EXAM # 3 | | 暗記メーカー

EXAM # 3 |

90問 • 7ヶ月前

問題一覧

Which of the following methods can be used to identify affected hosts in a system? (Choose THREE)

- Use a packet sniffer to monitor network traffic for signs of exploitation., - Use a network scanner to scan the network for hosts that are running vulnerable software., - Use a vulnerability scanner to scan the system for known vulnerabilities.

Which of the following is the default nmap scan type when you do not provide a flag when issuing the command?

- A TCP SYN scan

You're the cybersecurity manager at your company and have noticed that many tasks are being repeated daily and do not require any decision-making capabilities. Which of the following is the best course of action to increase operational efficiency?

- Automate the tasks using scripting or a SOAR platform

Review the network diagram provided. /// Which of the following ACL entries should be added to the firewall to allow only the Human Resources (HR) computer to have SMB access to the file server (Files)? /// (Note: The firewall in this network is using implicit deny to maintain a higher level of security. ACL entries are in the format of Source IP, Destination IP, Port Number, TCP/UDP, Allow/Deny.)

- 172.16.1.3, 192.168.1.12, 445, TCP, ALLOW

Which analysis framework makes no allowance for an adversary retreat in its analysis?

- Lockheed Martin cyber kill chain

You have been hired to investigate a possible insider threat from a user named Terri. Which command would you use to review all sudo commands ever issued by Terri (whose login account is terri and UID=1003) on a Linux system? (Select the MOST efficient command)

- journalctl _UID=1003 | grep sudo

You are a cybersecurity analyst investigating a potential network issue at your company. You suspect there is unusual traffic on your company's network. Which of the following tools would be most effective for capturing and analyzing network packets in real-time to investigate this issue?

- tcpdump

What type of information will a Cisco switch log be configured to capture logs at level 7?

- Debugging

Yoyodyne Systems has recently bought out its competitor, Whamiedyne Systems, which went out of business due to a series of data breaches. As a cybersecurity analyst for Yoyodyne, you are assessing Whamiedyne's existing applications and infrastructure. During your analysis, you discover the following URL is used to access an application: /// You change the URL to end with 12346 and notice that a different user's account information is now displayed. Which of the following type of vulnerabilities or threats have you discovered?

- Insecure direct object reference

During your review of the firewall logs, you notice that an IP address from within your company’s server subnet had been transmitting between 125 to 375 megabytes of data to a foreign IP address overnight each day. You have determined this has been occurring for approximately 5 days, and the affected server has since been taken offline for forensic review. Which of the following is MOST likely to increase the impact assessment of the incident?

- PII of company employees and customers was exfiltrated

Which analysis framework is essentially a repository of known IOCs with ties to known specific threats?

- OpenIOC

A new security appliance was installed on a network as part of a managed service deployment. The vendor controls the appliance, and the IT team cannot log in or configure it. The IT team is concerned about the appliance receiving the necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates?

- Vulnerability scanning

The security team from Kelly Nexis Analytics has detected the Apache Log4j vulnerability in JIRA. What is a practical method for the team to eliminate this vulnerability?

- Patching

Which of the following protocols is commonly used to collect information about CPU utilization and memory usage from network devices?

- SNMP

Your organization is a financial services company. You have a team of security analysts who are responsible for gathering and analyzing intelligence about potential threats to your organization. The analysts recently published a report that identifies a new threat actor who is targeting financial services companies. The report includes information about the threat actor's tactics, techniques, and procedures (TTPs). In which phase of the security intelligence cycle will this information be provided to those who need to act on it?

- Dissemination

In the post-incident activity phase of the incident management lifecycle, which activity involves a detailed and systematic examination of all evidence related to the incident, often with an eye to legal requirements and implications?

- Forensic analysis

Your company has created a baseline image for all of its workstations using Windows 10. Unfortunately, the image included a copy of Solitaire, and the CIO has created a policy to prevent anyone from playing the game on the company’s computers. You have been asked to create a technical control to enforce the policy (administrative control) that was recently published. What should you implement?

- Application blacklist

As a cybersecurity professional, you're reviewing a Python script used in your organization's automation process. You notice the following line of code: os.system('rm -rf /') What potential security concern does this line of code represent?

