EXAM # 6 | | 暗記メーカー

EXAM # 6 |

90問 • 7ヶ月前

問題一覧

You are analyzing the SIEM for your company's e-commerce server when you notice the following URL in the logs of your SIEM: /// Based on this line, what type of attack do you expect has been attempted?

- XML injection

Which of the following information is traditionally found in the SOW for a penetration test?

- Excluded hosts

Which of the following is the difference between an incident summary report and a lessons-learned report?

- An incident summary report is designed for a non-technical audience

An organization has hired a cybersecurity analyst to conduct an assessment of their current security posture. The analyst begins by conducting an external assessment against the organization's network to determine what information is exposed to a potential external attacker. What technique should the analyst perform first?

- Enumeration

Your organization is evaluating several cybersecurity platforms that can centralize multiple security functions. Which feature should the platform have to ensure that all information can be viewed and managed from a single interface?

- Single Pane of Glass

You are going to perform a forensic disk image of a macOS laptop. What type of hard drive format should you expect to encounter?

- HFS+

You have been asked to determine if Dion Training’s web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?

- Banner grabbing

An independent cybersecurity researcher has contacted your company to prove a buffer overflow vulnerability exists in one of your applications. Which technique would have been most likely to identify this vulnerability in your application during development?

- Static code analysis

Imagine your organization is in the e-commerce sector, a field frequently targeted by DDoS attacks. To prepare for such an event, a team of key stakeholders engages in a role-play exercise simulating a DDoS attack on your website. The goal is to assess the effectiveness and efficiency of your organization's incident response capabilities. What term best describes this kind of preparation activity?

- Tabletop exercise

Your organization is expanding its remote workforce. Which security model would best minimize lateral movement if a device is compromised?

- Zero Trust

Your company is adopting a cloud-first architecture model. Management wants to decommission the on-premises SIEM your analysts use and migrate it to the cloud. Which of the following is an issue with using this approach?

- Legal and regulatory issues may prevent data migration to the cloud

Which of the following vulnerabilities is considered a "Top 10" due to its widespread occurrence and potential impact?

- SQL Injection

A new alert has been distributed throughout the information security community regarding a critical Apache vulnerability. What action could you take to ONLY identify the known vulnerability?

- Perform a scan for the specific vulnerability on all web servers

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses older unencrypted SSDs as part of their default configuration, and the manufacturer does not provide a SE utility for the devices. The storage devices contained top-secret data that would bankrupt the company if it fell into a competitor’s hands. After safely extracting the device's data and saving it to a new self-encrypting drive, you have been asked to dispose of the SSDs securely. Which of the following methods should you use?

- Physically destroy the storage devices

What is a buffer overflow vulnerability?

- A weakness allowing an attacker to overflow an application's buffer, causing it to crash or execute arbitrary code

During the analysis of data as part of ongoing security monitoring activities, which of the following is NOT a good source of information to validate the results of an analyst's vulnerability scans of the network's domain controllers?

- DMARC and DKIM

You have evidence to believe that an attacker was scanning your network from an IP address at 172.16.1.224. This network is part of a /26 subnet. You wish to quickly filter through several logs using a REGEX for anything that came from that subnet. What REGEX expression would provide the appropriate output when searching the logs for any traffic originating from only IP addresses within that subnet?

- \b172\.16\.1\.(25[0-5]|2[0-4][0-9]|19[2-9])\b

You are conducting a routine vulnerability scan of a server when you find a vulnerability. You locate a patch for the vulnerability on the software vendor's website. What should you do next?

- Submit a Request for Change using the change management process

Your organization has recently been the target of a spear phishing campaign. You have identified the website associated with the link in the spear phishing emails and want to block it. Which of the following techniques would be the MOST effective in this situation?

- URL filter

In the aftermath of a cyber-attack, a company conducts a comprehensive review of the event, its impact, how it was handled, and how future similar incidents can be prevented or better managed. This review process is an essential part of which post-incident activity?

- Lessons learned

After a recent cybersecurity incident in your organization, an executive summary has been prepared for senior management. However, the executives have also asked for recommendations on improving security posture and preventing such incidents in the future. Where can they find this information?

- In the lessons learned section of the incident response report

Which of the following threats to a SaaS deployment would be the responsibility of the consumer to remediate?

