- All Exams Instant Download
Which of the following best describes what is happening?
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . Beaconinq B. Domain Name System...
When starting an investigation, which of the following must be done first?
When starting an investigation, which of the following must be done first?A . Notify law enforcement B. Secure the scene C. Seize all related evidence D. Interview the witnessesView AnswerAnswer: B Explanation: The first thing that must be done when starting an investigation is to secure the scene. Securing the...
Which of the following has occurred?
The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry change B. Rename computer C. New account introduced D. Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?A . The lead should review what is documented in the incident response policy or plan B. Management level members of the CSIRT should make that decision C. The lead...
Which of the following choices should the analyst look at first?
Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...
Which of the following scripting languages was used in the script?
A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: Which of the following scripting languages was used in the script?A . PowerShel B. Ruby C. Python D....
Which of the following factors would an analyst most likely communicate as the reason for this escalation?
An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?A . Scope B. Weaponization C. CVSS...
Which of the following items should be included in a vulnerability scan report? (Choose two.)
Which of the following items should be included in a vulnerability scan report? (Choose two.)A . Lessons learned B. Service-level agreement C. Playbook D. Affected hosts E. Risk score F. Education planView AnswerAnswer: D, E Explanation: A vulnerability scan report should include information about the affected hosts, such as their...
Which of the following is the best technique to perform the analysis?
A security analyst received a malicious binary file to analyze. Which of the following is the best technique to perform the analysis?A . Code analysis B. Static analysis C. Reverse engineering D. FuzzingView AnswerAnswer: C Explanation: Reverse engineering is a technique that involves analyzing a binary file to understand its...
Which of the following would best protect this organization?
The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?A . A mean time to remediate of 30 days B. A mean time to...