- Command Injection

A critical vulnerability has been identified in Kelly Nexis Analytic's primary database system, which contains sensitive customer data. It is known that this vulnerability has been exploited in similar systems by attackers. How should the organization's risk score for this vulnerability be set?

- High

In the aftermath of a ransomware attack at your company, you as the incident response manager have been asked to present a report to the executive team. They are particularly interested in a detailed analysis of how the attack happened and the key areas that allowed for it to occur. What part of your report should you focus on?

- Root cause analysis

a CVSS metric, which of the following is NOT one of the factors that comprise the base score for a given vulnerability?

- Authentication

You are reviewing a rule within your organization's IDS. You see the following output: /// Based on this rule, which of the following malicious packets would this IDS alert on?

- A malicious inbound TCP packet

Riaan's company runs critical web applications. During a vulnerability scan, Riaan found a serious SQL injection vulnerability in one of their web applications. The system cannot be taken offline to remediate the vulnerability. Which of the following compensating controls should Riaan recommend using until the system can be remediated?

- WAF

Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?

- OpenID Connect

Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly?

- Continuous deployment

A cybersecurity analyst is reviewing the communication logs of a public-facing application that accepts XML data from clients. During the review, the analyst encounters the following XML transaction in the logs: /// This is part of a larger XML request. Which of the following is MOST likely true based on this observation?

- The application is vulnerable to an XML External Entity attack

What is the primary purpose of the MITRE ATT&CK framework?

- Providing a knowledge base of tactics, techniques, and procedures used by attackers

You want to search all the logs using REGEX to alert on any findings where a filename contains the word "password" (regardless of case). For example, "PASSWORD.txt," "Password.log," or "password.xlsx" should cause the alert to occur. Once deployed, this search will be conducted daily to find any instances of an employee saving their passwords in a file that could be easily found by an attacker. Which of the following commands would successfully do this?

- grep -i password logfile.log

A cybersecurity analyst is reviewing the logs for his company's server and sees the following output: /// Based on this potential indicator of compromise (IoC), which of the following hypotheses should you make to begin threat hunting?

- Unauthorized privileges are being utilized

Which of the following vulnerabilities was the MOST critical due to its potential impact and exploitability?

- EternalBlue

Your company has just finished replacing all of its computers with brand-new workstations. Colleen, one of your coworkers, has asked the company's owner if she can have the old computers that are about to be thrown away. She would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computers’ hard drives might be placed at risk of exposure. The hard drives in these older computers are not encrypted and include a mix of HDDs and SSDs. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. Which of the following data destruction or sanitization methods do you recommend?

- Wiping

What SCAP component could be used to create a checklist to be used by different security teams within an organization and then report results in a standardized fashion?

- XCCDF

Your organization recently remediated a vulnerability associated with an outdated version of a web server software. However, in the subsequent vulnerability scan, the same vulnerability is flagged again. What does this scenario primarily suggest?

- Recurrence of the vulnerability

You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is within the backup file. Which of the following best explains why some of the data is missing?

- The backup is a differential backup

Syed is developing a vulnerability scanner program for a large network of sensors used to monitor his company's transcontinental oil pipeline. What type of network is this?

- SCADA

You are a security investigator at a high-security installation which houses significant amounts of valuable intellectual property. You are investigating the utilization of George's credentials and are trying to determine if his credentials were compromised or if he is an insider threat. In the break room, you overhear George telling a coworker that he believes he is the target of an ongoing investigation. Which of the following step in the preparation phase of the incident response was likely missed?

- Development of a communication plan

Will is using a device to copy signals from cabling to a monitor port. The device doesn't interfere with network traffic so it has lower visibility and won't prevent traffic from flowing if power to the device is lost. What type of tap is Will using?

- Passive

Dion Training is concerned with the possibility of employees accessing another user's workstation in secured areas without their permission. Which of the following would BEST be able to prevent this from happening?

- Require biometric identification for user logins

Which of the following is not considered a component that belongs to the category of identity management infrastructure?

- Human resource system

A cybercriminal has obtained detailed information about a company's IT infrastructure, including operating systems, hardware, and software used. The cybercriminal also knows the company's business hours, its employees, and even their email addresses. Which phase of the Cyber Kill Chain does this scenario represent?

- Reconnaissance

You were interpreting a Nessus vulnerability scan report and identified a vulnerability in the system with a CVSS attack vector rating of A. Based on this information, which of the following statements would be true?