- An endpoint security failure

In the Diamond Model of Intrusion Analysis, what does the Victim component represent?

- The entity that is targeted by the attack

Which of the following is typically used to secure the CAN bus in a vehicular network?

- Airgap

Which level of logging should you configure on a Cisco device to be notified whenever they shut down due to a failure?

In which type of attack does the attacker begin with a normal user account and then seek additional access rights?

- Privilege escalation

How do service level objectives (SLOs) contribute to incident response?

- They define expectations for incident response times and quality, providing clear targets for the response team

Dion Training's new COO is reviewing the organization's current information security policy. She notices that it was first created three years ago. Since that time, the organization has undergone multiple audits and assessments that required revisions to the policy. Which of the following is the most reasonable frequency to conduct a formal review of the organization's policies to ensure they remain up to date?

- Annually

Which of the following would an adversary perform during the final phase of the Lockheed Martin kill chain? (SELECT FOUR)

- Exfiltrate data, - Modify data, - Lateral movement through the environment, - Privilege escalation

Which of the following techniques would allow an attacker to get a full listing of your internal DNS information if your DNS server is not properly secured?

- Zone transfers

You are searching a Linux server for a possible backdoor during a forensic investigation. Which part of the file system should you search for evidence of a backdoor related to a Linux service?

- /etc/xinetd.conf

An electronics store was recently robbed, resulting in injury to an employee and the theft of property. To enhance physical security, the store’s IT department brought in an external vendor to install a new appliance-based physical access control system. This system includes video surveillance, alarms, and remotely monitored locks. Which of the following actions would be the most appropriate for integrating this type of technology so that it will be less likely to introduce long-term cybersecurity risks?

- These devices should be isolated from the rest of the enterprise network

You are conducting static analysis of an application's source code and see the following: /// If an attacker wanted to get a complete copy of the courses table and was able to substitute arbitrary strings for "id" and "certification", which of the following strings allow this to occur?

- id = "1' OR '1'=='1" and certification = "cysa' OR '1'=='1"

Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach?

- Protected health information

Jack is assessing the likelihood of reconnaissance activities being performed against his organization. Which of the following would best classify the likelihood of a port scan being conducted against his DMZ?

- High

Kelly Nexis Analytics server has been acting unusually, with suspected malicious files being downloaded. As part of your incident response, you need to thoroughly analyze the suspected files in a secure and isolated environment. Which tool would be MOST appropriate for this task?

- Joe Sandbox

Barrett needs to verify settings on a macOS computer to ensure that the configuration he expects is currently set on the system. What type of file is commonly used to store configuration settings for a macOS system?

- plists

After 9 months of C++ programming, the team at Whammiedyne systems has released their new software application. Within just 2 weeks of release, though, the security team discovered multiple serious vulnerabilities in the application that must be corrected. To retrofit the source code to include the required security controls will take 2 months of labor at the cost of $100,000. Which development framework should Whammiedyne use in the future to prevent this situation from occurring in other projects?

- DevSecOps

You're an incident response team member at a prominent financial institution. A recent intrusion, such as the infamous Equifax breach, has potentially exposed customer financial data. As part of your incident response duties, you need to liaise with the legal department to address potential liabilities and discuss the way forward. What primarily makes this interaction imperative?

- To ensure compliance with data breach laws

Which of the following vulnerabilities was considered the MOST critical because of its potential for a high degree of impact and exploitability?

- Heartbleed

What popular open-source port scanning tool is commonly used for host discovery and service identification?

- nmap

Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization's database?

- SQL injection

While conducting a penetration test of an organization's web applications, you attempt to insert the following script into the search form on the company's web site: /// Based on this response, what vulnerability have you uncovered in the web application?

- Cross-site scripting

Bidgood Technologies has been experiencing a series of cyberattacks. As a cybersecurity analyst, you decide to implement a strategy that allows you to effectively collect security threat data, analyze it for malicious activity, and automate responses. Which tool would best serve this purpose?

- SOAR (Security Orchestration, Automation, and Response)

You are developing your vulnerability scanning plan and attempting to scope your scans properly. You have decided to focus on the criticality of a system to the organization's operations when prioritizing the system in the scope of your scans. Which of the following would be the best place to gather the criticality of a system?

