- All Exams Instant Download
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?A . The lead should review what is documented in the incident response policy or plan B. Management level members of the CSIRT should make that decision C. The lead...
Which of the following is the first step that should be performed when establishing a disaster recovery plan?
Which of the following is the first step that should be performed when establishing a disaster recovery plan?A . Agree on the goals and objectives of the plan B. Determine the site to be used during a disaster C Demonstrate adherence to a standard disaster recovery process D. Identity applications...
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAM B. IDS C. PKI D. DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...
Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?
A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to...
Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?
Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?A . Develop a call tree to inform impacted users B. Schedule a review with all teams to discuss what occurred C. Create an executive summary to...
Which of the following will produce the data needed for the briefing?
A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logs B. Indicators of compromise C. Risk assessment D. Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...
Which of the following describes what the analyst has noticed?
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?A . Beaconing B. Cross-site scripting C. Buffer overflow D. PHP traversalView AnswerAnswer: A Explanation:
Which of the following solutions will assist in reducing the risk?
The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?A . Deploy a CASB and enable policy enforcement B. Configure MFA...
Under the terms of PCI DSS, which of the following groups should the organization report the breach to?
An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?A . PCI Security Standards Council B. Local law enforcement C. Federal law enforcement D. Card issuerView AnswerAnswer: D Explanation: Under the terms of...
Which of the following can the analyst perform to see the entire contents of the downloaded files?
A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...