- The attacker must have access to the local network that the system is connected to

A company's Service Level Objectives (SLOs) for vulnerability management specify that all critical vulnerabilities must be patched within 72 hours of discovery. Why might tracking this as a Key Performance Indicator (KPI) be important?

- It provides a quantifiable measure of the vulnerability management program's effectiveness

Dion Training is concerned with the possibility of a data breach causing a financial loss to the company. After performing a risk analysis, the COO decides to purchase data breach insurance to protect the company in an incident. Which of the following best describes the company's risk response?

- Transference

Your organization recently suffered a large-scale data breach. The hackers successfully exfiltrated the personal information and social security numbers of your customers from your network. The CEO notified law enforcement about the breach. They will assist with the investigation and conduct evidence collection so that the hackers can be brought up on charges. What actions should your organization take in response to this event?

- Ask a member of law enforcement to meet with your employee

A cybersecurity analyst conducts proactive threat hunting on a network by correlating and searching the Sysmon and Windows Event logs. The analyst uses the following query as part of their hunt: /// Based on the query above, which of the following potential indicators of compromise is the threat hunter relying on?

- Unauthorized softwar

Which of the following is a technique used in Secure Disposal?

- Degaussing

Which of the following are the two most important factors when determining a containment strategy? SELECT TWO

- Ensuring the safety and security of all personnel, - Prevention of an ongoing intrusion or data breach

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do?

- Change all devices and servers that support it to port 636 since encrypted services run by default on port 636

In the Cyber Kill Chain model, at which stage does an attacker deliver the actual working part of the attack?

- Exploitation

Judith is conducting a vulnerability scan of her data center. She notices that a management interface for a virtualization platform is exposed to her vulnerability scanner. Which of the following networks should the hypervisor's management interface be exposed to ensure the best security of the virtualization platform?

- Management network

A major cyber incident has occurred at your organization. As a part of the incident response team, you have been tasked with analyzing the incident, including who caused it, what systems were affected, when it occurred, where it originated from, and why it happened. What kind of report are you preparing?

- Incident response report

Which of the following is a senior role with the ultimate responsibility for maintaining confidentiality, integrity, and availability in a system?

- Data owner

Which security control would prevent unauthorized users from connecting to a company’s wireless network?

- NAC

Dion Training is hiring a penetration testing firm to conduct an assessment of its corporate network. As part of the contract, the company has specified that it will not provide any network details to the penetration testing firm. Instead, the company wants to see how much information about the network can be found by the penetration testers using open-source research and scanning the corporate network. What type of assessment is this considered?

- Black box

How could a company's reluctance to interrupt its business processes potentially impact its vulnerability management?

- Leading to postponed or overlooked system updates and patches

Your organization has identified a threat actor offering stolen customer data for sale on a dark web forum. In this situation, what course of action might your threat intelligence team be expected to take?

- Alerting the incident response team and working with them to mitigate any potential harm

In the Cyber Kill Chain, which phase involves the payload establishing a foothold on the compromised system, such as creating a backdoor?

- Installation

An SNMP sweep is being conducted, but the sweep receives no-response replies from multiple addresses that are believed to belong to active hosts. What does this indicate to a cybersecurity analyst?

- Any listed answers may be true

You are deploying OpenSSL in your organization and must select a cipher suite. Which of the following ciphers should NOT be used with OpenSSL?

- DES

You are conducting a static code analysis of a Java program. Consider the following code snippet: /// Based on the code above, what type of secure coding practice is being used?

- Parameterized queries

Which of the following functions is not provided by a TPM?

- User authentication

You have been hired as a cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank's cybersecurity program?

- GLBA

You have just completed writing the scoping document for your next penetration test, which clearly defines what tools, techniques, and targets you intend to include during your assessment. Which of the following actions should you take next?

- Get leadership concurrence on the scoping document

Dion Consulting Group has been hired to analyze the cybersecurity model for a new videogame console system. The manufacturer's team has come up with four recommendations to prevent intellectual property theft and piracy. As the cybersecurity consultant on this project, which of the following would you recommend they implement first?

- Ensure that all each individual console has its own unique key for decrypting individual licenses and tracking which console has purchased which game

Which of the following has occurred if a device fails to activate because it has detected an unknown modification?

