23 ) SY EX. 7 | COMPLETE | 暗記メーカー

23 ) SY EX. 7 | COMPLETE

90問 • 5ヶ月前

問題一覧

///////////////////// Bohai is concerned about access to the main account for a cloud service that his company uses to manage payment transactions. He decides to implement a new process for multifactor authentication to that account where an individual on the IT team has the password to the account, while an individual in the accounting group has the token. What security principle is Bohai using?

- Dual control

Tina is preparing for a penetration test and is working with a new vendor. She wants to make sure that the vendor understands exactly what technical activities are permitted within the scope of the test. Where should she document these requirements?

- RoE

Azra is reviewing a draft of the Domer Doodads information security policy and finds that it contains the following statements. Which one of these statements would be more appropriately placed in a different document?

- All access to financial systems must use multifactor authentication for remote connections.

Which one of the following security policy framework documents never includes mandatory employee compliance?

- Guideline

Kaitlyn is on the red team during a security exercise, and she has a question about whether an activity is acceptable under the exercise's rules of engagement. Who would be the most appropriate person to answer her question?

- White team leader.

Seamus also consulted with his threat management vendor, who considered the probability of a successful attack against his organization and determined that there is a 10 percent chance of a successful attack in the next 12 months. 295. What is the ARO for this assessment?

- 10 percent

Questions 295-299 refer to the following scenario. Seamus is conducting a business impact assessment for his organization. He is attempting to determine the risk associated with a denial-of-service attack against his organization's datacenter. Seamus consulted with various subject-matter experts (SMEs) and determined that the attack would not cause any permanent damage to equipment, applications, or data. The primary damage would come in the form of lost revenue. Seamus believes that the organization would lose $75,000 in revenue during a successful attack. Seamus also consulted with his threat management vendor, who considered the probability of a successful attack against his organization and determined that there is a 10 percent chance of a successful attack in the next 12 months. 296. What is the SLE for this scenario?

- $75,000

- $7,500

- Preventive

- Technical

Questions 300 and 301 refer to the following scenario: Piper's organization handles credit card information and is, therefore, subject to the Payment Card Industry Data Security Standard (PCI DSS). She is working to implement the PCI DSS requirements. 300. As Piper attempts to implement PCI DSS requirements, she discovers that she is unable to meet one of the requirements because of a technical limitation in her point-of-sale system. She decides to work with regulators to implement a second layer of logical isolation to protect this system from the Internet to allow its continued operation despite not meeting one of the requirements. What term best describes the type of control Piper has implemented?

- Compensating control

- Risk mitigation

Ruth is helping a business leader determine the appropriate individuals to consult about sharing information with a third-party organization. Which one of the following policies would likely contain the most relevant guidance for her?

- Data ownership policy

Samantha is investigating a cybersecurity incident where an internal user used his computer to participate in a denial-of-service attack against a third party. What type of policy was most likely violated?

- AUP

Ryan is compiling a list of allowable encryption algorithms for use in his organization. What type of document would be most appropriate for this list?

- Standard

During the design of an identity and access management authorization scheme, Katie took steps to ensure that members of the security team who can approve database access requests do not have access to the database themselves. What security principle is Katie most directly enforcing?

- Separation of duties

Which one of the following controls is useful to both facilitate the continuity of operations and serve as a deterrent to fraud?

- Cross-training

Which one of the following requirements is often imposed by organizations as a way to achieve their original control objective when they approve an exception to a security policy?

- Compensating control

Berta is reviewing the security procedures surrounding the use of a cloud-based online payment service by her company. She set the access permissions for this service so that the same person cannot add funds to the account and transfer funds out of the account. What security principle is most closely related to Berta's action?

- Separation of duties

Thomas found himself in the middle of a dispute between two different units in his business that are arguing over whether one unit may analyze data collected by the other. What type of policy would most likely contain guidance on this issue?

- Data ownership policy

Mara is designing a new data mining system that will analyze access control logs for signs of unusual login attempts. Any suspicious logins will be automatically locked out of the system. What type of control is Mara designing?

