Which of the following principles describes how a security analyst should communicate during an incident?
Which of the following has the GREATEST impact to the data retention policies of an organization?
A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has
identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be
implemented to prevent this incident from reoccurring?
A SIEM alert occurs with the following output:
Which of the following BEST describes this alert?
An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web
server that had not been used in over a year and was not regularly patched. After a discussion with the security team,
management decided to initiate a program of network reconnaissance and penetration testing. They want to start the
process by scanning the network for active hosts and open ports. Which of the following tools is BEST suited for this job?
A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst
logs into the web server using SSH to send the request locally. The report provides a link to
https://hrserver.internal/../../etc/passwd, and the server IP address is 10.10.10.15.
However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown
Which of the following would explain this problem? (Choose two.)
An organization has two environments: development and production. Development is where applications are developed with
unit testing. The development environment has many configuration differences from the production environment. All
applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any
application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production
applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability
An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to
identify the content of the traffic?
An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure
functions. Which of the following technologies meet the compatibility requirement? (Choose three.)
B D F
The security team for a large, international organization is developing a vulnerability management program. The
development staff has expressed concern that the new program will cause service interruptions and downtime as
vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to
address this concern?