the use of VPNs. B. Require employees to sign an NDA. C. Implement a DLP solution. D. Use whole disk encryption.View AnswerAnswer:...
Which of the following has the user become?
A user downloads software that contains malware onto a computer that eventually infects numerous other systems. Which of the following has the user become?A . HacklivistB . Advanced persistent threatC . Insider threatD . Script kiddieView AnswerAnswer: C Explanation: The user has become an insider threat by downloading software that...
Which of the following describes the most likely cause of the issue?
A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device. The security analyst then identifies the following additional details: • Bursts of network utilization occur approximately every seven days. • The content being transferred appears to be encrypted or obfuscated. • A separate...
Which of the following is the most likely reason to include lessons learned?
An incident response team finished responding to a significant security incident. The management team has asked the lead analyst to provide an after-action report that includes lessons learned. Which of the following is the most likely reason to include lessons learned?A . To satisfy regulatory requirements for incident reportingB ....
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAMB . IDSC . PKID . DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...
Which of the following implications should be considered on the new hybrid environment?
A company is implementing a vulnerability management program and moving from an on-premises environment to a hybrid IaaS cloud environment. Which of the following implications should be considered on the new hybrid environment?A . The current scanners should be migrated to the cloudB . Cloud-specific misconfigurations may not be detected...
As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?
As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?A . Critical asset listB ....
Which of the following vulnerabilities should be patched first, given the above third-party scoring system?
A vulnerability management team is unable to patch all vulnerabilities found during their weekly scans. Using the third-party scoring system described below, the team patches the most urgent vulnerabilities: Additionally, the vulnerability management team feels that the metrics Smear and Channing are less important than the others, so these will...
Which of the following is the best recommendation to ensure proper error handling at runtime?
A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?A . Perform static code analysis.B . Require application fuzzing.C . Enforce input validation.D . Perform a code review.View AnswerAnswer: D Explanation: Performing a code review is...