A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevance of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base score provided?

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L - Base Score 7.2

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H - Base Score 6.4

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L - Base Score 6.5

A security analyst is reviewing the findings of the latest vulnerability report for a company's web application. The web application accepts files for a Bash script to be processed if the files match a hash. The analyst is able to submit files to the system due to a hash collision. Which of the following should the analyst suggest to mitigate the vulnerability with the fewest changes to the current script and infrastructure?

Replace the current MD5 with SHA-256.

Deploy a WAF to the front of the application.

Deploy an antivirus application on the hosting system.

Replace the MD5 with digital signatures.

A security analyst needs to mitigate a known, exploited vulnerability related to an attack vector that embeds software through the USB interface. Which of the following should the analyst do first?

Check configurations to determine whether USB ports are enabled on company assets.

Conduct security awareness training on the risks of using unknown and unencrypted USBs.

Write a removable media policy that explains that USBs cannot be connected to a company asset.

Review logs to see whether this exploitable vulnerability has already impacted the company.

CYSA 21-30

Authored by Eric Nelson

Computers

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business?

Perform a tabletop drill based on previously identified incident scenarios.

Simulate an incident by shutting down power to the primary data center.

Migrate active workloads from the primary data center to the secondary location.

Compare the current plan to lessons learned from previous incidents.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?

Shut down the server.

Reimage the server.

Quarantine the server.

Update the OS to latest version.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first?

CVSSv3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSSv3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MULTIPLE SELECT QUESTION

30 sec • 1 pt

A security analyst must review a suspicious email to determine its legitimacy. Which of the following should be performed? (Choose two.)

Evaluate scoring fields, such as Spam Confidence Level and Bulk Complaint Level

Review the headers from the forwarded email

Examine the recipient address field

Examine the SPF, DKIM, and DMARC fields from the original email

Review the Content-Type header

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation?

Multifactor authentication

Password changes

System hardening

Password encryption

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following best describes the remediation that could reduce the impact of this situation?

Integrate an IT service delivery ticketing system to track remediation and closure

Create a compensating control item until the system can be fully patched

Accept the risk and decommission current assets as end of life

Request an exception and manually patch each system

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following would help an analyst to quickly find out whether the IP address in a SIEM is a known-malicious IP address?

Join an information sharing and analysis center specific to the company's industry

Upload threat intelligence to the IPS in STIX/TAXII format

Add data enrichment for IPs in the ingestion pipeline

Review threat feeds after viewing the SIEM alert

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

4.6.4 Logic Gates

Quiz

•

10th Grade - Professi...

10 questions

Big Data Analytics - Week 2 (Data storage)

Quiz

•

University - Professi...

13 questions

Guess the Video Game Pets 1

Quiz

•

KG - Professional Dev...

11 questions

Wealth Showcases - VII

Quiz

•

Professional Development

10 questions

C++Quiz#1

Quiz

•

Professional Development

13 questions

Five Nights At Freddy's: Security Breach Quiz

Quiz

•

KG - Professional Dev...

10 questions

all star

Quiz

•

Professional Development

10 questions

Handling sensitve information on conference calls

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development