376. A security analyst receives a mobile device with symptoms of a virus infection. The virus...
376. A security analyst receives a mobile device with symptoms
of a virus infection. The virus is morphing whenever it is from
sandbox to sandbox to analyze. Which of the following will help to
identify the number of variations through the analysis life
cycle?
A. Journaling
B. Hashing utilities
C. Log viewers
D. OS and process analysis
My guess: C
Other’s answer: D
__________________________________________________
378. Which of the following BEST describes why vulnerabilities
found in ICS and SCADA can be difficult to remediate?
A. ICS/SCADA systems are not supported by the CVE
publications.
B. ICS/SCADA systems rarely have full security functionality.
C. ICS/SCADA systems do not allow remote connections.
D. ICS/SCADA systems use encrypted traffic to communicate between
devices
My guess: D
Other’s answer: A
__________________________________________________
380. The security team for a large, international organization is
developing a vulnerability management program. The development
staff has expressed concern that the new program will cause service
interruptions and downtime as vulnerabilities are remedied. Which
of the following should the security team implement FIRST as a core
component of the remediation process to address this concern?
A. Automated patch management
B. Change control procedures
C. Security regression testing
D. Isolation of vulnerable servers
My guess: B
Other’s answer: C
__________________________________________________
382. A security analyst's daily review of system logs and SIEM
showed fluctuating patterns of latency. During the analysis, the
analyst discovered recent attempts of intrusion related to malware
that overwrites the MBR. The facilities manager informed the
analyst that a nearby construction project damaged the primary
power lines, impacting the analyst's support systems. The electric
company has temporarily restored power, but the area may experience
temporary outages. Which of the following issues the analyst focus
on to continue operations?
A. Updating the ACL
B. Conducting backups
C. Virus scanning
D. Additional log analysis
My guess: D
Other’s answer: C
__________________________________________________
383. A company has a popular shopping cart website hosted
geographically diverse locations. The company has started hosting
static content on a content delivery network (CDN) to improve
performance. The CDN provider has reported the company is
occasionally sending attack traffic to other CDN-hosted targets.
Which of the following has MOST likely occurred?
A. The CDN provider has mistakenly performed a GeoIP mapping to the
company.
B. The CDN provider has misclassified the network traffic as
hostile.
C. A vulnerability scan has tuned to exclude web assets hosted by
the CDN.
D. The company has been breached, and customer PII is being
exfiltrated to the CDN.
My guess: D
Other’s answer: D
__________________________________________________
385. A company uses a managed IDS system, and a security analyst
has noticed a large volume of brute force password attacks
originating from a single IP address. The analyst put in a ticket
with the IDS provider, but no action was taken for 24 hours, and
the attacks continued. Which of the following would be the BEST
approach for the scenario described?
A. Draft a new MOU to include response incentive fees.
B. Reengineer the BPA to meet the organization's needs.
C. Modify the SLA to support organizational requirements.
D. Implement an MOA to improve vendor responsiveness.
My guess: C
Other’s answer: C
__________________________________________________
Homework Answers
376) The selected option is incorrect.
Option (D) is the correct answer.
OS and process analysis will help to identify the number of variations through the analysis life cycle.
Other given options are incorrect.
378) The selected option is incorrect.
Option (A) is the correct answer.
Vulnerabilities found in ICS and SCADA can be difficult to remediate as ICS and SCADA systems are not supported by the CVE publications.
Other given options are incorrect.
380) The selected option is incorrect.
Option (C) is the correct answer.
Security regression testing should the security team implement first as a core component of the remediation process to address the concern.
Other given options are incorrect.
382) The selected option is incorrect.
Option (C) is the correct answer.
The analyst focus on virus scanning to continue operations.
Other given options are incorrect.
383) The selected option is correct.
Option (D) is the correct answer.
The company has been breached, and customer PII is being exfiltrated to the CDN.
Other given options are incorrect.
385) The selected option is correct.
Option (C) is the correct answer.
Modifying the SLA to support organizational requirements would be the best approach for the scenario described.
Other given options are incorrect.
Hope this helps.
Add Answer to:
376. A security analyst receives a mobile device with symptoms
of a virus infection. The virus...
156. A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity...
156. A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response? A. Increase the company's bandwidth. B. Apply ingress filters at the routers. C. Install a packet capturing tool. D. Block all SYN packets. My guess: B _______________________________________ 161. The security...
A cyber security analyst noticed a spike in activities from the guest wireless network to several...
A cyber security analyst noticed a spike in activities from the
guest wireless network to several electronic health record (EHR)
systems. After further analysis, the analyst discovered that a
large volume of data has been uploaded to a cloud provider in the
last six months. Which of the following actions should the analyst
do FIRST?
A. Contact the Office of Civil Rights (OCR) to report the
breach
B. Put an ACL on the gateway router
C. Notify the Chief Privacy...
A cyber security analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does...
A cyber security analyst finds that unpatched servers have
undetected vulnerabilities because the vulnerability scanner does
not have the latest set of signatures. Management directed the
security team to have personnel update the scanners with the latest
signatures at least 24 hours before conducting any scans, but the
outcome is unchanged. Which of the following is the BEST logical
control to address the failure?
A. Manually validate that the existing update is being
performed.
B. Configure a script to automatically...
A cyber security analyst who works for a financial services firm received this report: "There has...
A cyber security analyst who works for a financial services firm received this report: "There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector." The analyst ran a query and has assessed that this traffic has been seen on the network....
A threat intelligence analyst who works for an oil and gas company has received the following...
A threat intelligence analyst who works for an oil and gas company has received the following email from a superior: "We will be connecting our IT network with our ICS. Our IT security has historically been top of the line, and this convergence will make the ICS easier to manage and troubleshoot. Can you please perform a risk/vulnerability assessment on this decision?" Which of the following is MOST accurate regarding ICS in this scenario? A. Convergence decreases attack vectors B....
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic...
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST? A. Contact the Office of Civil Rights (OCR) to report the breach B. Notify the Chief Privacy Officer (CPO) C. Put an ACL on the gateway...
Subject: Principles of Information Security True/False Traffic that is encrypted will typically pass by an intrusion...
Subject: Principles of Information Security True/False Traffic that is encrypted will typically pass by an intrusion prevention system untouched. Performing cloud-based data loss prevention (DLP) is as simple as moving the enterprise edge methodology to the cloud. General UNIX baselining follows similar concepts as baselining for Windows OSs. Defense against attack begins by eliminating threats. A worm is malicious code that has to attach itself to something else to survive. With the availability of DNS blacklisting, pattern matching is no...
The help desk informed a security analyst of a trend that is beginning to develop regarding...
The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files: Locky.js xerty.ini xerty.lib Further analysis indicates that when the zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company...
REALISTIC ANSWERS PLS QUESTION: 166 A company contracts a security engineer to perform a penetration test...
REALISTIC ANSWERS PLS QUESTION: 166 A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate? A. Use a protocol analyzer against the site to see if data input can be replayed from the browser B. Scan the website through an interception proxy and identify areas for the code injection C. Scan the site with a port scanner to identify vulnerable services running on the web...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...
A cyber security analyst noticed a spike in activities from the
guest wireless network to several electronic health record (EHR)
systems. After further analysis, the analyst discovered that a
large volume of data has been uploaded to a cloud provider in the
last six months. Which of the following actions should the analyst
do FIRST?
A. Contact the Office of Civil Rights (OCR) to report the
breach
B. Put an ACL on the gateway router
C. Notify the Chief Privacy...
A cyber security analyst finds that unpatched servers have
undetected vulnerabilities because the vulnerability scanner does
not have the latest set of signatures. Management directed the
security team to have personnel update the scanners with the latest
signatures at least 24 hours before conducting any scans, but the
outcome is unchanged. Which of the following is the BEST logical
control to address the failure?
A. Manually validate that the existing update is being
performed.
B. Configure a script to automatically...
Most questions answered within 3 hours.
-
Where is the error in this code sequence?
String s1 = "Hello";
String s2 = "ello";...
asked 10 months ago -
Financial data for Joel de Paris, Inc., for last year
follow:
Joel de Paris, Inc.
Balance...
asked 10 months ago -
Consider this reaction:
Al2(SO4)3 (aq)+ BaCl3
(aq) Al2Cl6 (aq)- +
3BaSO4(s) . What is the...
asked 10 months ago -
Suppose that Savneet is considering increasing her
recent random sample from 20 car rentals to 40...
asked 10 months ago -
Trucks arrive at an unloading terminal at an average rate of 120
per hour.
Trucks arrive...
asked 10 months ago -
Why are methanol and ethanol completely soluble in water while
octanol is not very little soluble....
asked 10 months ago -
A facilities manager at a university reads in a research report
that the mean amount of...
asked 10 months ago -
When the CuSO4 is rehydrated by adding water to the anhydrous
compound, is this an endothermic...
asked 10 months ago -
A ray of sunlight is passing from diamond into crown glass; the
angle of incidence is...
asked 10 months ago -
A block of mass 0.249 kg is placed on top of a light, vertical
spring of...
asked 10 months ago -
how do the kidneys compensate in the presences of acidosis
a) trigger hyperventilate
b) reserve acid...
asked 10 months ago -
Question 501 pts
The rental rate of capital to the firm increases. Which of the
following...
asked 10 months ago