NO.58 It is important to parameterize queries to prevent:

A. the execution of unauthorized actions against a database.

B. a memory overflow that executes code with elevated privileges.

C. the esrtablishment of a web shell that would allow unauthorized access.

D. the queries from using an outdated library with security vulnerabilities.

NO.59 A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report

C. An unauthorized user is using login credentials in a script.

A. Users 4 and 5 are using their credentials to transfer files to multiple servers.

B. Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

D. A bot is running a brute-force attack in an attempt to log in to the domain.

NO.60 A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named webserverlist.xml. The host list is provided in a file named webserverlist.txt. Which of the following IT Certification Guaranteed, The Easy Way! Nmap commands would BEST accomplish this goal?

B. nmap -iL webserverlist.txt -sV -p 443 -oX webserverlist.xml

A. nmap -iL webserverlist.txt -sC -p 443 -oX webserverlist.xml

C. nmap -iL webserverlist.txt -F -p 443 -oX webserverlist.xml

D. nmap --takefile webserverlist.txt --outputfileasXML webserverlist.xml -scanports 443

NO.61 An analyst must review a new cloud-based SIEM solution. Which of the following should the analyst do FIRST prior to discussing the company's needs?

D. Ensure a current non-disclosure agreement is on file

A. Perform a vulnerability scan against a test instance

B. Download the product security white paper.

C. Check industry news feeds for product reviews.

NO.62 An organization's Cruel Information Security Officer is concerned the proper control are not in place to identify a malicious insider Which of the following techniques would be BEST to identify employees who attempt to steal data or do harm to the organization?

C. Analyze logs to determine if a user is consuming large amounts of bandwidth at odd hours ol the day

A. Place a text file named Passwords txt on the local file server and create a SIEM alert when the file is accessed

B. Segment the network so workstations are segregated from servers and implement detailed logging on the jumpbox

D. Perform a review of all users with privileged access and monitor web activity logs from the organization's pfoxy

NO.63 The inability to do remote updates of certificates. keys software and firmware is a security issue commonly associated with:

A. web servers on private networks.

NO.66 An organization supports a large number of remote users. Which of the following is the BEST option to protect the data on the remote users1 laptops?

C. Require employees to sign an NDA.

NO.67 An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

D. Perform automated security controls testing of expected configurations pnor to production

A. Perform password-cracking attempts on all devices going into production

B. Perform an Nmap scan on all devices before they are released to production

C. Perform antivirus scans on all devices before they are approved for production

Which of the following is the BEST step for the analyst to lake next in this situation?

D. Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

A. Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

B. After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

C. Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?

D. NO FLAGS are set indicates the testing team is using hping

A. flags=RA indicates the testing team is using a Christmas tree attack

B. ttl=64 indicates the testing team is setting the time to live below the firewall's threshold

C. 0 data bytes indicates the testing team is crafting empty ICMP packets

NO.71 An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:

D. senior management's guidance

NO.72 A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?

D. Conduct threat research on the IP addresses

A. Begin blocking all IP addresses within that subnet.

B. Determine the attack vector and total attack surface.

C. Begin a kill chain analysis to determine the impact.

NO.73 An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply.

C. Use Wireshark to capture packets between SCADA devices and the management system.

A. Use Burp Suite to capture packets to the SCADA device's IP.

B. Use tcpdump to capture packets from the SCADA device IP.

D. Use Nmap to capture packets from the management system to the SCADA devices

NO.75 A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

A. Implement port security with one MAC address per network port of the switch.

B. Deploy network address protection with DHCP and dynamic VLANs.

C. Configure 802.1X and EAPOL across the network

D. Implement software-defined networking and security groups for isolation

NO.77 A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

D. Indicator enrichment and research pivoting

A. Requirements analysis and collection planning

C. Recovery and post-incident review

NO.79 A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations hich of the following steps in the intelligence cycle is the security analyst performing?

C. Dissemination and evaluation

NO.82 During a cyber incident, which of the following is the BEST course of action?

D. Limit communications to pre-authorized parties to ensure response efforts remain confidential

A. Switch to using a pre-approved, secure, third-party communication syste

B. Keep the entire company informed to ensure transparency and integrity during the incident.

C. Restrict customer communication until the severity of the breach is confirmed.

NO.83 A security analyst is reviewing WAF logs and notes requests against the corporate website are increasing and starting to impact the performance of the web server. The security analyst queries the logs for requests that triggered an alert on the WAF but were not blocked. Which of the following possible TTP combinations might warrant further investigation? (Select TWO)

A. Requests identified by a threat intelligence service with a bad reputation

B. Requests sent from the same IP address using different user agents

C. Requests blocked by the web server per the input sanitization

D. Failed log-in attempts against the web application

E. Requests sent by NICs with outdated firmware F. Existence of HTTP/501 status codes generated to the same IP address

Based on the above output, which Of the following tools or techniques is MOST likely being used? (ExamTopic'e gore guncellendi)

E. Port aE. Port address translationddress translation

NO.86 Which of the following is a difference between SOAR and SCAP?

B. SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope

A. SOAR can be executed taster and with fewer false positives than SCAP because of advanced heunstics

C. SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does

D. SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts

NO.88 A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?

D. Run a hash against the source and the destination.

A. Insert the hard drive on a test computer and boot the computer.

B. Record the serial numbers of both hard drives.

C. Compare the file-directory "sting of both hard drives.

The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

C. It no longer accepts the vulnerable cipher suites

B. It only accepts cipher suites using AES and SHA

D. SSL/TLS is offloaded to a WAF and load balancer

NO.95 A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC: ../../../../bin/bash Which of the following commands can be used to determine if the string is present in the log?

C. grep "../../../. ./bin/bash" < access.log

A. echo access.log | grep "../../../../bin/bash"

B. grep "../../../../bin/bash" 1 cat access.log

D. cat access.log > grep "../../../ ../bin/bash"

NO.96 Which of the following are the MOST likely reasons lo include reporting processes when updating an incident response plan after a breach? (Select TWO).

B. To meet regulatory requirements for timely reporting

C. To limit reputation damage caused by the breach

A. To establish a clear chain of command

D. To remediate vulnerabilities that led to the breach E. To isolate potential insider threats

F. To provide secure network design changes

Which of the following is the MOST likely reason for the change?

A. To reject email from servers that are not listed in the SPF record

B. To reject email from email addresses that are not digitally signed.

C. To accept email to the company's domain.

D. To reject email from users who are not authenticated to the network.

NO.99 A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?

A. A TXT record on the name server for SPF

B. DNSSEC keys to secure replication

D. A sandbox to check incoming mad

NO.100 A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame. Which of the following is the MOST likely cause of this issue?

A. A password-spraying attack was performed against the organization.

B. A DDoS attack was performed against the organization.

C. This was normal shift work activity; the SIEM's AI is learning.

D. A credentialed external vulnerability scan was performed.

CySA+ (51-100)

Authored by cysa cysa

Computers

Used 42+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 1 pt

NO.51 An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO)

A. Resetting the phone to factory settings

B. Rebooting the phone and installing the latest security updates

C. Documenting the respective chain of custody

D. Uninstalling any potentially unwanted programs

E. Performing a memory dump of the mobile device for analysis

F. Unlocking the device by browsing the eFuse

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.52 An analyst receives an alert from the continuous-monitoring solution about unauthorized
changes to the firmware versions on several field devices. The asset owners confirm that no firmware
version updates were performed by authorized technicians, and customers have not reported any
performance issues or outages. Which Of the following actions would be BEST for the analyst to
recommend to the asset owners to secure the devices from further exploitation?

A. Change the passwords on the devices.

B. Implement BIOS passwords.

C. Remove the assets from the production network for analysis

D. Report the findings to the threat intel community.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.53 A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

A. The server is receiving a secure connection using the new TLS 1.3 standard

B. Someone has configured an unauthorized SMTP application over SSL

C. The traffic is common static data that Windows servers send to Microsoft

D. A connection from the database to the web front end is communicating on the port

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.54 Due to the continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

A. Smart cards

B. Multifactor authentication

C. Biometrics

D. Increased password-rotation frequency

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.55 A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further in investigation?

A. Data carving

B. Timeline construction

C. File cloning

D. Reverse engineering

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.56 A company's Chief Information Officer wants to use a CASB solution to ensure policies are
being met during cloud access. Due to the nature of the company's business and risk appetite, the
management team elected to not store financial information in the cloud. A security analyst needs to
recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the
following should the analyst recommend?

A. Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on

premises.

B. Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.

C. Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the

cloud.

D. Do not utilize the CASB solution for this purpose, but add DLP on premises for data at res

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.57 A general contractor has a list of contract documents containing critical business data that are stored at a public cloud provider. The organization's security analyst recently reviewed some of the storage containers and discovered most of the containers are not encrypted. Which of the following configurations will provide the MOST security to resolve the vulnerability?

A. Upgrading TLS 1.2 connections to TLS 1.3

B. Implementing AES-256 encryption on the containers

C. Enabling SHA-256 hashing on the containers

D. Implementing the Triple Data Encryption Algorithm at the file level

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

45 questions

Microsoft Excels: Formulas and Functions

Quiz

•

12th Grade - University

48 questions

2023 W5 Emails

Quiz

•

6th - 8th Grade

50 questions

TIN HOC 11- GIỮA HK2 - NĂM 2023-2024

Quiz

•

11th Grade

47 questions

Year 8: End of Year Assessment

Quiz

•

8th Grade

45 questions

TJBL WAN KLS 11 SINIU

Quiz

•

11th Grade

50 questions

UH 1

Quiz

•

University

48 questions

Soal HTML & CSS

Quiz

•

9th - 12th Grade

50 questions

ULANGAN HARIAN BAB 3 TIK

Quiz

•

7th Grade

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Computers

9 questions

FOREST Perception

Lesson

•

20 questions

Place Value

Quiz

•

KG - 3rd Grade

15 questions

Grammar

Quiz

•

KG - 7th Grade

10 questions

Sound Energy Assessment

Quiz

•

KG - 2nd Grade

10 questions

Sound Energy

Quiz

•

KG - 2nd Grade

10 questions

Counting Dimes and Pennies

Quiz

•

KG - 2nd Grade

10 questions

Dr. Seuss

Quiz

•

KG - 5th Grade

10 questions

Place Value: Hundreds, Tens, and Ones

Quiz

•

KG - 2nd Grade