Which of the following principles describes how a security analyst should communicate during an incident?
A
Which of the following has the GREATEST impact to the data retention policies of an organization?
D
A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has
identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be
implemented to prevent this incident from reoccurring?
D
A SIEM alert occurs with the following output:
Which of the following BEST describes this alert?
B
An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web
server that had not been used in over a year and was not regularly patched. After a discussion with the security team,
management decided to initiate a program of network reconnaissance and penetration testing. They want to start the
process by scanning the network for active hosts and open ports. Which of the following tools is BEST suited for this job?
B
A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst
logs into the web server using SSH to send the request locally. The report provides a link to
https://hrserver.internal/../../etc/passwd, and the server IP address is 10.10.10.15.
However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown
below.
Which of the following would explain this problem? (Choose two.)
A
An organization has two environments: development and production. Development is where applications are developed with
unit testing. The development environment has many configuration differences from the production environment. All
applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any
application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production
applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability
management process?
A
An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to
identify the content of the traffic?
C
An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure
functions. Which of the following technologies meet the compatibility requirement? (Choose three.)
B D F
The security team for a large, international organization is developing a vulnerability management program. The
development staff has expressed concern that the new program will cause service interruptions and downtime as
vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to
address this concern?
C
While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a foreign domain
known to have well-funded groups that specifically target the companys R&D department. Historical data reveals other
corporate assets were previously targeted. This evidence MOST likely describes:
A
A cybersecurity analyst is hired to review the security measures implemented within the domain controllers of a company.
Upon review, the cybersecurity analyst notices a brute force attack can be launched against domain controllers that run on a
Windows platform. The first remediation step implemented by the cybersecurity analyst is to make the account passwords
more complex.
Which of the following is the NEXT remediation step the cybersecurity analyst needs to implement?
E
Given the following output from a Linux machine:
file2cable i eth0 -f file.pcap
Which of the following BEST describes what a security analyst is trying to accomplish?
E
A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is
therefore required to build a forensics kit with tools to support chip-off analysis. Which of the following tools would BEST
meet this requirement?
A
A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability
scan:
Which of the following is MOST likely a false positive?
B