QUESTION 41
You have an Azure environment. You need to identify any Azure configurations and workloads that are non-compliant with Iso 27001:2013 standards.What should you use?
A. Microsoft Sentinel
B. Microsoft Defender for Identity
C. Microsoft Defender for Cloud
D. Microsoft Entra ID Protection
Correct Answer: C
QUESTION 42
Which of the following is the best reason to heavily segment business-critical assets from within the network?
A. Legacy systems
B. Degraded functionality
C. Asset obfuscation
D. Proprietary server
Correct Answer: A
QUESTION 43
In the system design phase, which of the following proactive approaches identifies and helps remediate threats?
A. User and entity behavior analytics
B. Software Assurance Maturity Model
C. Open Worldwide Application Security Project
D. Spoofing, tampering, repudiation, information disclosure, denial of service, and escalation of privilege
Correct Answer: D
QUESTION 44
An organization’s security operations center (SOC) team prioritizes confidentiality and integrity over monetary considerations. The SOC team contains a quickly progressing ransomware incident. Which of the following factors motivated the SoC team to take this action?(Select two)
A. Attack vector
B. Risk appetite
C. Scope
D. Impact
E. Common Vulnerability Scoring System (CVSS) score
F. Asset value
Correct Answer: DF
QUESTION 45
An analyst receives an alert:
Malicious payload found in user’s outgoing mail.
The analyst reviews the alert and finds a file named “Invoice# 372341.doc” was sent to five people with the same email domain at the client company. The analyst runs the file through a local sandbox, and the findings are inconclusive. Which of following should the analyst do to further assess this file to ensure it is safe?
A. Contact the user and verify their activity directly.
B. Check the recipients’ domain in MXToolbox.
C. Run the file through Joe Sandbox to verify the results.
D. Use the strings command to check for unusual indicators.
Correct Answer: C
QUESTION 46
During an incident handoff, an analyst receives a significant number of small artifacts. The analyst must verify artifact integrity before processing. The Chief Information Security Officer is requesting an update before the end of the day. Which of the following will best accomplish this task?
A. RACE Integrity Primitives Evaluation Message Digest 160 (RIPEMD-160)
B. Secure Hash Algorithm 1 (SHA-1)
C. Secure Hash Algorithm 256 (SHA-256)
D. Message Digest 5 (MD5)
Correct Answer: C
QUESTION 47
An analyst reviews vulnerability scan results and finds that of the 1,286 computers in the domain, only 683 were scanned by the vulnerability scanner. Which of the following scanning methods should the analyst use to identify all active systems in the domain with optimal efficiency and accuracy?
A. Credential scans
B. Non-credentialed scans
C. Network enumeration
D. Device fingerprinting
E. Security baseline
Correct Answer: C
QUESTION 48
As part of a malware analysis, a security analyst finds the following:
mshta https://185.43.143.6/dXNlcj1iYWxkbzY4NC1wd2Q9RkBuY31LYXQxLUlQPTIzLjcuNDIuMS1wPTIyODA=
Which of the following is the best tool to use for additional analysis?
A. Metasploit
B. strings
C. Virus Total
D. CyberChef
E. Wireshark
Correct Answer: D
QUESTION 49
Which of the following is the most comprehensive type of report associated with a closed incident?
A. Lessons-learned
B. Situation
C. Root cause analysis
D. After action
Correct Answer: D
QUESTION 50
Which of the following defines the proper sequence of data volatility regarding the evidence collection process, from the most to least volatile?
A. Routing table, registers,physical memory, archival media, hard disk, physical configuration
B. Routing table, registers, physical memory, temporary partition, hard disk, physical configuration
C. Cache, routing table, physical memory, network topology, temporary partition, hard disk
D. Cache, routing table, physical memory, temporary partition, hard disk, physical configuration
Correct Answer: D
QUESTION 51
Which of the following best explains the importance of the implementation of a secure software development life cycle in a company with an internal development team?
A. Increases the product price by using the implementation as a piece of marketing
B. Decreases the risks of the software usage and complies with regulatory requirements
C. Improves the agile process and decreases the number of tests before the final deployment
D. Transfers the responsibility for security flaws to the vulnerability management team
Correct Answer: B
QUESTION 52
A SoC manager who recently switched companies notices that their new company’s SOC analysts have significantly poorer operational metrics compared to their previous company, without any major difference in alert volume or team size. Which of the following are most likely to be the cause? (Select two).
A. Use of OSSTMM
B. Integration of webhooks
C. Lack of SOAR implementation
D. Absence of single pane of glass
E. Morale issues among SoC staff
F. Usage of API gateways
Correct Answer: CD
QUESTION 53
A cybersecurity manager needs to do the following activities to prepare for an upcoming audit.
1. Create an inventory of the company’s assets.
2. Create a register with the assets’ vulnerabilities and associated risks.
3. Create a matrix with the responsible owners for each security control or process.
Which of the following guidelines is most likely the focus of the company audit?
A. ISO 27001
B. OWASP SAMM
C. CIS benchmarks
D. PCI DSS
Correct Answer: A
QUESTION 54
Which of the following describes the main benefits of MITRE ATT&CK Navigator?
A. Replicating adversary behavior and blocking gaps in defenses
B. Monitoring adversary behavior and performing malware reverse engineering
C. Responding to adversary behavior and building security defense tools
D. Understanding adversary behavior and identifying gaps in defenses
Correct Answer: D
QUESTION 55
Which of the following entities must receive reports in a timely fashion according to data breach notification laws related to personally identifiable information?
A. Service providers and business associates
B. Law enforcement and the media
C. Computer emergency response teams and industry associations
D. Regulators and affected customers
Correct Answer: D
QUESTION 56
A security architect wants to implement a mechanism to gather high-fidelity information around potential source code leaks. Which of the following is the best solution?
A. Placing canary tokens within the targeted repositories
B. Installing a honeypot in the environment to gather data on various attacks
C. Using alerting rules within the threat intelligence platform to search for code leaks
D. Leveraging an attack surface monitoring solution to look for unintentional public code
Correct Answer: D
QUESTION 57
Which of the following is the main concept behind the use of an attack methodology framework?
A. Implementing continuous monitoring and rapid deployment of system fixes over the traditional patch, test, and deploy approach
B. Prioritizing vulnerabilities that can be exploited based on risk calculations and using the consequences and likelihood of the exploits to determine where resources should be allocated
C. Approaching cybersecurity from the perspective of a threat actor and using their common behaviors and motivations to identify secure solutions
D. Applying a zero Trust environment by assuming networks and systems are vulnerable to malicious actions by both external, hostile adversaries and insider threats
Correct Answer: C
QUESTION 58
A security operations center manager is concerned that after action reporting is not being completed in a timely manner. Which of the following will allow the manager to quantify this concern?
A. Mean time to remediate
B. Mean time to close
C. Mean time between failures
D. Mean time to respond
Correct Answer: B
QUESTION 59
A critical server hosting final exams for an educational institution fails while students are taking their exams. The final exam deadline is in 16 hours. Which of the following is the best source for guidance on remediation for the IT team?
A. MOU
B. KPI
C. SLA
D. BCP
Correct Answer: D
QUESTION 60
A vulnerability management team conducts a scan on an Internet Protocol address that was exhibiting suspicious network behavior. Which of the following is the first step toward remediation?
A. Meet with the incident response team to discuss the scan report results.
B. Send the scan report to the security operations center analyst for further investigation.
C. Review the scan report with the legal team.
D. Analyze the scan report to identify potential vulnerabilities.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.