- Review the asset inventory and BCP

Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network?

- Removable media

Sarah has reason to believe that systems on her network have been compromised by an APT. She has noticed many file transfers outbound to a remote site via TLS-protected HTTPS sessions from unknown systems. Which of the following techniques would most likely detect the APT?

- Endpoint forensics

Which of the following is NOT a use case for reverse engineering?

- To allow the software developer to spot flaws in their source code

You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the attack's target?

- 443

Which of the following categories would contain information about a French citizen's race or ethnic origin?

- SPI

An organization is using a critical software application that becomes significantly slower with each security patch applied. How could this potentially inhibit the remediation of vulnerabilities?

- Fear of functionality degradation may delay or deter patch application

Which of the following secure coding best practices ensures special characters like , /, and ‘ are not accepted from the user via a web form?

- Input validation

The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company's cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?

- This approach only changes the location of the network and not the attack surface of it

After a sophisticated spear-phishing attack compromised your organization's financial database, the incident response team engages in a meticulous examination of the event. They aim to preserve and scrutinize digital evidence, uncover the exact method of the breach, and gauge its impact on your organization. What is this meticulous post-incident examination known as?

- Forensic analysis

Which of the following is the most important feature to consider when designing a system on a chip?

- Space and power savings

DeepScan supports data-flow analysis and understands the execution flow of a program. It allows you to see possible security flaws without executing the code. Which of the following types of tools would DeepScan be classified as?

- Static code analyzer

Fail to Pass Systems has recently moved its corporate offices from France to Westeros, a country with no meaningful privacy regulations. The marketing department believes that this move will allow the company to resell all of its customer's data to third-party companies and shield the company from any legal responsibility. Which policy is violated by this scenario?

- Data sovereignty

You are a cybersecurity analyst working for an accounting firm that manages the accounting for multiple smaller firms. You have successfully detected an APT operating in your company's network that appears to have been there for at least 8 months. In conducting a qualitative assessment of the impact, which of the following factors should be most prominently mentioned in your report to your firm's executives? (SELECT TWO)

- Economic, - Data integrity

JKelly Data Solutions has implemented a vulnerability management program as part of its cyber security strategy. Their systems process a high volume of electronic payments. Why is it crucial for the program to include thorough reporting and communication, especially regarding compliance reports?

- It demonstrates due diligence and transparency to regulatory bodies regarding addressed vulnerabilities

Why is stakeholder identification and communication essential during an incident response?

- To ensure the right people are informed and involved in the response process

Your organization is updating its incident response communications plan. A business analyst in the working group recommends that if the company discovers they are the victims of a data breach, they should only notify the affected parties to minimize media attention and bad publicity. Which of the following recommendations do you provide in response to the business analyst’s statement?

- Guidance from laws and regulations should be considered when deciding who must be notified to avoid fines and judgments from non-compliance

Joseph would like to prevent hosts from connecting to known malware distribution domains. What type of solution should be used without deploying endpoint protection software or an IPS system?

- DNS blackholing

Dion Training wants to implement technology within their corporate network to BEST mitigate the risk that a zero-day virus might infect their workstations. Which of the following should be implemented FIRST?

- Application whitelisting

You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why?

- Syslog

You're leading a cybersecurity team and looking for tasks to automate your security operations. Which of the following tasks would be a suitable candidate for automation?

- Alert triaging

An organization wants to choose an authentication protocol that can be used over an insecure network without implementing additional encryption services. Which of the following protocols should they choose?

- Kerberos

During an incident response, your team identified that an attacker performed a scan on your network, then delivered malware via a phishing email, which was exploited to install a backdoor on the system. The attacker then executed commands to exfiltrate data. Which framework would BEST represent this attack sequence?

- Cyber Kill Chain

How might an organization's governance policies potentially inhibit the remediation of identified vulnerabilities?

- Potentially lengthy approval processes could delay the implementation of necessary patches

During which phase of the Cyber Kill Chain would an attacker transmit the malicious payload to the victim, typically via email, web, or USB?

- Delivery

In the event of a cybersecurity breach, what legal aspects should primarily be considered when communicating with external stakeholders?

- Compliance with data breach notification laws

You have been asked to scan your company’s website using the OWASP ZAP tool. When you perform the scan, you received the following warning: /// You begin to investigate further by reviewing a portion of the HTML code from the website that is listed below: //: Based on your analysis, which of the following actions should you take?

