2 ) EX. 1 | COMPLETE | 暗記メーカー

2 ) EX. 1 | COMPLETE

90問 • 6ヶ月前

問題一覧

A data breach has occurred in your company. It is determined that customer information was compromised, leading to a loss of trust among your client base. What type of communication would be most suitable to manage this crisis?

- Customer communication

Your organization is concerned about potential leaks of sensitive data. Which technology should be deployed to identify and prevent unauthorized access to such data?

- DLP

You are working as a cybersecurity analyst, and you just received a report that many of your servers are experiencing slow response times due to what appears to be a DDoS attack. Which of the following actions should you undertake?

- Inform management of the issue being experienced

You have evidence to believe that an attacker was scanning your network from an IP address at 172.16.1.224. This network is part of a /26 subnet. You wish to quickly filter through several logs using a REGEX for anything that came from that subnet. What REGEX expression would provide the appropriate output when searching the logs for any traffic originating from only IP addresses within that subnet?

- \b172\.16\.1\.(25[0-5]|2[0-4][0-9]|19[2-9])\b

An analyst just completed a port scan and received the following results of open ports: ////////////////// Based on these scan results, which of the following services are NOT currently operating?

- SSH

Your organization’s primary operating system vendor just released a critical patch for your servers. Your system administrators have recently deployed this patch and verified the installation was successful. This critical patch was designed to remediate a vulnerability that can allow a malicious actor to execute code on the server over the Internet remotely. You ran a vulnerability scan of the network and determined that all servers are still being reported as having the vulnerability. You verified all your scan configurations are correct. Which of the following might be the reason that the scan report still showing the servers as vulnerable? (SELECT ALL THAT APPLY)

- This critical patch did not remediate the vulnerability, - The vulnerability assessment scan is returning a false positive

What regulation protects the privacy of student educational records?

- FERPA

Your company has been contracted to develop an Android mobile application for a major bank. You have been asked to verify the security of the Java function's source code below: ////////// Which of the following vulnerabilities exist in this application's authentication function based solely on the source code provided?

- The function is using hard-coded credentials to verify the password entered by the user

Your organization has identified several vulnerabilities in your system. The IT team is overwhelmed and unsure how to start addressing these issues while maintaining regular operations. What should be the primary strategy to manage this situation?

- Proper Scheduling of Patching and Vulnerability Mitigation

The 2014 Heartbleed bug was a serious vulnerability in OpenSSL. Which OpenSSL version was released to fix the Heartbleed bug?

- OpenSSL 1.0.1g

Which of the following types of encryption would ensure the best security of a website?

- TLS

Which type of threat actor can accidentally or inadvertently cause a security incident in your organization?

- Insider threat

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?

- VLAN

An analyst's vulnerability scanner did not have the latest set of signatures installed. Due to this, several unpatched servers may have vulnerabilities that were undetected by their scanner. You have directed the analyst to update their vulnerability scanner with the latest signatures at least 24 hours before conducting any scans. However, the results of their scans still appear to be the same. Which of the following logical controls should you use to address this situation?

- Create a script to automatically update the signatures every 24 hours

Which of the following terms refers to the specific machines or systems that are impacted by a vulnerability?

- Affected Hosts

A penetration tester is conducting an assessment of a wireless network that is secure using WPA2 Enterprise encryption. Which of the following are major differences between conducting reconnaissance of a wireless network versus a wired network? (SELECT TWO)

- Physical accessibility, - Encryption

Your cybersecurity team has been overwhelmed with routine security tasks, and their ability to respond quickly to new threats or vulnerabilities has been compromised. What strategy can you adopt to improve the efficiency of your security operations?

- Standardize processes and automate tasks

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL, ///////// What type of attack has likely occurred?

- SQL injection

Which of the following would an adversary do during the 'exploitation phase' of the Lockheed Martin kill chain? (SELECT THREE)

- Wait for a malicious email attachment to be opened, - Take advantage of a software, hardware, or human vulnerability, - Wait for a user to click on a malicious link

Jorge is working with an application team to remediate a critical SQL injection vulnerability on a public-facing server. The team is worried that deploying the fix will require several hours of downtime and block customer transactions from being completed by the server. Which of the following is the BEST action for Jorge to recommend?

