156. A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity...
156. A cybersecurity analyst is hired to review the security
posture of a company. The cybersecurity analyst notices a very high
network bandwidth consumption due to SYN floods from a small number
of IP addresses. Which of the following would be the BEST action to
take to support incident response?
A. Increase the company's bandwidth.
B. Apply ingress filters at the routers.
C. Install a packet capturing tool.
D. Block all SYN packets.
My guess: B
_______________________________________
161. The security configuration management policy states that all
patches must undergo testing procedures before being moved into
production. The security analyst notices a single web application
server has been downloading and applying patches during
non-business hours without testing. There are no apparent adverse
reactions, server functionality does not seem to be affected, and
no malware was found after a scan. Which of the following actions
should the analyst take?
A. Reschedule the automated patching to occur during business
hours.
B. Monitor the web application service for abnormal bandwidth
consumption.
C. Create an incident ticket for anomalous activity.
D. Monitor the web application for service interruptions caused
from the patching.
My guess: B
_______________________________________
A malware infection spread to numerous workstations within the
marketing department. The workstations were quarantined and
replaced with machines. Which of the following represents a FINAL
step in the eradication of the malware?
A. The workstations should be isolated from the network.
B. The workstations should be donated for reuse.
C. The workstations should be reimaged.
D. The workstations should be patched and scanned.
My guess: C or D
_______________________________________
A zero-day crypto-worm is quickly spreading through the internal
network on port 25 and exploiting a software vulnerability found
within the email servers. Which of the following countermeasures
needs to be implemented as soon as possible to mitigate the worm
from continuing to spread?
A. Implement a traffic sinkhole.
B. Block all known port/services.
C. Isolate impacted servers.
D. Patch affected systems.
My guess: C or B
_______________________________________
Homework Answers
156) Apply ingress filters at the routers. 161) Create an incident ticket for anomalous activity. 162) The workstations should be patched and scanned. 163) Isolate impacted servers.
Add Answer to:
156. A cybersecurity analyst is hired to review the security
posture of a company. The cybersecurity...
A cybersecurity analyst detected that an attacker compromised a network and downloaded an executable. Through analysis,...
A cybersecurity analyst detected that an attacker compromised a network and downloaded an executable. Through analysis, the analyst discovered the executable deleted all linux server files and backups using the rm -rf command. Which of the following are the NEXT phases for handling this incident? (Select TWO). A Containment, eradication, and recovery B Detection and analysis C Eradication D Containment, recovery, and eradication E Post-incident Post-analysis
While reviewing web server logs, a security analyst notices the following code: Which of the following...
While reviewing web server logs, a security analyst notices the
following code:
Which of the following would prevent
this code from performing malicious actions?
(choose one and why)
Performing web application penetration testing
Requiring the application to use input validation
Disabling the use of HTTP and requiring the use of HTTPS
Installing a network firewall in front of the application
GET http://testphp.comptia.org/profiles.php?id=-1 UNION SELECT 1, 2, 3 HTTP/1.1 Host: testphp.comptia.org
GET http://testphp.comptia.org/profiles.php?id=-1 UNION SELECT 1, 2, 3 HTTP/1.1 Host: testphp.comptia.org
During a table top exercise, it is determined that a security analyst is required to ensure...
During a table top exercise, it is determined that a security analyst is required to ensure patching and scan reports are available during an incident, as well as documentation of all critical systems. To which of the following stakeholders should the analyst provide the reports? A Management B Affected Vendors C Security Operations D Legal
376. A security analyst receives a mobile device with symptoms of a virus infection. The virus...
376. A security analyst receives a mobile device with symptoms of a virus infection. The virus is morphing whenever it is from sandbox to sandbox to analyze. Which of the following will help to identify the number of variations through the analysis life cycle? A. Journaling B. Hashing utilities C. Log viewers D. OS and process analysis My guess: C Other’s answer: D __________________________________________________ 378. Which of the following BEST describes why vulnerabilities found in ICS and SCADA can be...
A security analyst discovers a network intrusion and quickly solves the problem by closing an unused...
A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed? (choose one and why) A. Vulnerability report B. Memorandum of agreement C. Reverse-engineering incident report D. Lessons learned report
REALISTIC ANSWERS PLS QUESTION: 166 A company contracts a security engineer to perform a penetration test...
REALISTIC ANSWERS PLS QUESTION: 166 A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate? A. Use a protocol analyzer against the site to see if data input can be replayed from the browser B. Scan the website through an interception proxy and identify areas for the code injection C. Scan the site with a port scanner to identify vulnerable services running on the web...
A network security engineer is tasked with blocking all external connection attempt from the internet to...
A network security engineer is tasked with blocking all external connection attempt from the internet to the /admin directory in a web application that uses TLSv1.2, but must continue to allow access to the rest of the site. Which of the following controls should the engineer apply to fulfill the requirement? A Add an IPS signature to block any session requesting resources from /admin B Add a rule in the /admin web server directory to deny from all. C Add...
