MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
Question2: When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
Question3: While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)
Question4: A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?
Question5: During an incident, the following actions have been taken:- Executing the malware in a sandbox environment- Reverse engineering the malware- Conducting a behavior analysisBased on the steps presented, which of the following incident handling processes has been taken?
Question6: Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
Question7: An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?
Question8: A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.The unknown process is MOST likely:
Question9: After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
Question10: An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?
Question11: During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
Question12: A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?
Question13: A security professional discovers a new ransomware strain that disables antivirus on the endpoint during an infection. Which location would be the BEST place for the security professional to find technical information about this malware?
Question14: An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?
Question15: A common formula used to calculate risk is: + Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
Question16: Senior management has stated that antivirus software must be installed on all employee workstations. Which of the following does this statement BEST describe?
Question17: Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
Question18: Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)
Question19: Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
Question20: According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
Question21: Which of the following, when exposed together, constitutes PII? (Choose two.)
Question22: Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)
Question23: Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
Question24: Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?
Question25: Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?
Question26: It was recently discovered that many of an organization's servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
Question27: An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?
Question28: As part of an organization's regular maintenance activities, a security engineer visits the Internet Storm Center advisory page to obtain the latest list of blacklisted host/network addresses. The security engineer does this to perform which of the following activities?
Question29: A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATT&CK matrix has the responder discovered?
Question30: To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)
Question31: A system administrator identifies unusual network traffic from outside the local network. Which of the following is the BEST method for mitigating the threat?
Question32: Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
Question33: The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
Question34: When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
Question35: An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?
Question36: A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)