A security analyst identified one server that was compromised and used as a data mining machine, and a clone of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

A. System timeline reconstruction
B. System registry extraction
C. Data carving
D. Volatile memory analysis

A business recently acquired a software company. The software company's security posture is unknown.
However, based on an initial assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

A. Develop an asset inventory to determine the systems within the software company.
B. Review relevant network drawings, diagrams, and documentation.
C. Perform penetration tests against the software company's internal and external networks.
D. Baseline the software company's network to determine the ports and protocols in use.

Understanding attack vectors and integrating intelligence sources are important components of:

A. a vulnerability management plan.
B. proactive threat hunting.
C. risk management compliance.
D. an incident response plan.

A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further investigation?

A. Data carving
B. Timeline construction
C. File cloning
D. Reverse engineering

A company recently experienced a breach of sensitive information that affects customers across multiple geographical regions. Which of the following roles would be BEST suited to determine the breach notification requirements?

A. Legal counsel
B. Chief Security Officer
C. Human resources
D. Law enforcement

A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation recommendation?

A. Use TLS for all data exchanges.
B. Use effective authentication and authorization methods.
C. Implement parameterized queries.
D. Validate all incoming data.

After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:

Which of the following is the BEST solution to mitigate this type of attack?

A. Implement a better level of user input filters and content sanitization.
B. Properly configure XML handlers so they do not process &ent parameters coming from user inputs.
C. Use parameterized queries to avoid user inputs from being processed by the server.
D. Escape user inputs using character encoding conjoined with whitelisting.

A security analyst is reviewing a vulnerability scan report and notes the following finding:

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

A. Patch or reimage the device to complete the recovery.
B. Restart the antiviruses running processes.
C. Isolate the host from the network to prevent exposure.
D. Confirm the workstation's signatures against the most current signatures.

A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?

A. Implement UEM on all systems and deploy security software.
B. Implement DLP on all workstations and block company data from being sent outside the company.
C. Implement a CASB and prevent certain types of data from being downloaded to a workstation.
D. Implement centralized monitoring and logging for all company systems.

Which of the following allows Secure Boot to be enabled?

A. eFuse
B. UEFI
C. HSM
D. PAM