MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?
Question2: According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator's group. Which of the following actions should the security administrator take?
Question3: Organizations considered "covered entities" are required to adhere to which compliance requirement?
Question4: A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:- Running antivirus scans on the affected user machines- Checking department membership of affected users- Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts- Checking network monitoring tools for anomalous activitiesWhich of the following phases of the incident response process match the actions taken?
Question5: Which of the following security best practices should a web developer reference when developing a new web- based application?
Question6: A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of "armageddon.exe" along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
Question7: If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?
Question8: A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?
Question9: Detailed step-by-step instructions to follow during a security incident are considered:
Question10: During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?
Question11: During an incident, the following actions have been taken:-Executing the malware in a sandbox environment-Reverse engineering the malware-Conducting a behavior analysisBased on the steps presented, which of the following incident handling processes has been taken?
Question12: A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be PRIMARY focus of the incident response team?
Question13: During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
Question14: A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?
Question15: During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?
Question16: Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?
Question17: Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)
Question18: Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B.Which of the following threat motives does this MOST likely represent?
Question19: The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
Question20: An incident at a government agency has occurred and the following actions were taken:-Users have regained access to email accounts-Temporary VPN services have been removed-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated-Temporary email servers have been decommissionedWhich of the following phases of the incident response process match the actions taken?
Question21: Which of the following technologies would reduce the risk of a successful SQL injection attack?
Question22: An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?
Question23: A system administrator identifies unusual network traffic from outside the local network. Which of the following is the BEST method for mitigating the threat?
Question24: When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
Question25: A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATT&CK matrix has the responder discovered?
Question26: Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
Question27: It was recently discovered that many of an organization's servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
Question28: While planning a vulnerability assessment on a computer network, which of the following is essential?(Choose two.)
Question29: A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST likely used by the analyst for the initial discovery?
Question30: Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?
Question31: A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
Question32: Which of the following enables security personnel to have the BEST security incident recovery practices?
Question33: After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?
Question34: Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?
Question35: An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?
Question36: Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
Question37: A network administrator has determined that network performance has degraded due to excessive use of social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?
Question38: Senior management has stated that antivirus software must be installed on all employee workstations. Which of the following does this statement BEST describe?
Question39: A security investigator has detected an unauthorized insider reviewing files containing company secrets.Which of the following commands could the investigator use to determine which files have been opened by this user?
Question40: The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
Question41: An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?
Question42: Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?
Question43: An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
Question44: An incident response team is concerned with verifying the integrity of security information and event management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?
Question45: A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.The unknown process is MOST likely:
Question46: It was recently discovered that many of an organization's servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
Question47: Detailed step-by-step instructions to follow during a security incident are considered:
Question48: Which of the following is a cybersecurity solution for insider threats to strengthen information protection?