- All Exams Instant Download
Which of the following most likely describes the observed activity?
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAM B. IDS C. PKI D. DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...
Which of the following best describes what is happening?
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . Beaconinq B. Domain Name System...
Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?
Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?A . Develop a call tree to inform impacted users B. Schedule a review with all teams to discuss what occurred C. Create an executive summary to...
Which of the following describes what the analyst has noticed?
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?A . Beaconing B. Cross-site scripting C. Buffer overflow D. PHP traversalView AnswerAnswer: A Explanation:
Which of the following tuning recommendations should the security analyst share?
An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed: Which of the following tuning recommendations should the security analyst share?A . Set an HttpOnlvflaq to force communication by HTTPS B. Block requests without an X-Frame-Options header C. Configure an Access-Control-Allow-Origin header...
Which of the following can the analyst perform to see the entire contents of the downloaded files?
A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...
Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?
A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to...
Which of the following most likely describes the observed activity?
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...
Which of the following most likely describes the observed activity?
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...
