A newly appointed Chief Information Security Officer has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation? A. Planning B. Continuous monitoring C. Risk response D. Risk analysis E. Oversight
A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with adware. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue? A. Blacklist the hash in the next-generation antivirus system. B. Manually delete the file from each of the workstations. C. Remove administrative rights from all developer workstations. D. Block the download of the file via the web proxy.
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:
Which of the following technologies would MOST likely be used to prevent this phishing attempt? A. DNSSEC B. DMARC C. STP D. S/IMAP
A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan? A. Make sure the scan is credentialed, covers all hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations. B. Make sure the scan is uncredentialed, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations. C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations. D. Make sure the scan is credentialed, uses a limited plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.
An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application. The working hypothesis is as follows:
Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.
The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.
The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use? A. Improving detection capabilities B. Bundling critical assets C. Profiling threat actors and activities D. Reducing the attack surface area
A computer hardware manufacturer is developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one. Which of the following can the hardware manufacturer implement to prevent firmware downgrades? A. Encryption B. eFuse C. Secure Enclave D. Trusted execution
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future? A. Implement a UTM instead of a stateful firewall and enable gateway antivirus. B. Back up the workstations to facilitate recovery and create a gold image. C. Establish a ransomware awareness program and implement secure and verifiable backups. D. Virtualize all the endpoints with daily snapshots of the virtual machines.
A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked. Which of the following methods would be MOST appropriate to use? A. The Cyber Kill Chain B. Building security in maturity model C. An adversary capability model D. The Diamond Model of Intrusion Analysis
A security analyst reviews SIEM logs and discovers the following error event:
Which of the following environments does the analyst need to examine to continue troubleshooting the event? A. Proxy server B. SQL server C. Windows domain controller D. WAF appliance E. DNS server