- You tell the developer to review their code and implement a bug/code fix

A cybersecurity analyst is reviewing the logs of a Citrix NetScaler Gateway running on a FreeBSD 8.4 server and saw the following output: /// What type of attack was most likely being attempted by the attacker?

- Directory traversal

Your organization, a healthcare provider, has just experienced a significant cyber-attack resulting in the compromise of patient records. In response, the organization immediately activates a predefined set of guidelines designed to handle such a situation, which includes procedures for communication, investigation, and mitigation. What term best describes this set of guidelines?

- Incident response plan

A buffer overflow vulnerability in Dion Cybertronix Corporation's system was resolved and verified. However, after some weeks, the same vulnerability was identified again. What does this situation demonstrate?

- Recurrence

An organization utilizes a BYOD policy with its employees. This allows the employees to store sensitive corporate data on their personally owned devices. Which of the following occurred if an employee accidentally left their device in the back of a taxi?

- Failed deperimeterization management

You suspect that a system's firmware has been compromised. Which type of firmware would provide resistance against such an attack?

- Trusted Firmware

Which of the following vulnerabilities was the MOST critical due to its high potential impact and exploitability?

- Shellshock

An analyst suspects that a trojan has victimized a Linux system. Which command should be run to determine where the current bash shell is being executed from on the system?

- which bash

You are an analyst and have been asked to review and categorize the following output from a packet analysis in Wireshark: /// Based on your review, what does this scan indicate?

- This appears to be normal network traffic

Your web application security team is preparing to conduct security testing on a new web application. Which guide would provide the most comprehensive framework for this testing?

- OWASP Testing Guide

Which of the following would an adversary do during the 'weaponization' phase of the Lockheed Martin kill chain? (SELECT THREE)

- Select backdoor implant and appropriate command and control infrastructure for operation, - Select a decoy document to present to the victim, - Obtain a weaponizer

You have noticed some unusual network traffic outbound from a certain host. The host is communicating with a known malicious server over port 443 using an encrypted TLS tunnel. You ran a full system anti-virus scan of the host with an updated anti-virus signature file, but the anti-virus did not find any infection signs. Which of the following has MOST likely occurred?

- Zero-day attack

Your organization has detected logins to company accounts from locations that the users could not have traveled to in the given time frame. This security alert is generated based on the detection of what concept?

- Impossible Travel

Richard attempted to visit a website and received a DNS response from the DNS cache server pointing to the wrong IP address. Which of the following attacks has occurred?

- DNS poisoning

As part of your organization's proactive threat hunting, you're considering gathering threat intelligence from the deep web and dark web. What could be a significant benefit of this approach?

- Discovering potential threats before they impact your organization

Dion Consulting Group has recently been awarded a contract to provide cybersecurity services for a major hospital chain in 48 cities across the United States. You are conducting a vulnerability scan of the hospital's enterprise network when you detect several devices that could be vulnerable to a buffer overflow attack. Upon further investigation, you determine that these devices are PLCs used to control the hospital's elevators. Unfortunately, there is not an update available from the elevator manufacturer for these devices. Which of the following mitigations do you recommend?

- Recommend isolation of the elevator control system from the rest of the production network through the change control process

Stephanie believes that her computer had been compromised because her computer suddenly slows down and often freezes up. Worried her computer was infected with malware, she immediately unplugged the network and power cables from her computer. Per the company procedures, she contacts the help desk, fills out the appropriate forms, and is sent to a cybersecurity analyst for further analysis. The analyst was not able to confirm or deny the presence of possible malware on her computer. Which of the following should have been performed during the incident response preparation phase to prevent this issue?

- Train users to not unplug their computers when a suspected incident is occurring

Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application?

- MD5 or SHA1 hash digest of the file

What is the term for the numerical value assigned to a vulnerability to denote its potential impact and exploitability?

- Risk Score

Your company is a tech firm that has recently experienced a breach, which was reported in the news. The breach has resulted in many customer queries, media inquiries, and stakeholder concerns. As part of the incident response team, what type of communication would be most appropriate to handle these inquiries?

- Public relations communication

MPLE

ユーザ名非公開 · 41問 · 13日前

MPLE