A security analyst wants to create a NIDS rule to detect when anomalous DNS traffic takes...
A security analyst wants to create a NIDS rule to detect when anomalous DNS traffic takes place on the network. Which of the following items should the analyst take into consideration? (Select TWO). A DNS uses TCP over port 53. B DNS Traffic must be decrypted before being inspected. C UDP queries are usually bigger than 1024 bytes. D Zone transfers are public and can be accepted from any source. E Zone transfers should only be sent to approved destinations.
A cyber security analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does...
A cyber security analyst finds that unpatched servers have
undetected vulnerabilities because the vulnerability scanner does
not have the latest set of signatures. Management directed the
security team to have personnel update the scanners with the latest
signatures at least 24 hours before conducting any scans, but the
outcome is unchanged. Which of the following is the BEST logical
control to address the failure?
A. Manually validate that the existing update is being
performed.
B. Configure a script to automatically...
Figure 1 LAN Subnet: 192.168.40.0124 LAN Switch Internet External Firewall Internal Firewall DMZ Subnet: 192.168.10.0/24 LAN devices Web Server running on port 80 IDS (Snort VM) Remote Access S...
Figure 1 LAN Subnet: 192.168.40.0124 LAN Switch Internet External Firewall Internal Firewall DMZ Subnet: 192.168.10.0/24 LAN devices Web Server running on port 80 IDS (Snort VM) Remote Access Server (Nginx VM) (OpenVPN) Overview Medium to large organisations typically consist of services that are accessed/consumed from external parties for various purposes. As such, a DMZ is a suitable solution to segregate such services from internal networkis). The network diagram provided (Figure 1) illustrates the IT environment of a medium organisation, which...
While reviewing web server logs, a security analyst notices the
following code:
Which of the following would prevent
this code from performing malicious actions?
(choose one and why)
Performing web application penetration testing
Requiring the application to use input validation
Disabling the use of HTTP and requiring the use of HTTPS
Installing a network firewall in front of the application
GET http://testphp.comptia.org/profiles.php?id=-1 UNION SELECT 1, 2, 3 HTTP/1.1 Host: testphp.comptia.org
GET http://testphp.comptia.org/profiles.php?id=-1 UNION SELECT 1, 2, 3 HTTP/1.1 Host: testphp.comptia.org
A cyber security analyst finds that unpatched servers have
undetected vulnerabilities because the vulnerability scanner does
not have the latest set of signatures. Management directed the
security team to have personnel update the scanners with the latest
signatures at least 24 hours before conducting any scans, but the
outcome is unchanged. Which of the following is the BEST logical
control to address the failure?
A. Manually validate that the existing update is being
performed.
B. Configure a script to automatically...
Figure 1 LAN Subnet: 192.168.40.0124 LAN Switch Internet External Firewall Internal Firewall DMZ Subnet: 192.168.10.0/24 LAN devices Web Server running on port 80 IDS (Snort VM) Remote Access Server (Nginx VM) (OpenVPN) Overview Medium to large organisations typically consist of services that are accessed/consumed from external parties for various purposes. As such, a DMZ is a suitable solution to segregate such services from internal networkis). The network diagram provided (Figure 1) illustrates the IT environment of a medium organisation, which...
Most questions answered within 3 hours.
-
Where is the error in this code sequence?
String s1 = "Hello";
String s2 = "ello";...
asked 10 months ago -
Financial data for Joel de Paris, Inc., for last year
follow:
Joel de Paris, Inc.
Balance...
asked 10 months ago -
Consider this reaction:
Al2(SO4)3 (aq)+ BaCl3
(aq) Al2Cl6 (aq)- +
3BaSO4(s) . What is the...
asked 10 months ago -
Suppose that Savneet is considering increasing her
recent random sample from 20 car rentals to 40...
asked 10 months ago -
Trucks arrive at an unloading terminal at an average rate of 120
per hour.
Trucks arrive...
asked 10 months ago -
Why are methanol and ethanol completely soluble in water while
octanol is not very little soluble....
asked 10 months ago -
A facilities manager at a university reads in a research report
that the mean amount of...
asked 10 months ago -
When the CuSO4 is rehydrated by adding water to the anhydrous
compound, is this an endothermic...
asked 10 months ago -
A ray of sunlight is passing from diamond into crown glass; the
angle of incidence is...
asked 10 months ago -
A block of mass 0.249 kg is placed on top of a light, vertical
spring of...
asked 10 months ago -
how do the kidneys compensate in the presences of acidosis
a) trigger hyperventilate
b) reserve acid...
asked 10 months ago -
Question 501 pts
The rental rate of capital to the firm increases. Which of the
following...
asked 10 months ago