- Schedule an emergency maintenance for an off-peak time later in the day to remediate the vulnerability

During your annual cybersecurity awareness training in your company, the instructor states that employees should be careful about what information they post on social media. According to the instructor, if you post too much personal information on social media, such as your name, birthday, hometown, and other personal details, it is much easier for an attacker to conduct which type of attack to break your passwords?

- Cognitive password attack

What remediation strategies are the MOST effective in reducing the risk to an embedded ICS from a network-based compromise? (Select TWO)

- Disabling unused services, - Segmentation

Which of the following is the leading cause for cross-site scripting, SQL injection, and XML injection attacks?

- Faulty input validation

Rory is about to conduct forensics on a virtual machine. Which of the following processes should be used to ensure that all of the data is acquired forensically?

- Suspend the machine and copy the contents of the directory it resides in

During an assessment of the POS terminals that accept credit cards, a cybersecurity analyst notices a recent Windows operating system vulnerability exists on every terminal. Since these systems are all embedded and require a manufacturer update, the analyst cannot install Microsoft's regular patch. Which of the following options would be best to ensure the system remains protected and are compliant with the rules outlined by the PCI DSS?

- Identify, implement, and document compensating controls

What describes the infrastructure needed to support the other architectural domains in the TOGAF framework?

- Technical architecture

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URLs: ////// What type of vulnerability does this website have?

- Insecure direct object reference

The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?

- Router and switch-based MAC address reporting

Which of the following scan types are useful for probing firewall rules?

- TCP ACK

Raj is working to deploy a new vulnerability scanner for an organization. He wants to verify the information he gets is the most accurate view of the configurations on the organization's traveling salespeople's laptops to determine if any configuration issues could lead to new vulnerabilities. Which of the following technologies would work BEST to collect the configuration information in this situation?

- Agent-based scanning

What information should be recorded on a chain of custody form during a forensic investigation?

- Any individual who worked with evidence during the investigation

Referencing the infamous WannaCry ransomware attack, where the attackers exploited a vulnerability in Microsoft’s SMB protocol using an NSA tool known as EternalBlue, which phase of the Cyber Kill Chain involves the creation and preparation of this exploit for use in the attack?

- Weaponization

In the infamous Equifax data breach, which phase of the Cyber Kill Chain was represented when the attackers exploited the Apache Struts vulnerability to gain access to Equifax's system?

- Exploitation

Your organization has recently suffered a security incident that has resulted in significant downtime and financial loss. The executive management is now keen on understanding the timeline of the incident - when it was first detected, how long it took to respond, and how long it took to remediate. What metrics would be best suited for this purpose?

- Mean time to detect (MTTD), mean time to respond (MTTR), and mean time to remediate (MTTR)

Tierra works as a cybersecurity analyst for a large multi-national oil and gas company. She responds to an incident at her company in which their public-facing web server has been defaced with the words, “Killers of the Arctic.” She believes this was done in response to her company’s latest oil drilling project in the Arctic Circle. Which threat actor is most likely to blame for the website defacement?

- Hacktivist

After a major ransomware attack on your organization, a comprehensive review process is initiated. This review involves dissecting the incident to identify what went wrong, what went well, and what steps can be taken to prevent such an event from happening again in the future. What is the term used for this critical part of the post-incident phase?

- Lessons learned

In the 2017 Equifax breach, the credit reporting company itself had vast amounts of sensitive personal data of consumers exposed due to a flaw in their Apache Struts web-application software. In the context of the Diamond Model of Intrusion Analysis, who does Equifax represent?

- Victim

You have been asked to conduct a forensic disk image on an internal 500 GB hard drive. You connect a write blocker to the drive and begin to image it using dd to copy the contents to an external 500 GB USB hard drive. Before completing the image, the tool reports that the imaging failed. Which of the following is most likely the reason for the image failure?

- There are bad sectors on the destination drive

A penetration tester has been hired to conduct an assessment, but the company wants to exclude social engineering from the list of authorized activities. Which of the following documents would include this limitation?

- Rules of engagement

Which of the following BEST describes when a third-party takes components produced by a legitimate manufacturer and assembles an unauthorized replica sold in the general marketplace?

- Counterfeiting

Which of the following refers to the likelihood of a vulnerability appearing again after it has been remediated?

- Recurrence

Which of the following protocols could be used inside a virtual system to manage and monitor the network?

- SNMP

You are conducting static analysis of an application's source code and come across the following line: //////// Based on this code snippet, which of the following security flaws exists in this application?

- Improper input validation

A software assurance test analyst performs a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. Which technique is the analyst utilizing?

- Fuzzing

If an attacker can compromise an Active Directory domain by utilizing an attack to grant administrative access to the domain controllers for all domain members, which type of attack is being used?

- Golden ticket

During the infamous Equifax data breach in 2017, it was revealed that a critical patch had not been applied to a vulnerable version of Apache Struts, allowing attackers to exploit the vulnerability. In the aftermath, Equifax implemented additional controls to monitor traffic to and from the servers hosting the vulnerable software. In this context, what kind of incident response activity is Equifax performing?

- Implementing compensating controls

Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?

- TACACS+

Which of the following automatically combines multiple disparate sources of information to form a complete picture of events for analysts to use during an incident response or when conducting proactive threat hunting?

- Data enrichment

Your company is adopting a new BYOD policy for tablets and smartphones. Which of the following would allow the company to secure the sensitive information on personally owned devices and the ability to remote wipe corporate information without the user's affecting personal data?

- Containerization

You are conducting threat hunting on your organization's network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it?

- The host might use as a staging area for data exfiltration -- you should conduct volume-based trend analysis on the host's storage device

Which of the following is usually not considered when evaluating the attack surface of an organization?

- Software development lifecycle model

Which of the following physical security controls would be the most effective in preventing an attacker from driving a vehicle through the glass doors at the front of the organization's headquarters?

- Bollards

Which of the following describes the importance of incident response reporting?

- It provides a record of the incident, aids in decision-making, and supports regulatory compliance

Which of the protocols listed is NOT likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?

- IPSec

You are conducting a quick nmap scan of a target network. You want to conduct an SYN scan, but you don't have raw socket privileges on your workstation. Which of the following commands should you use to conduct the SYN scan from your workstation?

- nmap -sT

You are conducting a review of a VPN device's logs and found the following URL being accessed: ////// Based upon this log entry alone, which of the following most likely occurred?

- The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted

An organization is using a proprietary system, the inner workings of which are not publicly disclosed. How could this potentially inhibit the remediation of vulnerabilities?

- Transparency gap hampers addressing system vulnerabilities

Which of the following techniques would best mitigate malware that utilizes a fast flux network for its command and control infrastructure?

- Utilize a secure recursive DNS resolver to a third-party secure DNS resolver

An adversary compromises a web server in your network using a zero-day exploit and then uses it as a command and control (C2) server for further attacks. Which stage of the MITRE ATT&CK framework does the use of a C2 server illustrate?

- Command and Control

Why is root cause analysis crucial in the aftermath of a security incident?

- It helps in understanding the fundamental reasons leading to the incident, enabling better prevention strategies for the future

In the Mirai botnet attack, thousands of IoT devices, such as cameras and routers, were infected and used to launch large-scale DDoS attacks. In the Diamond Model of Intrusion Analysis, what do these IoT devices represent?

- Infrastructure

Which of the following is NOT one of the main criteria included in a penetration testing plan?

- Account credentials

A vulnerability scanner has reported that a vulnerability exists in the system. Upon validating the report, the analyst determines that this reported vulnerability does not exist on the system. What is the proper term for this situation?

- False positive

Which protective feature is used to prevent a buffer overflow attack from specific applications by randomizing where a program's components are run from in memory?

- ASLR

While reviewing the configuration settings of your company's IIS web servers, you notice that directory browsing is enabled. This misconfiguration could potentially expose which of the following to an attacker?

- The structure and content of your web directories

Your company's cybersecurity team has been tracking vulnerability data over time. What might be the significance of observing a consistent upward trend in the discovery of new vulnerabilities?

- It could indicate a need for improved security measures or updated software-

You are the incident response team lead investigating a possible data breach at your company with 5 other analysts. A journalist contacts you and inquires about a press release from your company that indicates a breach has occurred. You quickly deny everything and then call the company’s public relations officer to ask if a press release had been published, which it has not. Which of the following has likely occurred?

- Inadvertent release of information

Your organization has recently migrated to a SaaS provider for its enterprise resource planning (ERP) software. Before this migration, a weekly port scan was conducted to help validate the on-premise systems' security. Which of the following actions should you take to validate the security of the cloud-based solution?

