CNL_CH_12

124問 • 2年前

問題一覧

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

Perform containment on the critical servers and resources

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

Log analysis

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:

pivoting

A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?

False positive

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

Hoaxes

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Privilege escalation

Data exfiltration analysis indicates that an attacker managed to download system configuration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server. Which of the following attacks explains what occurred? (Select TWO)

Directory traversal, Privilege escalation

Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

Vishing, Credential harvesting

Which of the following is a targeted attack aimed at compromising users within a specific industry or group?

Watering hole

A user forwarded a suspicious email to the security team. Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?

Configure the web content filter for the web address.

In a phishing attack, the perpetrator is pretending to be someone in a position of power in an effort to influence the target to click or follow the desired response. Which of the following principles is being used?

Intimidation

An attacker browses a company’s online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique?

Reconnaissance

Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A phishing email stating a cash settlement has been awarded but will expire soon

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?

DNS

A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against;

Loss of proprietary information

A user recently sent an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

Smishing

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Watering-hole attack

A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?

Smishing

Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

Dark web

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?

CVSS

The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed. Which of the following solutions should the SOC consider to BEST improve its response time?

Implement a SOAR with customizable playbooks

Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

CVSS

A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

SIEM

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment. Which of the following is an immediate consequence of these integrations?

Increase in the attack surface

Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

SOAR

A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

Utilize behavioral analysis to enable the SIEM's learning mode.

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)

SNMPv2 SNMPv3, HTTPHTTPS, F. Telnet SSH

A penetration tester gains access to the network by exploiting a vulnerability on a public-facing web server. Which of the following techniques will the tester most likely perform NEXT?

Create a user account to maintain persistence

A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the BEST remediation strategy?

Update the base container image and redeploy the environment.

A security assessment found that several embedded systems are running unsecure protocols. These systems were purchased two years ago and the company that developed them is no longer in business. Which of the following constraints BEST describes the reason the findings cannot be remediated?

Unavailable patch

Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function properly. Which of the following should the security administrator consider implementing to address this issue?

Application whitelisting

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

The software was not added to the application whitelist.

An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting?

Zero-day

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

A watering-hole attack

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Whaling

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity before sending him the prize. Which of the following BEST describes this type of email?

Phishing

The spread of misinformation surrounding the outbreak of a novel virus on election day targeted to eligible voters choosing not to take the risk of going to the polls. This is an example of:

an influence campaign

Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Zero-day

The process of passively gathering information prior to launching a cyberattack is called:

reconnaissance

A network administrator was provided the following output from a vulnerability scan: The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise. Which of the following plugin IDs should be remediated FIRST?

Phishing and spear-phishing attacks (e-mails) have been occurring more frequently against a company’s staff. Which of the following would MOST likely help mitigate this issue?

DNSSEC and DMARC

The process of passively gathering information prior to launching a cyberattack is called:

reconnaissance

Which of the following types of attacks is specific to the individual it targets?

Whaling

The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

Whaling

Several employees have noticed other bystanders can clearly observe a terminal where passcodes are being entered. Which of the following can be eliminated with the use of a privacy screen?

Shoulder surfing

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Vishing

A Chief Information Officer (CIO) receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned in the email. This BEST describes a scenario related to:

Whaling

Smishing

The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?

Social engineering

A news article states that a popular web browser deployed on all corporate PCs is vulnerable a zero-day attack. Which of the following MOST concern the Chief Information Security Officer about the information in the new article?

No patches are available for the web browser

Which of the following utilize a subset of real data and are MOST likely to be used to assess the features and functions of a system and how it interacts or performs from an end user's perspective against defined test cases? (Select TWO)

Test, UAT (User Acceptance testing)

The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

Submit the application to QA before releasing it.

Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?

Staging

Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences?

Data bias

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

Validation

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Development - 1

The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots It uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?

Tainted training data

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Staging

An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

Staging

Which of the following attacks can be mitigated by proper data retention policies?

Dumpster diving

An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.)

DNS hijacking, Man-in-the-browser

An organization regularly scans its infrastructure for missing security patches but is concerned about hackers gaining access to the scanner's account. Which of the following would be BEST to minimize this risk?

Log and alert on unusual scanner account logon times.

A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?

CVE (Common Vulnerabilities and Exposures)

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

Check the SIEM to review the correlated logs.

A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report?

Credentialed

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC discovers malware that is associated with a botnet that is installed on the device. A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

The CIRT

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

A. The unexpected traffic correlated against multiple rules, generating multiple alerts.

A security analyst is using a recently released security advisory (report) to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

Threat hunting

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?

The scan enumerated software versions of installed programs

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

Log collector

After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

Configure the perimeter firewall to deny inbound external connections to SMB ports.

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: Which of the following can the security analyst conclude?

An injection attack is being conducted against a user authentication system.

Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Red team

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

Gray-box

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?

White-box

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Dumpster diving

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

prioritize remediation of vulnerabilities based on the possible impact.

A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?

Tabletop exercise

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Missing patches for third-party software on Windows workstations and servers

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an loC?

Activate runbooks for incident response

A security manager runs Nessus scans of the network after every maintenance window. Which of the following is the security manager MOST likely trying to accomplish?

Verifying that system patching has effectively removed knows vulnerabilities

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?

Bug Bounty

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promotion to production?

Run a vulnerability scan.

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store. The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Card skimming

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions BEST fits this use case?

EDR

The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?

Tabletop walk-through

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Establish persistence for future use.

Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Weak configurations

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the most likely cause of the issue?

Third-party applications are not being patched.

Which of the following often operates in a client-server architecture to act as a service repository. Providing enterprise consumers access to structured threat intelligence data?

TAXII

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Improper or weak patch management

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

White team

security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Security patches were uninstalled due to user impact.

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Non-credentialed

Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?

Bug bounty

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company's execution. Which of the following intelligence sources should a security analyst review?

Industry information-sharing and collaboration groups

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyber threat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

TAXII

100

An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organizations requirement?

Implement a TAXII server

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1