- Self-checking

You are a cybersecurity analyst who has been given the output from a system administrator's Linux terminal. Based on the output provided, which of the following statements is correct?

- Your email server is running on a non-standard port

Dion Consulting Group has just won a contract to provide updates to an employee payroll system originally written years ago in C++. During your assessment of the source code, you notice the command "strcpy" is being used in the application. Which of the following provides is cause for concern, and what mitigation would you recommend to overcome it?

- strcpy could allow a buffer overflow to occur; upgrade the operating system to run ASLR to prevent a buffer overflow

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL: /// What type of attack has likely occurred?

- Directory traversal

What techniques are commonly used by port and vulnerability scanners to identify the services running on a target system?

- Banner grabbing and comparing response fingerprints

Which of the following measures can help prevent a buffer overflow vulnerability?

- Input validation

The 2018 Drupalgeddon2 incident saw hackers actively exploiting a highly critical vulnerability (CVE-2018-7600) in Drupal content management system. Which version of Drupal's security patch would have remedied this vulnerability?

- Drupal 7.58/8.5.1

During the SolarWinds supply chain attack, the hacking group, believed to be APT29 or Cozy Bear, orchestrated a sophisticated campaign against several high-profile targets. In the context of the Diamond Model of Intrusion Analysis, who does this group represent?

- Adversary

You are in the recovery steps of an incident response. Your analysis revealed that the attacker exploited an unpatched vulnerability on a public-facing web server as the initial intrusion vector in this incident. Which of the following mitigations should be implemented first during the recovery?

- Scan the network for additional instances of this vulnerability and patch the affected assets

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

- Infrastructure as Code (IaC)

You've been hired as a security consultant for a small business that operates a single, isolated network with no internet connection. Given the isolated nature of the network, which of the following attack vectors should you primarily be concerned about?

- Insider threats

As part of the preparation phase of the incident management lifecycle, which component involves regularly educating the workforce about potential incidents, how to recognize them, and how to respond?

- Training

Which of the following is NOT a host-related indicator of compromise?

- Beaconing

In a scenario where your company's web server cannot be patched due to compatibility issues with essential applications, what should be the primary action when deviations from the secure configuration baseline are detected?

- Implement compensating controls

During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team?

- DLP

What role does the red team perform during a tabletop exercise (TTX)?

- Adversary

James, a programmer at Apple Computers, is surfing the internet on his lunch break. He comes across a rumor site focused on providing details of the upcoming iPhone being released in a few months. James knows that Apple likes to keep its product details a secret until it is publicly announced. As James is looking over the website, he sees a blog post with an embedded picture of a PDF containing detailed specifications for the next iPhone and labeled “Proprietary Information – Internal Use Only.” The new iPhone is still several months away from release. What should James do next?

- Contact the service desk or incident response team to determine what to do next

A small tech company is collaborating with a larger corporation on a joint project. They have signed a Memorandum of Understanding (MOU) that limits the small company's access to certain systems. How could this potentially inhibit the remediation of vulnerabilities?

- The MOU may limit their ability to identify and address vulnerabilities in the shared systems

You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?

- Jumpbox

A cybersecurity analyst reviews the logs of a proxy server and saw the following URL: /// Which of the following is true about the results of this search?

- Returns all web pages containing an email address affiliated with diontraining.com

You are troubleshooting a network connectivity issue and need to determine the packet's flow path from your system to the remote server. Which of the following tools would best help you identify the path between the two systems?

- tracert

Which of the following vulnerability scanning tools would be used to conduct a web application vulnerability assessment?

- Nikto

A cybersecurity analyst is preparing to run a vulnerability scan on a dedicated Apache server that will be moved into a DMZ. Which of the following vulnerability scans is most likely to provide valuable information to the analyst?

- Web application vulnerability scan

In preparation for potential incidents, an organization works on a specific plan to ensure critical business functions can continue during and after a disruptive incident. This important activity in the incident management lifecycle is known as what?

- Business continuity disaster recovery planning

While conducting a static analysis source code review of a program, you see the following line of code: /// What is the issue with the largest security issue with this line of code?

- An SQL injection could occur because input validation is not being used on the id parameter

In your role as a cybersecurity consultant, your client wants to augment their authentication protocols to boost security while reducing the reliance on traditional passwords. Which authentication strategy would BEST meet these requirements?

- Authentication Tokens

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )