QUESTION 61
An analyst reviews code for a sensitive application for their company and uploads it to an AI platform. This application is critical to the company’s business operations. Which of the following risks is most important for the analyst to consider?
A. Hallucinations
B. Malicious prompts
C. Data exposure
D. Model poisoning
Correct Answer: C
QUESTION 62
Which of the following are characteristics of Zero Trust Network Access?
A. Application programming interface security and continuous monitoring
B. A gateway controller and agent flows
C. Virtualization and data protection
D. An attack surface and a protect surface
Correct Answer: B
QUESTION 63
Which of the following statements best describes the MITRE ATT&CK framework?
A. It provides a comprehensive method to test the security of applications.
B. It helps to stop enemy activity by providing information about the existing gaps the attacker is exploring.
C. It tracks and understands threats and is an open-source project that evolves.
D. It breaks down intrusions into a clearly defined sequence of phases.
Correct Answer: C
QUESTION 64
Which of the following best describes a company’s risk appetite?
A. The number of risks that a company can accept as active after performing each risk assessment
B. The minimum amount of residual risk that a company can accept for any existing item after the proper risk treatment
C. The amount of money that a company can spend on risk treatment based on a risk assessment
D. The amount of risk that a company can accept based on trade-of is as defined by the company board or executive management
Correct Answer: D
QUESTION 65
A security analyst notices multiple attempts of the same exploit being made on the perimeter network. The behavioral patterns indicate that a TCP SYN flood attack has been initiated, followed by a port scan of the company’s public IP range. No other attacks are being performed from the actor’s source IP address. All of the SYN flood attempts were thwarted by the firewall’s stateful packet inspection engine. Which of the following is the most likely type of threat actor in this scenario?
A. Nation-state
B. Script kiddie
C. Advanced persistent threat
D. Organized crime
Correct Answer: B
QUESTION 66
Which of the following will most likely help decrease false positives?
A. Automating escalation
B. A security operations center (SOC) dashboard
C. Threat hunting
D. Alert tuning
Correct Answer: D
QUESTION 67
A cybersecurity analyst is reviewing static application security testing scan results and notices a finding for hard-coded credentials. Which of the following should the analyst recommend to the application team to resolve this concern?
A. Implement a privileged access management solution.
B. Enable single sign-on.
C. Obfuscate application programming interface keys.
D. Integrate secrets management.
Correct Answer: D
QUESTION 68
Which of the following provides the most granular controls for a given tactic or technique?
A. Cyber Kill Chain
B. Diamond Model of Intrusion Analysis
C. Confidentiality, integrity, and, availability (CIA) triad
D. MITRE ATT&CK
Correct Answer: D
QUESTION 69
A managed service provider manages servers in customer-assigned Internet Protocol spaces. The provider discovers that these servers are not included in scheduled network scans, but the provider cannot scan the servers without the customers’ explicit permission. Which of the following scanning methods should the provider use to scan these individual servers?
A. Agent-based scans
B. System baseline scans
C. External network scans
D. Device fingerprinting
Correct Answer: A
QUESTION 70
A spillage incident results in the access of controlled information across multiple unauthorized business units. Which of the following response techniques should be implemented first?
A. Analysis and triage
B. Containment and isolation
C. Evidence and legal hold
D. Escalation and monitoring
Correct Answer: B
QUESTION 71
Scan results show a possible vulnerability in an important legacy system that no longer receives security updates. Which of the following is the best action for a security operations center analyst to take?
A. Note the system in the scan report and offer recommendations for remediation.
B. Use the endpoint detection and response tool to isolate the system from the network.
C. Use automation tools to migrate the system to a segregated virtual local area network.
D. Download security updates for a supported version and request that they be installed on the system.
Correct Answer: C
QUESTION 72
A cybersecurity analyst must respond to reports of impact from an endpoint protection update. Which of the following will be most valuable when informing the security manager about this event?
A. Compiling metrics of resource consumption
B. Downloading the endpoint protection white paper
C. Submitting an incident declaration
D. Completing an after action report
Correct Answer: A
QUESTION 73
A vulnerability analyst runs a credentialed vulnerability scan covering all addressable enterprise assets. After running the scan, the analyst discovers a large number of critical vulnerabilities that cannot be immediately remediated. Which of the following are the most likely reasons why the vulnerabilities cannot be immediately addressed?
A. Lack of technical skills, the absence of a test environment, and the absence of an asset inventory
B. Physical access challenges, the absence of vendor support, and a lack of system documentation
C. Inaccurate asset inventory, a lack of system documentation, and an absence of authorization
D. Legacy and proprietary systems, a lack of patch availability, and vendor dependencies
Correct Answer: D
QUESTION 74
Which of the following phases of the incident response process will permanently remove an attacker’s access to corporate resources?
A. Eradication
B. Containment
C. Denial of service
D. Detection
Correct Answer: A
QUESTION 75
A security team deploys a new scanning solution that requires root, domain administrator, and local server administrator permissions on all systems. Which of the following is the best way to help mitigate the risk for this level of access?
A. Enabling single sign-on for all administrators
B. Integrating token-based authentication using a privileged access management (PAM) solution
C. Using temporary, one-time passwords as part of the login process
D. Configuring agentless scanning for critical targets
Correct Answer: B
QUESTION 76
A security operations center analyst receives an alert from the security information and event management system. The analyst quickly reviews the alert and sees a workstation infected with malware.The analyst then uses the endpoint detection and response tool to isolate the workstation from the network. Which of the following best describes the steps that occurred in this scenario?
A. Analysis, containment, and eradication
B. Analysis, eradication, and recovery
C. Detection, analysis, and containment
D. Isolation, mitigation, and analysis
Correct Answer: C
QUESTION 77
During the after action review of an incident, the security team concludes that too much time was spent on collaboration. Which of the following will best help the team respond to incidents more efficiently in the future?
A. Playbooks
B. Threat mapping
C. Security information and event management
D. Scripting
Correct Answer: A
QUESTION 78
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target’s information assets?
A. Structured Threat Information Expression
B. OWASP Testing Guide
C. Open Source Security Testing Methodology Manual
D. Diamond Model of Intrusion Analysis
Correct Answer: D
QUESTION 79
A security analyst discovers multiple log entries from a recently acquired tool that was bundled as a YUM package. Those entries point to attempts of privilege escalation. Which of the following is the most likely explanation?
A. The package was modified during installation.
B. The package was missing critical DLL files.
C. The package got corrupted while being downloaded.
D. The package was installed without a GPG check.
Correct Answer: D
QUESTION 80
When vulnerabilities are identified weeks after the disclosure, which of the following KPls most likely needs to be adjusted?
A. Mean time to acknowledge
B. Mean time to respond
C. Mean time to detect
D. Mean time to resolve
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.