A SIEM analyst receives an alert containing the following URL:
http:/companywebsite.com/displayPicture?filenamE=../../../../etc/passwd
Which of the following BEST describes the attack?

A. Password spraying
B. Buffer overflow
C. Insecure object access
D. Directory traversal

A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment. Which of the following is the BEST solution?

A. Virtualize the system and decommission the physical machine.
B. Remove it from the network and require air gapping.
C. Implement privileged access management for identity access.
D. Implement MFA on the specific system.

An analyst must review a new cloud-based SIEM solution. Which of the following should the analyst do FIRST prior to discussing the company's needs?

A. Check industry news feeds for product reviews.
B. Ensure a current non-disclosure agreement is on file.
C. Perform a vulnerability scan against a test instance.
D. Download the product security white paper.

A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to go offline. Which of the following solutions would work BEST prevent to this from happening again?

A. Change management
B. Application whitelisting
C. Asset management
D. Privilege management

Which of the following threat classifications would MOST likely use polymorphic code?

A. Known threat
B. Zero-day threat
C. Unknown threat
D. Advanced persistent threat

Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?

A. Red-team analysis
B. Escalation process and procedures
C. Triage and analysis
D. Communications plan

Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?

A. H-ISAC
B. Dental forums
C. Open threat exchange
D. Dark web chatter

A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentiality protection. Which of the following is the BEST technical security control to mitigate this risk?

A. Switch to RADIUS technology.
B. Switch to TACACS+ technology.
C. Switch to MAC filtering.
D. Switch to the WPA2 protocol.

As part of an intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several domains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for intelligence gathering?

A. Update the whitelist.
B. Develop a malware signature.
C. Sinkhole the domains.
D. Update the blacklist.

An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization. Which of the following can the security analyst use to justify the request?

A. GDPR
B. Data correlation procedure
C. Evidence retention
D. Data retention