- Technical control

Which one of the following elements is least likely to be found in a data retention policy?

- Classification of information elements

Kevin leads the IT team at a small business and does not have a dedicated security team. He would like to develop a security baseline of his organization's system configurations but does not have a team of securitv experts available to assist him. Which of the following is the most appropriate tool for Kevin to use?

- Vulnerability scanning tool

Jenna is helping her organization choose a set of security standards that will be used to secure a variety of operating systems. She is looking for industry guidance on the appropriate settings to use for Windows and Linux systems. Which one of the following tools will serve as the best resource?

- CIS benchmarks

Linda is attempting to configure Angry IP Scanner on her Linux scanning workstation and is receiving errors about missing required software. What component must be installed prior to using Angry IP Scanner?

- Java

Chris is investigating a malware outbreak and would like to reverse engineer the code. Which one of the following tools is specifically designed for this task?

- Immunity debugger

Jim is working with a penetration testing contractor who proposes using Metasploit as part of his penetration testing effort. What should Jim expect to occur when Metasploit is used?

- Systems will have known vulnerabilities exploited.

Which one of the following best describes recon-ng as a security tool?

- Web application reconnaissance tool

Ashley is investigating an attack that compromised an account of one of her users. In the attack, the attacker forced the submission of an authenticated request to a third-party site by exploiting trust relationships in the user's browser. What type of attack most likely took place?

- CSRF

Juanita is a cybersecurity professional who works with data scientists at a company that uses machine learning (ML) models to predict customer behavior. She believes that their work has been the target of a data poisoning attack. Which of the following actions should she take to address the situation?

- Remove affected data from the training dataset and generate a new model.

Joshua is concerned about insecure software design practices and is developing a software threat modeling program for his organization. Which of the following is not an appropriate goal for this program?

- To reduce the number of threat vectors

Gavin works as a cybersecurity analyst and notices that issues continually arise in his organization where system administrators modify system configuration files without providing advance notice to other teams. In several situations, this resulted in a security misconfiguration. What control would best prevent these issues from recurring in the future?

- Change management program

Brenda maintains a web application and learned that the application contains a remote code execution vulnerability that is triggered by sending a carefully crafted message to a logging service that runs on the underlying server. What action should Brenda take to best address this risk?

- Check for and apply patches from the logging vendor.

Viola is analyzing an attack that occurred against her organization. The attacker was able to manipulate a web application to displav a confidential data file that was stored on the server by traversing the directory structure in the URL. What term best describes this type of attack?

- Local file inclusion

Melissa is concerned that users in her organization are connecting to corporate systems over insecure networks and begins a security awareness campaign designed to encourage them to use the VPN. What category of control has Melissa implemented?

- Managerial

The company Chris works for has notifications posted at each door reminding employees to be careful not to allow people to enter when they do. Which type of control is this?

- Preventive

Kevin has discovered a security vulnerability in one of his organization's business-critical systems. He evaluates the situation and determines that it presents a low risk to the organization but would like to correct it. There is a patch available from the vendor. When should Kevin plan to apply the patch?

- During the next scheduled maintenance window

Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option?

- Encrypting the database contents

Isabelle wants to prevent privilege escalation attacks via her organization's service accounts. Which of the following security practices is best suited to this?

- Remove unnecessary rights.

Brandon is validating the security of systems and devices in his organization, but he is permitted to use only passive techniques. Which one of the following actions would be considered passive discovery?

- Monitoring network traffic and analyzing the contents for signs of unpatched systems and applications

Ryan's organization wants to ensure that proper account management is occurring but does not have a central identity and access management tool in place. Ryan has a limited amount of time to do his verification process. What is his best option to test the account management process as part of an internal audit?

- Validate a random sample of accounts.

Which one of the following security testing programs is designed to attract the participation of external testers and incentivize them to uncover security flaws?

- Bug bounty

Frank's team is testing a new API that his company's developers have built for their application infrastructure. Which of the following is not a common API issue that you would expect Frank's team to find?

