QUESTION 121
A penetration tester crashes a web application by entering a 15-digit value in the postal code field on the user registration form. Which of the following controls is the best way to mitigate this vulnerability?
A. Input duplicate check
B. Input sanitization
C. Input parity check
D. Input validation
Correct Answer: D
QUESTION 122
A security analyst reviews the following report:
Which of the following explain the reason the analyst gives 1.15 the highest priority for remediation? (Select two).
A. Highly privileged user accounts can be used to gain access to the system.
B. It requires the lowest level of permissions to execute.
C. The attacker can use elevated privileges to execute arbitrary code.
D. The vulnerable software can be accessed from remote networks.
E. The system must be accessed with an interactive session for exploitation.
F. It requires user interaction to exploit the vulnerability.
Correct Answer: BD
QUESTION 123
Which of the following best describes the role of TTPs in threat intelligence?
A. TTPs are encrypted channel attackers used to avoid detection during an operation.
B. TTPs are operational guidelines that organizations follow to prevent attacks before they occur.
C. TTPs are classifications of threats based on severity and used to prioritize response activities.
D. TTPs are specific methods attackers use, which help SOc teams understand and predict malicious behavior.
Correct Answer: D
QUESTION 124
A security analyst detects that a large amount of data is being exfiltrated. The data contains confidential customer information. Which of the following should be done first in this situation?
A. Contact public relations so they can communicate with customers.
B. Identify stakeholders and communicate with them.
C. Inform law enforcement about the activities.
D. Declare an incident and contain the affected servers
Correct Answer: D
QUESTION 125
Which of the following is the best activity to reduce the risk of unintentional insider threats?
A. Phishing exercise
B. Capture the Flag
C. Tabletop exercise
D. Security awareness training
Correct Answer: D
QUESTION 126
A threat intelligence analyst needs to gather TTPs from attackers. Which of the following is the most comprehensive resource for this task?
A. AbuseIPDB
B. SOAR
C. Honeynet
D. SIEM
E. Sandboxing
Correct Answer: C
QUESTION 127
A SOC manager is looking for a solution that can improve the response time and execute predetermined instructions. Which of the following is the best solution based on these requirements?
A. XDR
B. SIEM
C. CASB
D. SOAR
Correct Answer: D
QUESTION 128
Which of the following explains why a company would consider enriching data before sending it to the SIEM?
A. To prevent injection attacks against the log management system
B. To reduce the amount and cost of data storage for security incidents
C. To provide more information to SOC analysts when analyzing events
D. To normalize the data before saving it to the database tables
Correct Answer: C
QUESTION 129
A security administrator is tasked with modifying the vulnerability scan process to reduce the network traffic but maintain thorough checks. Which of the following scanning approaches should be implemented?
A. Credentialed scans
B. Individual scans
C. Security baseline scans
D. Agent-based scans
Correct Answer: D
QUESTION 130
A security analyst notices a regular, short traffic spike from a few local hosts on TCP port 50 to a host outside the network Which of the following is the most likely cause?
A. Several hosts are compromised on the network and are beaconing traffic to an external command-and-control host
B. Several hosts are being exploited by EternalBlue (MS17-010) and will start lateral movement very soon.
C. Several hosts are conducting ARP cache refreshes based on known threat domains.
D. Several hosts are configured to use Google as the primary DNS lookup source for external host traffic.
Correct Answer: A
QUESTION 131
Which of the following is the best technical method to protect sensitive data at an organizational level?
A. Deny all traffic on port 8080 with sensitive information on the VLAN.
B. Develop a Python script to review email traffic for PII.
C. Employ a restrictive policy for the use and distribution of sensitive information.
D. Implement a DLP for all egress and ingress of sensitive information on the network.
Correct Answer: D
QUESTION 132
A security analyst is determining the best tool to meet the following requirements:
1. Must work on Windows, macOS, and Linux systems
2. Must provide server and workstation protection
3. Must include zero-day and ransomware protection
4. Must provide pre- and post-exploit protection
5. Should provide point-in-time rollback capabilities
Which of the following tools would be best for the analyst to recommend?
A. EDR
B. SOAR
C. Backup as a service
D. Sandbox
Correct Answer: A
QUESTION 133
A security analyst is conducting a vulnerability assessment of a company’s online store. The analyst discovers a critical vulnerability in the payment processing system that could be exploited, allowing attackers to steal customer payment information. Which of the following should the analyst do next?
A. Leave the vulnerability unpatched until the next scheduled maintenance window to avoid potential disruption to business.
B. Perform a risk assessment to evaluate the potential impact of the vulnerability and determine whether additional security measures are needed.
C. Ignore the vulnerability since the company recently passed a payment system compliance audit.
D. Isolate the payment processing system from production and schedule for reimaging.
Correct Answer: B
QUESTION 134
Which of the following is a reason why a threat intelligence analyst would review the TTPs associated with a specific actor?
A. To filter out false positives from the SIEM alerting rules
B. To enrich the log data to allow for enhanced analysis
C. To reduce the average response time for an incident
D. To determine if an incident matches a known exploit
Correct Answer: D
QUESTION 135
A SOC analyst is reviewing the weekly EDR report. The report shows that the same application was blocked once every 24 hours. Which of the following tools should the analyst use to further investigate the incident?
A. Registry Editor
B. services.msc
C. Task Scheduler
D. MSConfig
Correct Answer: C
QUESTION 136
Following an incident, a security analyst needs to create a script for downloading the configuration of all assets from the cloud tenancy. Which of the following authentication methods should the analyst use?
A. MFA
B. User and password
C. Biometric
D. Key pair
Correct Answer: D
QUESTION 137
An organization’s Chief Information Security Officer (CISO) is organizing a tabletop drill. The CISO has included several other executives in the meeting invitation for the drill, as required.Which of the following is the best reason for including the Chief Communications Officer?
A. Deciding when and how to issue press releases regarding incidents can minimize damage to the organization’s brand reputation.
B. All of the organization’s high-level executives should know about the IT department’s incident response plan.
C. All parties must be able to communicate clearly, concisely, and consistently during incident response.
D. The CISO would like to increase the security department’s visibility to senior executives.
Correct Answer: A
QUESTION 138
A cybersecurity manager needs to do the following activities to prepare for an upcoming audit:
1. Create an inventory of the company’s assets.
2. Create a register with the assets’ vulnerabilities and associated risks.
3. Create a matrix with the responsible owners for each security control or process.
Which of the following guidelines is most likely the focus of the company audit?
A. ISO 27001
B. OWASP SAMM
C. CIS benchmarks
D. PCI DSS
Correct Answer: A
QUESTION 139
A security analyst is working on a suspicious email forwarded from a user. The email contains an attachment asking the user to open it. Which of the following should the security analyst review to best determine email authentication and its attack origin?
A. DMARC
B. SMTP
C. Joe Sandbox
D. URL rewriting
Correct Answer: A
QUESTION 140
Which of the following is instituting a security policy that users must lock their systems when stepping away from their desks an example of?
A. Configuration management
B. Compensating control
C. Awareness, education, and training
D. Administrative control
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.