QUESTION 161
A cybersecurity analyst is recommending a solution to ensure emails that contain links or attachments are tested before they reach a mail server. Which of the following will the analyst most likely recommend?
A. Sandboxing
B. MFA
C. DKIM
D. Vulnerability scan
Correct Answer: A
QUESTION 162
A security analyst has just received an incident ticket regarding a ransomware attack. Which of the following would most likely help an analyst properly triage the ticket?
A. Incident response plan
B. Lessons learned
C. Playbook
D. Tabletop exercise
Correct Answer: C
QUESTION 163
An organization performs software assurance activities and reviews some web framework code that uses exploitable jquery modules. Which of the following tools or techniques should the organization use to help identify these issues?
A. Security Content Automation Protocol
B. Application fuzzing
C. Common weakness enumeration
D. Static analysis
Correct Answer: D
QUESTION 164
As part of an incident investigation, an analyst creates a detailed document that describes all activities, timelines, root causes, and mitigation actions. Which of the following reports is the analyst creating?
A. Lessons learned
B. Business impact analysis
C. Tabletop exercise
D. Change control
Correct Answer: A
QUESTION 165
A WAF weekly report shows that a dally spike occurs from the same subnet. An open-source review indicates the IP addresses belong to a legitimate internet service provider but have been flagged for DDoS attacks and recomnaissance scanning in the past year. Which of the following actions should a SOC analyst take first in response to these traffic uptick activities?
A. Recommend a firewall rule implementation to deny all traffic from the IP subnet.
B. Continue monitoring because the traffic spike did not cause any security notifications or concerns.
C. Review the network logs to identify the context of traffic and what action was taken.
D. Check the resource consumption levels to determine whether the uptick is due to a device performance issue.
Correct Answer: C
QUESTION 166
When undertaking a cloud migration of multiple Saas applications, an organization’s systems administrators struggled with the complexity of extending identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project?
A. RADIUS
B. SDN
C. ZTNA
D. SWG
Correct Answer: C
QUESTION 167
An analyst wants to detect outdated software packages on a server. Which of the following methodologies will achieve this objective?
A. Data loss prevention
B. Configuration management
C. Common vulnerabilities and exposures
D. Credentialed scanning
Correct Answer: B
QUESTION 168
A systems administrator receives several reports about emails containing phishing links. The hosting domain is always different, but the URL follows a specific pattern of characters. Which of the following is the best way for the administrator to find more messages that were not reported?
A. Search email logs for a regular expression.
B. Open a support ticket with the email hosting provider.
C. Send a memo to all staff asking them to report suspicious emails.
D. Query firewall logs for any traffic with a suspicious website.
Correct Answer: A
QUESTION 169
Which of the following is the best authentication method to secure access to sensitive data?
A. An assigned device that generates a randomized code for log-in
B. Biometrics and a device with a personalized code for log-in
C. Alphanumeric/special character username and passphrase for log-in
D. A one-time code received by email and push authorization for log-in
Correct Answer: B
QUESTION 170
Which of the following is the best way to provide realistic training for SOC analysts?
A. Phishing assessments
B. OpenVAS
C. Attack simulation
D. SOAR
E. Honeypot
Correct Answer: C
QUESTION 171
An e-commerce organization recently experienced a cyberattack. During a lessons learned meeting, a cybersecurity analyst requests that the RTO is prioritized. Which of the following is the greatest concern?
A. Integrity
B. Availability
C. Non-repudiation
D. Confidentiality
Correct Answer: B
QUESTION 172
An analyst notices that logs contain multiple events for computer account changes during monthly patch maintenance windows, resulting in a flood of tickets. The events generated are from the same system and time frame. The analyst determines that these tickets could be closed without human interaction. Which of the following is the best tool for automatically closing tickets containing the same information?
A. SOAR
B. EDR
C. CASB
D. SIEM
Correct Answer: A
QUESTION 173
While investigating a SIEM alert, a security analyst finds that:
1. An employee installed an application.
2. The application was downloaded from a disreputable site.
3. The NIDS showed no anomalies.
4. UEBA network scoring remained static.
Which of the following most likely triggered the alert?
A. Abnormal process behavior
B. Unexpected port activity
C. Bandwidth consumption
D. Application logs
Correct Answer: A
QUESTION 174
An organization has implemented code into a production environment During a routine test, a penetration tester found that some of the code had a backdoor implemented causing a developer to make changes outside of the change management windows. Which of the following is the best way to prevent this issue?
A. SDLC training
B. Dynamic analysis
C. Debugging
D. Source code review
Correct Answer: D
QUESTION 175
Which of the following is the best use of automation in cybersecurity?
A. Ensure faster incident detection, analysis, and response.
B. Eliminate configuration errors when implementing new hardware.
C. Lower costs by reducing the number of necessary staff.
D. Reduce the time for internal user access requests.
Correct Answer: A
QUESTION 176
A security manager reviews the permissions for the approved users of a shared folder and finds accounts that are not on the approved access list. While investigating an incident, a user discovers data discrepancies in the file. Which of the following best describes this activity?
A. Filesystem anomaly
B. Illegal software
C. Unauthorized changes
D. Data exfiltration
Correct Answer: C
QUESTION 177
The DevSecOps team is remediating an SSRF issue on the company’s public-facing website. Which of the following is the best mitigation technique to address this issue?
A. Place a WAF in front of the web server.
B. Install a CASB in front of the web server.
C. Put a forward proxy in front of the web server.
D. Implement MFA in front of the web server.
Correct Answer: A
QUESTION 178
A security analyst is reviewing the logs after getting an alert At which of the following stages of the incident response process should the analyst establish an active security incident?
A. Containment
B. Eradiation
C. Preparation
D. Identification
Correct Answer: D
QUESTION 179
A report contains IoC and TTP information for a zero-day exploit that leverages vulnerabilities in a specific version of a web application. Which of the following actions should a SOC analyst take first after receiving the report?
A. Implement a vulnerability scan to determine whether the environment is at risk.
B. Block the IP addresses and domains from the report in the web proxy and firewalls.
C. Verify whether the information is relevant to the organization.
D. Analyze the web application logs to identify any suspicious or malicious activity.
Correct Answer: C
QUESTION 180
A SOC team lead occasionally collects some DNS information for investigations. The team lead assigns this task to a new junior analyst. Which of the following is the best way to relay the process information to the junior analyst?
A. Ask another team member to demonstrate their process.
B. Email a link to a website that shows someone demonstrating a similar process.
C. Let the junior analyst research and develop a process
D. Write a step-by-step document on the team wiki outlining the process.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.