QUESTION 101
Which of the following is the most important reason a company would use APIs instead of scripts to enable communication between tools from different vendors?
A. To reduce integration maintenance
B. To use a tool that was built in-house
C. To allow for more customization
D. To secure the CI/CD pipeline
Correct Answer: A
QUESTION 102
Which of the following is the term for a predefined set of automated actions that incident responders and SOC analysts can use to enhance operations?
A. Threat modeling
B. Detection set
C. CVSS
D. Playbooks
Correct Answer: D
QUESTION 103
A cybersecurity analyst discovers that non-administrator, authenticated users can access sensitive files by manually altering the file path in the URL from /user123/files/report.pdf to /admin/files/credentials.xlsx. Which of the following is the most effective control to mitigate this vulnerability?
A. Applying server-side access control mechanisms that validate user roles before granting access to requested resources
B. Implementing URL rewriting to obfuscate file paths and prevent users from guessing sensitive file locations
C. Using cryptographic file names for sensitive files to ensure unauthorized users cannot guess or access them directly
D. Adding server-side logging to detect and alert on unauthorized file access attempts, ensuring such activities are flagged for further investigation
Correct Answer: A
QUESTION 104
Which of the following security controls should be classified as operational?
A. An IDS alerting upon suspicious packet fragmentation
B. Denying remote VPN connections based on country of origin
C. Encrypting sensitive data traversing an untrusted network
D. Conducting a penetration test of data center servers
Correct Answer: A
QUESTION 105
When a system cannot meet the vulnerability management standard because it has reached end of life, which of the following should be listed in the action plan?
A. Service-level agreement
B. Risk score
C. Compensating controls
D. Alert volume
Correct Answer: C
QUESTION 106
Which of the following best explains the reason system hardening is essential for servers?
A. It ensures the OS is regularly updated with new features.
B. It increases system performance by optimizing resource allocation.
C. It ensures that all software is compatible with the latest software versions.
D. It reduces the attack surface by removing unnecessary services and applications.
Correct Answer: D
QUESTION 107
A SOC has SIEM configured to receive threat intelligence feeds from multiple external sources. For certain tasks, there is no need for human interaction. Which of the following is the best solution to correlate events and provide valuable information to the analysts?
A. Data enrichment
B. Webhooks
C. Single pane of glass
D. Threat feed combination
Correct Answer: A
QUESTION 108
A security analyst is assessing the security of a cloud environment. The following output is generated when the assessment runs:
Authentication error
Instance not found on preset location
Which of the following should the analyst use to fix the issue?
A. run module_name and exec <module_name>
B. –session <session_name> and –module-args=”<arg1>”
C. set_regions <region1> and set_key
D. –whoami and –data <service_name>
Correct Answer: C
QUESTION 109
The website of a large retail chain is falling to enforce encrypted HTTPS connections, leaving customer account credentials exposed. Which of the following is the best corrective action for resolving this issue?
A. Remove any redirect settings of HTTP connections to HTTPS.
B. Implement HTTP Strict Transport Security Headers.
C. Install a self-signed certificate on the web server.
D. Reduce the default timeout period for all web-based sessions.
Correct Answer: B
QUESTION 110
During security scanning, a security analyst regularly finds the same vulnerabilities in a critical application. Which of the following recommendations would best mitigate this problem if applied along the SDLC phase?
A. Conduct regular red team exercises over the application in production.
B. Ensure that all implemented coding libraries are regularly checked.
C. Use application security scanning as part of the pipeline for the CI/CD flow.
D. Implement proper input validation for any data entry form.
Correct Answer: C
QUESTION 111
A company wants to implement protection mechanisms after an incident in which customer information was sent to a third party. Which of the following tools should the company implement?
A. SIEM
B. EDR
C. CASB
D. DLP
Correct Answer: D
QUESTION 112
A security analyst is implementing a process to perform vulnerability management on an OT environment:
1. Systems must remain on an isolated network.
2. The process should focus on external threats.
3. No additional software can be deployed on the systems.
4. Transmitted packets cannot be modified or dropped.
5. Additional processing delays are not tolerated.
Which of the following is the best way to securely meet the requirements?
A. Implement agentless sensors at the network edge.
B. Use reverse engineering to detect flaws on the in-scope systems.
C. Deploy an IPS in-line with the network traffic.
D. Check the compatibility of an EDR agent with the OSS used on the OT environment.
Correct Answer: A
QUESTION 113
Which of the following is an example of the shift-left concept as it pertains to the SDLC?
A. Scanning for API keys in code committed to the development repository
B. Installing EDR protection on all microservices
C. Conducting monthly vulnerability scans against quality assurance servers
D. Automating DAST scans against public web applications
Correct Answer: A
QUESTION 114
A company’s DLP system triggers an alert for an end user who uploaded several high-definition pictures to an external FTP server using a company laptop from an internal network connection. Which of the following actions is the best way to determine whether the activity was malicious?
A. Performing a vulnerability scan of the company’s network
B. Checking the reputation of the external FTP server using AbuselPDB
C. Using steganalysis to confirm whether data has been embedded
D. Blocking access to the external FTP using the company’s proxy solution
Correct Answer: C
QUESTION 115
Cybersecurity analysts determine that SIEM alerts are true positives and an internal application is being attacked. Which of the following is a critical step to understanding the impact on the business at this stage?
A. Notification of the legal team
B. Knowledge of any regulatory requirements
C. Root cause analysis
D. Identification of stakeholders
Correct Answer: D
QUESTION 116
A security analyst needs to provide evidence of regular vulnerability scanning on the company’s network for an auditing process. Which of the following is an example of a tool that can produce such evidence?
A. OpenVAS
B. Burp Suite
C. Nmap
D. Wireshark
Correct Answer: A
QUESTION 117
The SOC received a threat intelligence notification indicating that an employee’s credentials were found on the dark web. The user’s web and login activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets?
A. Perform a forced password reset.
B. Communicate the compromised credentials to the user.
C. Perform an ad hoc AV scan on the user’s laptop.
D. Review and ensure privileges assigned to the user’s account reflect least privilege.
E. Lower the thresholds for SOC alerting of suspected malicious activity.
Correct Answer: A
QUESTION 118
Which of the following describes the reason Zero Trust should be followed on cloud-based architecture designs?
A. It results in higher encryption entropy.
B. It provides active monitoring for threat detection.
C. It reduces the attack surface.
D. It enforces separation of duties.
Correct Answer: C
QUESTION 119
The architecture team has been given a mandate to reduce the triage time of phishing incidents by 20%. Which of the following solutions will most likely help with this effort?
A. Integrate a SOAR platform.
B. Increase the budget to the security awareness program.
C. Implement an EDR tool.
D. Create new correlation rules for the SIEM.
Correct Answer: A
QUESTION 120
Which of the following is the IR activity in which process gaps are identified?
A. Root cause analysis
B. User training
C. Tabletop exercise
D. Lessons learned
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.