- Improper encryption

Ryan is considering the use of fuzz testing in his web application testing program. Which one of the following statements about fuzz testing is true?

- Fuzzers may not fully cover the code.

Consider the threat modeling analysis shown here. What attack framework was used to develop this analysis?

- Diamond

As part of an organization-wide red team exercise, Frank is able to use a known vulnerability to compromise an Apache web server. Frank knows that the Apache service is running under a limited user account. Once he has gained access, what should his next step be if he wants to use the system to pivot to protected systems behind the screened subnet (DMZ) that the web server resides in?

- Privilege escalation

Helen is using the Lockheed Martin Cyber Kill Chain to analyze an attack that took place against her organization. During the attack, the perpetrator attached a malicious tool to an email message that was sent to the victim. What phase of the Cyber Kill Chain includes this type of activity?

- Delivery

Betty wants to review the security logs on her Windows workstation. What tool should she use to do this?

- Event Viewer

The ATT&CK framework defines which of the following as "the specifics behind how the adversary would attack the target?"

- The attack vector

Jamal wants to leverage a framework to improve his threat hunting for network defense. What threat-hunting framework should he select to help his team categorize and analyze threats more effectively?

- MITRE ATT&CK

Maria is an Active Directory domain administrator for her company, and she knows that a quickly spreading botnet relies on a series of domain names for command and control and that preventing access to those domain names will cause the malware infection that connects to the botnet to fail to take further action. Which of the following actions is her best option if she wants to prevent offsite Windows users from connecting to botnet command-and-control systems?

- Modify the hosts file.

While attempting to stop a rogue service, Monica issues the following Linux command on an Ubuntu system using upstart: service rogueservice stop After a reboot, she discovers the service running again. What happened, and what does she need to do to prevent this?

- The service restarted at reboot, so she should add an override file to stop the service from starting.

Questions 9-12 refer to the following scenario and image. Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Aug 30 09:46:54 ip-172-30-0-62 sshd30511: Accepted publickey for ec2-user from 10.174.238.88 port 57478 ssh2: RSA e5:5:1:46:bb:49:a1:43:da:9d:50:05:37:bd:79:22 Aug 30 09:46:54 ip-172-30-0-62 ssh[3051]: pam unix[sshd:session]: session opened for user ec2-user by (uid=0) Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY=pS/ 0 ; PWD=/home/ec2-user ; USER=root; COMMAND=/bin/bash 9. What is the IP address of the system where the user was logged in when they initiated the connection?

- 10.174.238.88

Questions 9-12 refer to the following scenario and image. Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Aug 30 09:46:54 ip-172-30-0-62 sshd30511: Accepted publickey for ec2-user from 10.174.238.88 port 57478 ssh2: RSA e5:5:1:46:bb:49:a1:43:da:9d:50:05:37:bd:79:22 Aug 30 09:46:54 ip-172-30-0-62 ssh[3051]: pam unix[sshd:session]: session opened for user ec2-user by (uid=0) Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY=pS/ 0 ; PWD=/home/ec2-user ; USER=root; COMMAND=/bin/bash 10. What service did the user use to connect to the server?

- SSH

Questions 9-12 refer to the following scenario and image. Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Aug 30 09:46:54 ip-172-30-0-62 sshd30511: Accepted publickey for ec2-user from 10.174.238.88 port 57478 ssh2: RSA e5:5:1:46:bb:49:a1:43:da:9d:50:05:37:bd:79:22 Aug 30 09:46:54 ip-172-30-0-62 ssh[3051]: pam unix[sshd:session]: session opened for user ec2-user by (uid=0) Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY=pS/ 0 ; PWD=/home/ec2-user ; USER=root; COMMAND=/bin/bash 11. What authentication technique did the user use to connect to the server?

