MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?
Question2: An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?
Question3: A user reports application access issues to the help desk. The help desk reviews the logs for the user:Which of the following is most likely the reason for the issue?
Question4: You are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:. The application does not need to know the users' credentials.. An approval interaction between the users and the HTTP service must be orchestrated.. The application must have limited access to users' data.INSTRUCTIONSUse the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.
Question5: An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?
Question6: A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?
Question7: A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?
Question8: A security engineer must resolve a vulnerability in a deprecated version of Python for a custom-developed flight simulation application that is monitored and controlled remotely. The source code is proprietary and built with Python functions running on the Ubuntu operating system. Version control is not enabled for the application in development or production. However, the application must remain online in the production environment using built-in features. Which of the following solutions best reduces the attack surface of these issues and meets the outlined requirements?
Question9: An external SaaS solution user reports a bug associated with the role-based access control module. This bug allows users to bypass system logic associated with client segmentation in the multitenant deployment model.When assessing the bug report, the developer finds that the same bug was previously identified and addressed in an earlier release. The developer then determines the bug was reintroduced when an existing software component was integrated from a prior version of the platform. Which of the following is the best way to prevent this scenario?
Question10: During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.INSTRUCTIONSReview each of the events and select the appropriate analysis and remediation options for each IoC.
Question11: A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?
Question12: A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?
Question13: After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?
Question14: A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?
Question15: A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?
Question16: You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.The company's hardening guidelines indicate the following:There should be one primary server or service per device.Only default ports should be used.Non-secure protocols should be disabled.INSTRUCTIONSUsing the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:The IP address of the deviceThe primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question17: A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:Which of the following best explains the reason the user's access is being denied?
Question18: An organization hires a security consultant to establish a SOC that includes a threat-modeling function.During initial activities, the consultant works with system engineers to identify antipatterns within the environment. Which of the following is most critical for the engineers to disclose to the consultant during this phase?
Question19: An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?
Question20: A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?
Question21: An analyst reviews a SIEM and generates the following report:Only HOST002 is authorized for internet traffic. Which of the following statements is accurate?
Question22: The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?
Question23: A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message:Which of the following is the best way to fix this issue?
Question24: A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products. Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?
Question25: An organization determines existing business continuity practices are inadequate to support critical internal process dependencies during a contingency event. A compliance analyst wants the Chief Information Officer (CIO) to identify the level of residual risk that is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?
Question26: An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?
Question27: As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?
Question28: A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?
Question29: A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''
Question30: A security analyst is reviewing the following event timeline from an COR solution:Which of the following most likely has occurred and needs to be fixed?
Question31: A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?
Question32: While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?
Question33: A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?
Question34: After a company discovered a zero-day vulnerability in its VPN solution, the company plans to deploy cloud- hosted resources to replace its current on-premises systems. An engineer must find an appropriate solution to facilitate trusted connectivity. Which of the following capabilities is the most relevant?
Question35: A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?
Question36: Source code snippets for two separate malware samples are shown below:Sample 1:knockEmDown(String e) {if(target.isAccessed()) {target.toShell(e);System.out.printIn(e.toString());c2.sendTelemetry(target.hostname.toString + " is " + e.toString());} else {target.close();}}Sample 2:targetSys(address a) {if(address.islpv4()) {address.connect(1337);address.keepAlive("paranoid");String status = knockEmDown(address.current);remote.sendC2(address.current + " is " + status);} else {throw Exception e;}}Which of the following describes the most important observation about the two samples?
Question37: Asecuntv administrator is performing a gap assessment against a specific OS benchmark The benchmark requires the following configurations be applied to endpomts:* Full disk encryption* Host-based firewall* Time synchronization* Password policies* Application allow listing* Zero Trust application accessWhich of the following solutions best addresses the requirements? (Select two).
Question38: A security architect wants to develop a baseline of security configurations These configurations automatically will be utilized machine is created Which of the following technologies should the security architect deploy to accomplish this goal?
Question39: During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan Which of the following is the most probable cause of the infection?
Question40: A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures. The security analyst reviews the following logs:Mar 5 22:09:50 akj3 sshd[21502]: Success login for userOl from 192.168.2.5 Mar 5 22:10:00 akj3 sshd[21502]: Failed login for userID from 192.168.2.5 Which of the following is the most likely reason for the application failures?
Question41: A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?
Question42: A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?
Question43: Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?
Question44: A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?
Question45: Company A and Company D ate merging Company A's compliance reports indicate branch protections are not in place A security analyst needs to ensure that potential threats to the software development life cycle are addressed. Which of the following should me analyst cons<der when completing this basic?
Question46: Which of the following is the security engineer most likely doing?
Question47: An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization's context-aware access system. Which of the following is the best way to improve the effectiveness of the system?
Question48: A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:Which of the following is most likely the cause of the issue?
Question49: The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.Which of the following solutions are the best ways to mitigate this issue? (Select two).Setting different access controls defined by business area
Question50: An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?
Question51: A security analyst received a notification from a cloud service provider regarding an attack detected on a web server The cloud service provider shared the following information about the attack:* The attack came from inside the network.* The attacking source IP was from the internal vulnerability scanners.* The scanner is not configured to target the cloud servers.Which of the following actions should the security analyst take first?
Question52: An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?
Question53: A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?
Question54: A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me bset way to reduce the risk oi reoccurrence?
Question55: A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?
Question56: Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:Reader 10.0Reader 10.1Reader 10.2Reader 10.3Reader 10.4Which of the following regular expression entries will accurately identify all the affected versions?
Question57: A Chief Information Security Officer is concerned about the operational impact of ransomware. In the event of a ransomware attack, the business requires the integrity of the data to remain intact and an RPO of less than one hour. Which of the following storage strategies best satisfies the business requirements?
Question58: A product development team has submitted code snippets for review prior to release.INSTRUCTIONSAnalyze the code snippets, and then select one vulnerability, and one fix for each code snippet.Code Snippet 1Code Snippet 2Vulnerability 1:SQL injectionCross-site request forgeryServer-side request forgeryIndirect object referenceCross-site scriptingFix 1:Perform input sanitization of the userid field.Perform output encoding of queryResponse,Ensure usex:ia belongs to logged-in user.Inspect URLS and disallow arbitrary requests.Implement anti-forgery tokens.Vulnerability 21) Denial of service2) Command injection3) SQL injection4) Authorization bypass5) Credentials passed via GETFix 2A) Implement prepared statements and bindvariables.B) Remove the serve_forever instruction.C) Prevent the "authenticated" value from being overridden by a GET parameter.D) HTTP POST should be used for sensitive parameters.E) Perform input sanitization of the userid field.
Question59: An incident response team is analyzing malware and observes the following:* Does not execute in a sandbox* No network loCs* No publicly known hash match* No process injection method detectedWhich of the following should the team do next to proceed with further analysis?
Question60: A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?
Question61: A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?
Question62: Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption Which of the following is the most likely reason me device must be replaced'
Question63: An organization is required to* Respond to internal and external inquiries in a timely manner* Provide transparency.* Comply with regulatory requirementsThe organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?
Question64: Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?
Question65: A systems administrator wants to reduce the number of failed patch deployments in an organization. The administrator discovers that system owners modify systems or applications in an ad hoc manner. Which of the following is the best way to reduce the number of failed patch deployments?
Question66: All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?
Question67: Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?
Question68: Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?