NO.358 When investigating a report of a system compromise, a security analyst views the following/var/log/secure log file:Which of the following can the analyst conclude from viewing the log file?

B. The comptia user executed the sudo su command.

A. The comptia user knows the sudo password.

C. The comptia user knows the root password.

D. The comptia user added himself or herself to the /etc/sudoers file.

NO.359 An organization has several systems that require specific logons Over the past few months,the security analyst has noticed numerous failed logon attempts followed by password resets. Whichof the following should the analyst do to reduce the occurrence of legitimate failed logons andpassword resets?

A. Use SSO across all applications

B. Perform a manual privilege review

C. Adjust the current monitoring and logging rules

D. Implement multifactor authentication

NO.361 A security analyst is reviewing the following DNS logs as part of security-monitoringactivities: Which of the following MOST likely occurred?

C. The attack caused an internal host to connect to a command and control server

A. The attack used an algorithm to generate command and control information dynamically.

B. The attack used encryption to obfuscate the payload and bypass detection by an IDS.

D. The attack attempted to contact www.gooqle com to verify Internet connectivity

NO.364 During an incident investigation, a security analyst discovers the web server is generating anunusually high volume of logs The analyst observes the following response codes:* 20% of the logs are 403* 20% of the logs are 404* 50% of the logs are 200* 10% of the logs are other codesThe server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which ofthe following commands should the analyst use to identify the source of the activity?

B. cat access_log Igrep " 200 "

A. cat access_log Igrep " 403 "

C. cat access_log Igrep " 100 "

D. cat access_log Igrep " 4 04 "

E. cat access_log Igrep " 204 "

NO.365 Ransomware is identified on a company's network that affects both Windows and MAChosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to65000. The channel goes to good1. Iholdbadkeys.com , which resolves to IP address 72.172.16.2.Which of the following is the MOST effective way to prevent any newly infected systems fromactually encrypting the data on connected network drives while causing the least disruption tonormal Internet traffic?

A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.

B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.

C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.

D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at theborder gateway.

NO.366 A security manager has asked an analyst to provide feedback on the results of a penetrationIT Certification Guaranteed, The Easy Way!123test. After reviewing the results, the manager requests information regarding the possibleexploitation of vulnerabilities. Which of the following information data points would be MOST usefulfor the analyst to provide to the security manager, who would then communicate the risk factors tothe senior management team? (Select TWO)

E. Classification F. Indicators of compromise

NO.369 During a routine review of service restarts a security analyst observes the following in aserver log: Which of the following is the GREATEST security concern?

A. The daemon's binary was AChanged

B. Four consecutive days of monitoring are skipped in the tog

C. The process identifiers for the running service change

D. The PIDs are continuously changing

NO.372 An organization wants to move non-essential services into a cloud computing environment.Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Whichof the following cloud recovery strategies would work BEST to attain the desired outcome?

C. Set up a warm disaster recovery site with the same cloud provider in a different region

A. Duplicate all services in another instance and load balance between the instances.

B. Establish a hot site with active replication to another region within the same cloud provider.

D. Configure the systems with a cold site at another cloud provider that can be used for failover

NO.374 Employees of a large financial company are continuously being Infected by strands ofmalware that are not detected by EDR tools. When of the following Is the BEST security control toimplement to reduce corporate risk while allowing employees to exchange files at client sites?

B. Additional host firewall rules

C. VDI environmentD. Hard drive encryption

NO.375 A team of security analysts has been alerted to potential malware activity. The initialexamination indicates one of the affected workstations is beaconing on TCP port 80 to five IPaddresses and attempting to spread across the network over port 445. Which of the following shouldbe the team's NEXT step during the detection phase of this response process?

D. Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

A. Escalate the incident to management, who will then engage the network infrastructure team tokeep them informed.

B. Depending on system criticality, remove each affected device from the network by disabling wiredand wireless connections

C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the fiveIP addresses.

NO.376 An organization has been seeing increased levels of malicious traffic. A security analystwants to take a more proactive approach to identify the threats that are acting against theorganization's network. Which of the following approaches should the security analyst recommend?

D. Use SCAP scans to monitor for configuration changes on the network.

A. Use the MITRE ATT&CK framework to develop threat models

B. Conduct internal threat research and establish indicators of compromise.

C. Review the perimeter firewall rules to ensure rule-set accuracy

The help desk provided a security analyst with a screenshot of a user's desktop: For which of the following is aircrack-ng being used?

A. Wireless access point discovery

NO.378 An analyst is responding to an incident within a cloud infrastructure Based on the logs andtraffic analysis, the analyst thinks a container has been compromised Which of the following shouldIhe analyst do FIRST?

D. Isolate the container from production using a predefined policy template

A. Perform threat hunting in other areas of the cloud infrastructure

B. Contact law enforcement to report the incident

C. Perform a root cause analysis on the container and the service logs

NO.379 Joe, a penetration tester, used a professional directory to identify a network administratorand ID administrator for a client's company. Joe then emailed the network administrator, identifyinghimself as the ID administrator, and asked for a current password as part of a security exercise.Which of the following techniques were used in this scenario?

C. Social media profiling and phishing

A. Enumeration and OS fingerprinting

B. Email harvesting and host scanning

NO.381 A new vanant of malware is spreading on ihe company network using TCP 443 to contact itscommand-and-control server The domain name used for callback continues to change, and theanalyst is unable to predict future domain name variance Which of the following actions should theanalyst take to stop malicious communications with the LEAST disruption to service?

A. Implement a sinkhole with a high entropy level

B. Disable TCP/53 at the penmeter firewall

C. Block TCP/443 at the edge router

D. Configure the DNS forwarders to use recursion

NO.383 A security analyst has discovered trial developers have installed browsers on alldevelopment servers in the company's cloud infrastructure and are using them to browse theInternet. Which of the following changes should the security analyst make to BEST protect theenvironment?

A. Create a security rule that blocks Internet access in the development VPC

B. Place a jumpbox m between the developers' workstations and the development VPC

C. Remove the administrator profile from the developer user group in identity and accessmanagement

D. Create an alert that is triggered when a developer installs an application on a server

NO.386 A security analyst recently discovered two unauthorized hosts on the campus's wirelessnetwork segment from a man-m-the-middle attack .The security analyst also verified that privilegeswere not escalated, and the two devices did not gain access to other network devices Which of thefollowing would BEST mitigate and improve the security posture of the wireless network for this typeof attack?

A. Enable MAC filtering on the wireless router and suggest a stronger encryption for the wirelessnetwork,

B. Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.

C. Enable MAC filtering on the wireless router and create a whitelist that allows devices on thenetwork

D. Conduct a wireless survey to determine if the wireless strength needs to be reduced.

NO.388 During the forensic analysis of a compromised machine, a security analyst discovers somebinaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst findsunexpected content Which of the following is the NEXT step the analyst should take?

D. Validate the binaries' hashes from a trusted source

A. Only allow whitelisted binaries to execute.

B. Run an antivirus against the binaries to check for malware

C. Use file integrity monitoring to validate the digital signature

NO.389 An organization recently discovered some inconsistencies in the motherboards it receivedfrom a vendor. The organization's security team then provided guidance on how to ensure theauthenticity of the motherboards it received from vendors.Which of the following would be the BEST recommendation for the security analyst to provide'?

D. The organization should use a certified, trusted vendor as part of the supply chain.

A. The organization should evaluate current NDAs to ensure enforceability of legal actions.

B. The organization should maintain the relationship with the vendor and enforce vulnerability scans.

C. The organization should ensure all motherboards are equipped with a TPM.

NO.390 An analyst is reviewing the following output as part of an incident: Which of the Wowing is MOST likely happening?

A. The hosts are part of a reflective denial -of -service attack

B. Information is leaking from the memory of host 10.20 30.40

C. Sensitive data is being exfilltrated by host 192.168.1.10

D. Host 291.168.1.10 is performing firewall port knocking.

NO.391 An organization wants to implement a privileged access management solution to beltermanage the use ot emergency and privileged service accounts Which of the following would BEST satisfy the organization's goal?

B. Discretionary access controls

C. Policy-based access controls

NO.392 Which of the following is the MOST important objective of a post-incident review?

A. Capture lessons learned and improve incident response processes

B. Develop a process for containment and continue improvement efforts

C. Identify new technologies and strategies to remediate

D. Identify a new management strategy

NO.393 To prioritize the morning's work, an analyst is reviewing security alerts that have not yetbeen investigated. Which of the following assets should be investigated FIRST?

D. The laptop of the vice president that is on the corporate LAN

A. The workstation of a developer who is installing software on a web server

B. A new test web server that is in the process of initial installation

C. An accounting supervisor's laptop that is connected to the VPN

NO.394 Which of the following is an advantage of SOAR over SIEM?

B. SOAR reduces the amount of human intervention required.

C. SOAR can aggregate data from many sources.

D. SOAR uses more robust encryption protocols

NO.395 After a series of Group Policy Object updates, multiple services stopped functioning. Thesystems administrator believes the issue resulted from a Group Policy Object update but cannotvalidate which update caused the Issue. Which of the following security solutions would resolve thisissue?

B. Group Policy Object management

NO.396 Which of the following sets of attributes BEST illustrates the characteristics of an insiderthreat from a security perspective?

C. Authorized, intentional, malicious

A. Unauthorized, unintentional, benign

B. Unauthorized, intentional, malicious

D. Authorized, unintentional, benign

NO.398 A company was recently awarded several large government contracts and wants todetermine its current risk from one specific APT.Which of the following threat modeling methodologies would be the MOST appropriate to use duringthis analysis?

C. Diamond Model of Intrusion Analysis

CYSA + (351-400)

Quiz

•

Computers

•

Practice Problem

•

Medium

cysa cysa

Used 23+ times

FREE Resource

C. Implement multifactor authentication.

D. Add more security resources to the environment

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.356 A security analyst inspects the header of an email that is presumed to be malicious and seesthe following: Which of the following is inconsistent with the rest of the header and should be treated assuspicious?

A. The subject line

B. The sender's email address

C. The destination email server

D. The use of a TLS cipher

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.357 Which of the following is a best practice when sending a file/data to another individual in anorganization?

A. Encrypt the file but do not compress it

B. When encrypting, split the file: and then compress each file

C. Compress and then encrypt the file.

D. Encrypt and then compress the file.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

48 questions

9.1.4 Python Quiz 🐍

Quiz

•

9th Grade

50 questions

LATIHAN SOAL

Quiz

•

10th Grade - University

51 questions

AZ-900 Practice Test 3

Quiz

•

Professional Development

47 questions

Ôn Tập Giữa Kỳ II - Tin Học 8

Quiz

•

8th Grade

50 questions

ICT - SUMMATIVE QUIZ

Quiz

•

10th Grade

50 questions

HCI MIDTERM EXAMINATIONS

Quiz

•

12th Grade

50 questions

TTL QUIZ 2

Quiz

•

KG - University

45 questions

Techie Tech

Quiz

•

7th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

Place Value

Quiz

•

KG - 3rd Grade

6 questions

3.3 Magnets

Quiz

•

20 questions

Ch. 7 Quadrilateral Quiz Review

Quiz

•

KG - University

12 questions

HOMOPHONES

Lesson

•

KG - 4th Grade

10 questions

Long i- igh, ie, and y Quiz

Quiz

•

KG - 3rd Grade

12 questions

Quarter Past, Half Past, and Quarter To

Quiz

•

KG - 12th Grade

20 questions

Capitalization in sentences

Quiz

•

KG - 4th Grade

14 questions

Reference Sources

Lesson

•

KG - 3rd Grade