- PKI

Questions 9-12 refer to the following scenario and image. Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Aug 30 09:46:54 ip-172-30-0-62 sshd30511: Accepted publickey for ec2-user from 10.174.238.88 port 57478 ssh2: RSA e5:5:1:46:bb:49:a1:43:da:9d:50:05:37:bd:79:22 Aug 30 09:46:54 ip-172-30-0-62 ssh[3051]: pam unix[sshd:session]: session opened for user ec2-user by (uid=0) Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY=pS/ 0 ; PWD=/home/ec2-user ; USER=root; COMMAND=/bin/bash 12. What account did the individual use to connect to the server?

- ec2-user

Alaina adds the openphish URL list to her SOAR tool and sees the following entries: http://13.126.65.8/DocExaDemo/uploads/ index.php/bofa/bofa/95843de35406£3cab0b2dcf2b/ success.htm http://13.126.65.8/DocExaDemo/uploads/ index.php/bofa/bofa/9b094075409d3a723c7ee3d9e/ sitekey.php http://13.126.65.8/DocExaDemo/uploads/ index.php/bofa/bofa/9b094075409d3a723c7ee3d9e/ success.htm http://13.126.65.8/DocExaDemo/uploads/ index.php/bofa/bofa/9b094075409d3a723c7ee3d9e/ http://13.126.65.8/DocExaDemo/uploads / index.php/bofa/bofa/95843de35406f3cab0b2dcf2b/ http://13.126.65.8/DocExaDemo/uploads/ index.php/bofa/bofa/95843de35406f3cab0b2dcf2b/ sitekey.php What action should she take based on phishing URLs like these?

- Delete emails with the URL from inbound email.

Rowan wants to block drive-by-downloads and bot command-and-control channels while redirecting potentially impacted systems to a warning message. What should she implement to do this?

- A DNS sinkhole

- No impact to services

Use the following table and rating information for questions 15-17. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) uses a 1-100 scale for incident prioritization, with weight assigned to each of a number of categories. The functional impact score is weighted in their demonstration as follows: 16. Nathan's organization uses a software-as-a-service (SaaS) tool to manage their customer mailing lists, which they use to inform customers of upcoming sales a week in advance. The organization's primary line of business software continues to function and merchandise can be sold. Because of a service outage, they are unable to add new customers to the list for a full business day. How should Nathan rate this local impact issue during the outage?

- Denial of noncritical services

- Denial of critical services or loss of contro

Melissa is using the US-CERT's scale to measure the impact of the location of observed activity by a threat actor. Which of the following should be the highest rated threat activity location?

- Safety systems

Derek's organization has been working to recover from a recent malware infection that caused outages across the organization during an important part of their business cycle. To properly triage, what should Derek pay the most attention to first?

- The immediate impact on operations so that his team can restore functionality

Jeff discovers multiple JPEG photos during his forensic investigation of a computer involved in an incident. When he runs exiftool to gather file metadata, which information is not likely to be part of the images even if they have complete metadata intact?

- Number of copies made

John has designed his network as shown here and places untrusted svstems that want to connect to the network into the Guests network segment. What is this type of segmentation called?

- Proactive network segmentation

The organization that Jamal works for classifies security related events using NIST's standard definitions. Which classification should he use when he discovers key logging software on one of his frequent business travelers' laptop?

- A security incident

Dan is designing a segmented network that places systems with different levels of security requirements into different subnets with firewalls and other network security devices between them. What phase of the incident response process is Dan in?

- Preparation

Lauren wants to create a backup of Linux permissions before making changes to the Linux workstation she is attempting to remediate. What Linux tool can she use to back up the permissions of an entire directory on the system?

- She can use getfacl.

While working to restore systems to their original configuration after a long-term APT compromise, Manish has three options. A. He can restore from a backup and then update patches on the system. B. He can rebuild and patch the system using original installation media and application software using his organization's build documentation. C. He can remove the compromised accounts and rootkit tools and then fix the issues that allowed the attackers to access the systems. Which option should Manish choose in this scenario?

- Option B.

Jessica wants to access a macOS FileVault 2-encrypted drive. Which of the following methods is not a possible means of unlocking the volume?

- Change the File Vault key using a trusted user account.

