- All Exams Instant Download
Which of the following best describes the potential security concern?
The following output is from a tcpdump al the edge of the corporate network: Which of the following best describes the potential security concern?A . Payload lengths may be used to overflow buffers enabling code execution.B . Encapsulated traffic may evade security monitoring and defensesC . This traffic exhibits a...
Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?
A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating...
Which of the following would be the best threat intelligence source to learn about this new campaign?
An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain...
When starting an investigation, which of the following must be done first?
When starting an investigation, which of the following must be done first?A . Notify law enforcementB . Secure the sceneC . Seize all related evidenceD . Interview the witnessesView AnswerAnswer: B Explanation: The first thing that must be done when starting an investigation is to secure the scene. Securing the...
Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?
During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine. Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?A . Generate hashes for each file from the hard drive.B . Create...
Which of the following best describes what the security program did?
A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?A . Data enrichmentB . Security control planeC . Threat feed combinationD...
Which of the following should the organization consider investing in first due to the potential impact of availability?
The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the...
Which of the following steps of the process does this describe?
An analyst is remediating items associated with a recent incident. The analyst has isolated the vulnerability and is actively removing it from the system. Which of the following steps of the process does this describe?A . EradicationB . RecoveryC . ContainmentD . PreparationView AnswerAnswer: A Explanation: Eradication is a step...
Which of the following most likely describes the observed activity?
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...
Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?
Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?A . Determine the sophistication of the audience that the report is meant forB . Include references and sources of information on the first pageC...