- Utilize vendor testing and audits

Which of the following is the correct usage of the T.C.P Dump command to create a packet capture filter for all traffic going to and from the server located at 10.10.1.1?

- tcpdump -i eth0 host 10.10.1.1

Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)

- NAC, - GPS location

Which of the following are valid concerns when migrating to a serverless architecture? (SELECT THREE)

- Dependency on the cloud service provider, - Protection of endpoint security, - Limited disaster recovery options

A cybersecurity analyst is analyzing an employee's workstation that is acting abnormally. The analyst runs the netstat command and reviews the following output: ////// Based on this output, which of the following entries is suspicious? (SELECT THREE)

- TCP 0.0.0.0:53 0.0.0.0:0 LISTENING, - TCP 192.168.1.4:53 208.71.44.30:80 ESTABLISHED, - TCP 192.168.1.4:53 91.198.117.247:443 CLOSE_WAIT

You identified a critical vulnerability in one of your organization's databases. You researched a solution, but it will require the server to be taken offline during the patch installation. You have received permission from the Change Advisory Board to implement this emergency change at 11 pm once everyone has left the office. It is now 3 pm; what action(s) should you take now to best prepare for implementing this evening's change? (SELECT ALL THAT APPLY)

- Identify any potential risks associated with installing the patch, - Validate the installation of the patch in a staging environment, - Ensure all stakeholders are informed of the planned outage, - Document the change in the change management system

A software development company has discovered the ProxyNotShell vulnerability in its product that it cannot fix immediately due to resource constraints. What measures can the company take to mitigate the risk associated with the vulnerability? (Choose TWO)

- Use a web application firewall (WAF) to block malicious traffic, - Use a firewall to restrict access to the affected systems

Which phase of the Cyber Kill Chain involves the attacker maintaining communication with the compromised system to facilitate data exfiltration or further exploitation?

- Command and Control

Which of the following tools is useful for capturing Windows memory data for forensic analysis?

- Memdump

You have just run the following commands on your Linux workstation: ////// Which of the following options would be included as part of the output for the grep command issued? (SELECT ALL THAT APPLY)

- dion, - DION, - DIOn, - Dion

Which of the following security policies could help detect fraudulent cases that occur even when other security controls are already in place?

- Mandatory vacations

How might the use of an out-of-date, unsupported legacy system affect the remediation of vulnerabilities?

- By lacking available security patches and updates to address known vulnerabilities

You work for Dion Training as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first?

- Install a mantrap at the entrance

When trying to thoroughly examine the security posture of a major e-commerce platform, which framework serves as an exhaustive guide dedicated explicitly to this purpose?

- OWASP Testing Guide

Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards?

- FISMA

Where should a forensic analyst search to find a list of the wireless networks that a laptop has previously connected to with a company-owned laptop?

- Search the registry for a complete list

An organization is conducting a cybersecurity training exercise. What team is Jason assigned to if he has been asked to monitor and manage the defenders' and attackers' technical environment during the exercise?

- White team

On your lunch break, you walked down to the coffee shop on the corner. You open your laptop and connect to their wireless network. After a few minutes of surfing the Internet, a pop-up is displayed on your screen. You close the pop-up, finish your lunch break, shut down the laptop, and put it back into your backpack. When you get back to the office, you take out the laptop and turn it on, but instead of your normal desktop background, you are greeted by a full-screen image with a padlock and a message stating you have to pay 1 BTC to regain access to your personal files. What type of malware has infected your laptop?

- Ransomware

In the context of incident response, why is the metric 'Mean Time to Remediate' important?

- It measures the efficiency of the incident response process and aids in improving response capabilities

Your company plans to test its web applications for vulnerabilities. Which tool would be appropriate for this task?

- Burp Suite

Your incident response team has identified a persistent threat actor who has used a spear-phishing attack to compromise a system in your network. The actor used this system to move laterally within the network, stealing sensitive data. The team wants to understand the relationship between the adversary, the victim system, the phishing infrastructure used by the attacker, and the lateral movement capability. Which framework would best help them in this analysis?

- Diamond Model of Intrusion Analysis

What command should a forensic analyst use to make a forensic disk image of a hard drive?

- dd

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )