NO.308 According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found. Which of the following actions is the BEST option to fix the vulnerability in the source code?

C. Validate user input before execution and interpretation.

A. Delete the vulnerable section of the code immediately.

B. Create a custom rule on the web application firewall.

NO.310 In web application scanning, static analysis refers to scanning:

B. the compiled code of the application to detect possible issues.

A. the system for vulnerabilities before installing the application.

C. an application that is installed and active on a system.

D. an application that is installed on a system that is assigned a static IP.

NO.311 A company recently experienced multiple DNS DDoS attacks, and the information security analyst must provide a DDoS solution to deploy in the company's datacenter Which of the following would BEST prevent future attacks?

A. Configure a sinkhole on the router

B. Buy a UTM to block the number of requests.

C. Route the queries on the DNS server to 127.0.0.1.

D. Call the Internet service provider to block the attack.

NO.313 A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised Which of the following would provide the BEST results?

A. Baseline configuration assessment

NO.318 A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

D. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

A. Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested

B. Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried

C. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443

NO.319 An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device Which of the following should the analyst do to BEST mitigate future attacks?

D. Block third-party applications

C. Patch the mobile device's OS

NO.320 A company has contracted with a software development vendor to design a web portal for customers to access a medical records database. Which of the following should the security analyst recommend to BEST control the unauthorized disclosure of sensitive data when sharing the development database with the vendor?

D. Use a de-identified data process for the development database.

A. Establish an NDA with the vendor.

B. Enable data masking of sensitive data tables in the database.

C. Set all database tables to read only.

NO.321 Which of the following should be found within an organization's acceptable use policy?

D. Consequences of violating the policy could include discipline up to and including termination.

A. Passwords must be eight characters in length and contain at least one special character.

B. Customer data must be handled properly, stored on company servers, and encrypted when possible

C. Administrator accounts must be audited monthly, and inactive accounts should be removed.

NO.323 During an investigation, an analyst discovers the following rule in an executive's email client: IF * TO THEN mailto: SELECT FROM 'sent' THEN DELETE FROM The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

A. Check the server logs to evaluate which emails were sent to <someaddress@domain.com>

B. Use the SIEM to correlate logging events from the email server and the domain server

C. Remove the rule from the email client and change the password

D. Recommend that management implement SPF and DKIM

NO.324 The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?

C. Blacklisting unauthorized IP addresses

A. Whitelisting authorized IP addresses

B. Enforcing more complex password requirements

D. Establishing a sinkhole service

NO.327 A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company's internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems: Existence of a new and unexpected svchost exe process Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred * DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain If this situation remains unresolved, which of the following will MOST likely occur?

C. Key files on the affected hosts may become encrypted and require ransom payment for unlock.

A. The affected hosts may participate in a coordinated DDoS attack upon command

B. An adversary may leverage the affected hosts to reconfigure the company's router ACLs.

D. The adversary may attempt to perform a man-in-the-middle attack.

NO.328 A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats. Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

A. Development of a hypothesis as part of threat hunting

B. Log correlation, monitoring, and automated reporting through a SIEM platform

C. Continuous compliance monitoring using SCAP dashboards

D. Quarterly vulnerability scanning using credentialed scans

NO.332 Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

C. Configure filesystem encryption

B. Implement a self-encrypted disk.

E. Enable Secure Boot using TPM

NO.333 A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output: Antivirus is installed on the remote host: Installation path: C:\Program Files\AVProduct\Win32\ Product Engine: 14.12.101 Engine Version: 3.5.71 Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported. The engine version is out of date. The oldest supported version from the vendor is 4.2.11. The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

C. This is a true positive, and the new computers were imaged with an old version of the software

A. This is a false positive, and the scanning plugin needs to be updated by the vendor.

B. This is a true negative, and the new computers have the correct version of the software.

D. This is a false negative, and the new computers need to be updated by the desktop team.

NO.334 A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with acKvare. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?

D. Block the download of the fie via the web proxy

A. Blacklist the hash in the next-generation antivirus system.

B. Manually delete the file from each of the workstations.

C. Remove administrative rights from all developer workstations.

NO.335 Which of the following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

B. It enables standard checklist and vulnerability analysis expressions for automation

A. It automatically performs remedial configuration changes to enterprise security services

C. It establishes a continuous integration environment for software development operations

D. It provides validation of suspected system vulnerabilities through workflow orchestration

NO.337 A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

C. Access to logs may be delayed for some time.

A. Logs may contain incorrect information.

B. SAML logging is not supported for cloud-based authentication.

D. Log data may be visible to other customers.

NO.338 A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

A. Implement a secure supply chain program with governance

B. Implement blacklisting for IP addresses from outside the country

C. Implement strong authentication controls for all contractors

D. Implement user behavior analytics for key staff members

NO.340 An organization is experiencing issues with emails that are being sent to external recipients Incoming emails to the organization are working fine. A security analyst receives the following screenshot ot email error from the help desk.The analyst the checks the email server and sees many of the following messages in the logs. Error 550 - Message rejected Which of the following is MOST likely the issue?

D. The DKIM private key has expired

NO.342 A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:

C. data protection capabilities.

B. logging and monitoring capabilities.

NO.344 As part of an organization's information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies?

B. Require all employees to attend updated security awareness training and sign an acknowledgement

A. Conduct a risk assessment based on the controls defined in the newly revised policies

C. Post the policies on the organization's intranet and provide copies of any revised policies to all active

D. Distribute revised copies of policies to employees and obtain a signed acknowledgement from them

NO.345 A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks. To BEST mitigate this risk, the analyst should use .

C. a firewall to isolate the lab network from all other networks.

A. an 802.11ac wireless bridge to create an air gap.

B. a managed switch to segment the lab into a separate VLAN.

D. an unmanaged switch to segment the environments from one another.

NO.346 An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?

A. Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.

B. Apply all firmware updates as soon as they are released to mitigate the risk of compromise.

C. Determine an annual patch cadence to ensure all patching occurs at the same time.

D. Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.

NO.347 The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYOD. Which of the following would a security analyst MOST likely recommend for securing the proposed solution?

B. A firewalled environment for client devices and a secure VDl for BYOO users

A. A Linux-based system and mandatory training on Linux for all BYOD users

C. A standardized anti-malware platform and a unified operating system vendor

D. 802.1X lo enforce company policy on BYOD user hardware

NO.348 Which of the following organizational initiatives would be MOST impacted by data severighty issues?

A. Moving to a cloud-based environment

B. Migrating to locally hosted virtual servers

C. Implementing non-repudiation controls

D. Encrypting local database queries

CySA + (301-350)

Authored by cysa cysa

Computers

Used 30+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

49 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.301 The security team decides to meet informally to discuss and test the response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform?

A. Tabletop exercise

B. Red-team attack

C. System assessment implementation

D. Blue-team training

E. White-team engagement

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.302 A company creates digitally signed packages for its devices. Which of the following BEST describes the method by which the security packages are delivered to the company's customers?

A. Trusted firmware updates

B. SELinux

C. eFuse

D. Anti-tamper mechanism

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.303 A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below:
Return-Path: <securitty@off1ce365.com>
Received: from [122.167.40.119]
Message-ID: <FE3638ACA.2020509@off1ce365.com>
Date:23 May 2020 11:40:36 -0400
From: security@off1ce365.com
X-Accept-Language: en-us,en
MIME-Version: 1.0
To: Paul Vieira <pvieira@company.com>
Subject: Account Lockout
Content- Type: HTML;
Office 365 User. It looks like you account has been locked out Please click this link and follow the pfompts to restore access Regards. Security Team Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT?

A. telnet office365.com 25

B. tracert 122.167.40.119

C. curl http:// accountfix-office365.com/login. php

D. nslookup accountfix-office365.com

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.304 A security is reviewing a vulnerability scan report and notes the following finding:
As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

A. Patch or reimage the device to complete the recovery

B. Restart the antiviruses running processes

C. Isolate the host from the network to prevent exposure

D. Confirm the workstation's signatures against the most current signatures.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.305 Which of the following software assessment methods would be BEST for gathering data related to an application's availability during peak times?

A. Security regression testing

B. Stress testing

C. Static analysis testing

D. Dynamic analysis testing

E. User acceptance testing

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.306 A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:
Based on the output, which of the following services should be further tested for vulnerabilities?

A. SSH

B. HTTP

C. SMB

D. HTTPS

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.307 A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:
Which of the following describes the output of this scan?

A. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.

B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.

C. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.

D. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

52 questions

Ôn tập cuối kì 2

Quiz

•

50 questions

USBN TIK KELAS 9A-9C

Quiz

•

9th Grade - University

50 questions

BASISDATA RPL

Quiz

•

12th Grade

50 questions

LATIHAN PAT INFORMATIKA KELAS X

Quiz

•

9th - 12th Grade

50 questions

Ôn tập HK II - TIN 8

Quiz

•

8th Grade

50 questions

UHB INFORMATIKA XI

Quiz

•

11th Grade

50 questions

Unit 3 - Connections

Quiz

•

1st Grade

48 questions

Tin 10_cấu trúc rẽ nhánh IF

Quiz

•

10th Grade

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

12 questions

Presidents' Day

Quiz

•

KG - 5th Grade

11 questions

FOREST Growth Mindset

Lesson

•

10 questions

THEME

Quiz

•

KG - University

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

10 questions

Add & Subtract Mixed Numbers with Like Denominators

Quiz

•

KG - University

10 questions

Long i- igh, ie, and y Quiz

Quiz

•

KG - 3rd Grade

10 questions

2D & 3D Shapes

Quiz

•

20 questions

Capitalization in sentences

Quiz

•

KG - 4th Grade

CySA + (301-350)

NO.301 The security team decides to meet informally to discuss and test the response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform?

NO.302 A company creates digitally signed packages for its devices. Which of the following BEST describes the method by which the security packages are delivered to the company's customers?

NO.304 A security is reviewing a vulnerability scan report and notes the following finding:As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

NO.305 Which of the following software assessment methods would be BEST for gathering data related to an application's availability during peak times?

NO.307 A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:Which of the following describes the output of this scan?

NO.308 According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found. Which of the following actions is the BEST option to fix the vulnerability in the source code?

NO.310 In web application scanning, static analysis refers to scanning:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

NO.304 A security is reviewing a vulnerability scan report and notes the following finding:
As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

NO.307 A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:
Which of the following describes the output of this scan?