Susan discovers the following log entries that occurred within seconds of each other in her Squert (a Sguil web interface) console. What have her network sensors most likely detected?

- A port scan

If Suki wants to purge a drive, which of the following options will accomplish her goal?

- Cryptographic erase

While performing post-rebuild validation efforts, Scott scans a server from a remote network and sees no vulnerabilities. Joanna, the administrator of the machine, runs a scan and discovers two critical vulnerabilities and five moderate issues. What is most likely causing the difference in their reports?

- There is a firewall between the remote network and the server.

As part of his organization's cooperation in a large criminal case, Adam's forensic team has been asked to send a forensic image of a highly sensitive compromised system in RAW format to an external forensic examiner. What steps should Adam's team take prior to sending a drive containing the forensic image?

- Encrypt the RAW file and transfer a hash and key under separate cover.

Mika wants to analyze the contents of a drive without causing any changes to the drive. What method is best suited to ensuring this?

- Use a write blocker.

What type of forensic investigation-related form is shown here?

- Chain of custody

James wants to determine whether other Windows systems on his network are infected with the same malware package that he has discovered on the workstation he is analyzing. He has removed the system from his network by unplugging its network cable, as required by corporate policy. He knows that the system has previously exhibited beaconing behavior and wants to use that behavior to identify other infected systems. How can he safely create a fingerprint for this beaconing without modifying the infected system?

- Plug the system into an isolated switch and use a span port or tap and Wireshark/tcpdump to capture traffic.

After completing an incident response process and providing a final report to management, what step should Casey use to identify improvement to her incident response plan?

- Conduct a lessons learned session.

During a forensic investigation, Lukas discovers that he needs to capture a virtual machine that is part of the critical operations of his company's website. If he cannot suspend or shut down the machine for business reasons, what imaging process should he follow?

- Copy the virtual disk files and then use a memory capture tool.

Mika, a computer forensic examiner, receives a PC and its peripherals that were seized as forensic evidence during an investigation. After she signs off on the chain of custody log and starts to prepare for her investigation, one of the first things she notes is that each cable and port was labeled with a color-coded sticker by the onsite team. Why are the items labeled like this?

- To ensure correct reassembly

While reviewing her Nagios logs, Selah discovers the error message shown here. What should she do about this error?

- Review the Apache error log.

Lakshman needs to sanitize hard drives that will be leaving his organization after a lease is over. The drives contained information that his organization classifies as sensitive data that competitors would find valuable if they could obtain it. Which choice is the most appropriate to ensure that data exposure does not occur during this process?

- Purge, validate, and document.

Selah is preparing to collect a forensic image for a Macintosh computer running the Ventura operating system. What hard drive format is she most likely to encounter ?

- APFS

During a forensic analysis of an employee's computer as part of a human resources investigation into misuse of company resources, Tim discovers a program called Eraser installed on the PC. What should Tim expect to find as part of his investigation?

- Antiforensic activities

Jessica wants to recover deleted files from slack space and needs to identify where the files begin and end. What is this process called?

- Data carving

Latisha is the IT manager for a small company and occasionally serves as the organization's information security officer. Who would be the most appropriate leader for her organization's CSIRT?

- She should select herself.

During her forensic analysis of a Windows system, Cynthia accesses the registry and checks \ \HKEY LOCAL MACHINE\SOFTWARE\Microsoft \Windows-NT\CurrentVersion \Winlogin (as shown here). What domain was the system connected to, and what was the username that would appear at login?

- No domain, administrator

Alex suspects that an attacker has modified a Linux executable using static libraries. Which of the following Linux commands is best suited to determining whether this has occurred?

- file

Because of external factors, Eric has only a limited time period to collect an image from a workstation. If he collects only specific files of interest, what type of acquisition has he performed?

- Logical

//////////////// During a forensic investigation, Kwame records information about each drive, including where it was acquired, who made the forensic copy, the MD5 hash of the drive, and other details. What term describes the process Kwame is using as he labels evidence with details of who acquired and validated it?

- Chain of custody

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )