B. >>>1. The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email... includes an attachment named invoice.zip that contains the following files: Locky.js xerty.ini xerty.lib Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices? A. Disable access to the company VPN B. Email employees instructing them not to open the invoice attachment C. Set permissions on file shares to read-only D. Add the URL included in the .js file to the company's web proxy filter B. >>>2. A security analyst is reviewing the following log after enabling key-based authentication. Dec 21 11:00:57 comptia sshd: Failed password for root from 22.214.171.124 port 38980 ssh2 Dec 21 20:08:26 comptia sshd: Failed password for root from 126.96.36.199 port 38156 ssh2 Dec 21 20:08:30 comptia sshd: Failed password for nobody from 188.8.131.52 port 38556 ssh2 Dec 21 20:08:34 comptia sshd: Failed password for invalid user asterisk from 184.108.40.206 port 38864 ssh2 Dec 21 20:08:38 comptia sshd: Failed password for invalid user sjobeck from 220.127.116.11 port 39157 ssh2 Dec 21 20:08:42 comptia sshd: Failed password for root from 18.104.22.168 port 39467 ssh2 Given the above information, which of the following steps should be performed NEXT to secure the system? A. Disable anonymous SSH logins B. Disable password authentication for SSH C. Disable SSHv1 D. Disable remote root SSH logins C. >>>3. A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?A. APT B. DDoS C. Zero Day D. False Positive C. >>>4. A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website? A. VPN B. Honeypot C. Whitelisting D. DMZ E. MAC filtering A. >>>5. An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting? A. Trend analysis B. Behavior analysis C. Availability analysis D. Business analysis C. >>>6. An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied? A. MAC B. TAP C. NAC D. ACL A. >>>7. A reverse engineer was analyzing malware found on a retailer's network and found code extracting track data in memory. Which of the following threats did the engineers MOST likely uncover? A. POS malware B. Rootkit C. Key logger D. RansomwareD. E. >>>8. Based on the above information, which of the following should the system administrator do? (Select TWO). A. Verify the vulnerability using penetration testing tools or proof-of-concept exploits. B. Review the references to determine if the vulnerability can be remotely exploited. C. Mark the result as a false positive so it will show in subsequent scans D. Configure a network-based ACL at the perimeter firewall to protect the MS SOL port E. Implement the proposed solution by installing Microsoft patch 0316333. D. E. >>>A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SOL Server 2012 that is slated to go into production in one week: summary The remote MS SQL server is vulnerable to the Hello overflow Solution Install Microsoft Patch Q316333 or disable the Microsoft SQL Server service or use a firewall to protect the MS SQL port References MSB: MS02-043, MS02-056, MS02-061 CVE: CVE-2002-1123 BID: 5411 Other: IAVA 2002-B-0007 Based on the above information, which of the following should the system administrator do? (Select TWO) A. Verify the vulnerability using penetration testing tools or proof-of-concept exploits B. Review the references to determine if the vulnerability can be remotely exploited C. Mark the result as a false positive so it will show in subsequent scans D. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port E. Implement the proposed solution by installing Microsoft patch Q316333 D. >>>9. Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective? A. Password reuse B. Phishing C. Social engineering D. TailgatingA. >>>10. A security professional is analyzing the results of a network utilization report. The report includes the following information: IP Address Server Name Server Uptime Historical Current 172.20.20.58 web.srvr.03 30D 12H 52M 009S 41.3GB 37.2GB 172.20.1.215 dev.web.srvr.01 30D 12H 52M 009S 1.81GB 2.2GB 172.20.1.22 hr.dbprod.01 30D 12H 17M 009S 2.24GB 29.97GB 172.20.1.26 mrktg.file.srvr.02 30D 12H 41M 009S 1.23GB 0.34GB 172.20.1.28 accnt.file.srvr.01 30D 12H 52M 009S 3.62GB 3.57GB 172.20.1.30 R&D.file.srvr.01 1D 4H 22M 01S 1.24GB 0.764GB Which of the following servers needs further investigation? A. hr.dbprod.01 B. R&D.file.srvr.01 C. mrktg.file.srvr.02 D. web.srvr.03 A. >>>11. Several users have reported that when attempting to save documents in team folders, the following message is received: The File Cannot Be Copied or Moved - Service Unavailable Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which of the following is the MOST likely scenario causing these issues? A. The network is saturated, causing network congestion B. The file server is experiencing high CPU and memory utilization C. Malicious processes are running on the file server D. All the available space on the file server is consumed C. >>>12. A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT? A. The analyst should create a backup of the drive and then hash the drive. B. The analyst should begin analyzing the image and begin to report findings C. The analyst should create a hash of the image and compare it to the original drive's hash D. The analyst should create a chain of custody document and notify stakeholders C. >>>13. After completing a vulnerability scan, the following output was noted: CVE-2011-3389QID 42366 - SSLv3.- / TLSv1.0 Protocol weak CBC mode Server side vulnerability Check with: openssl s_client -connect qualys.jive.mobile.com:443 - tlsl -cipher "AES:CAMELLA:SEED:3DES:DES" Which of the following vulnerabilities has been identified? A. PKI transfer vulnerability B. Active Directory encryption vulnerability C. Web application cryptography vulnerability D. VPN tunnel vulnerability C. >>>14. A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement? A. Self-service password reset B. Single sign-on C. Context-based authentication D. Password complexity A. >>>15. The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server. The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that support them. Which of the following meets the criteria? A. OSASP B. SANS C. PHP D. Ajax C. >>>16. A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied? A. TCP B. SMTP C. ICMP D. ARP A. >>>17. A system administrator has reviewed the following output:#nmap server.local Nmap scan report for server.local (10.10.2.5) Host is up (0.3452354s latency) Not shown:997 closed ports PORT STATE Service 22/tcp open ssh 80/tcp open http #nc server.local 80 220 server.local Company SMTP server (Postfix/2.3.3) #nc server.local 22 SSH-2.0-OpenSSH_7.1p2 Debian-2 # Which of the following can a system administrator infer from the above output? A. The company email server is running a non-standard port B. The company email server has been compromised C. The company is running a vulnerable SSH server D. The company web server has been compromised B. C. D. >>>18. Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE) A. VLANs B. OS C. Trained operators D. Physical access restriction E. Processing power F. Hard Drive capacity A. C. >>>19. A software assurance lab is performing a dynamic assessment of an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? A. Fuzzing B. Behavior modeling C. Static code analysis D. Prototyping phase E. Requirements phaseF. Planning phase A. >>>20. A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate? A. Threat intelligence reports B. Technical constraints C. Corporate minutes D. Governing regulations A. >>>21. A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT? A. Start the change control process B. Rescan to ensure the vulnerability still exists C. Implement continuous monitoring D. Begin the incident response process A. >>>22. Law enforcement has contacted a corporations legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach? A. Security awareness about incident communication channels B. Request all employees verbally commit to an NDA about the breach C. Temporarily disable employee access to social media D. Law enforcement meeting with employees B. >>>23. An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future? A. Remove and replace the managed switch with an unmanaged one. B. Implement a separate logical network segment for management interfaces. C. Install and configure NAC services to allow only authorized devices to connect to the network D. Analyze normal behavior on the network and configure the IDS to alert on deviation from normal.B. >>>24. A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report? A. Kali B. Splunk C. Syslog D. OSSIM A. B. >>>25. Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO) A. Schedule B. Authorization C. List of system administrators D. Payment terms E. Business justification B. C. >>>26. An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO) A. Drive adapters B. Chain of custody form C. Write blockers D. Crime tape E. Hashing utilities F. Drive imager B. >>>27. A threat intelligence analyst who works for a technology firm received this report from a vendor. "There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector." Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity? A. Polymorphic malware and secure code analysis B. Insider threat and indicator analysisC. APT and behavioral analysis D. Ransomware and encryption A. >>>28. A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, whcih of the following is the BEST choice? A. Install agents on the endpoints to perform the scan B. Provide each endpoint with vulnerability scanner credentials C. Encrypt all of the traffic between the scanner and the endpoint D. Deploy scanners with administrator privileges on each endpoint B. >>>29. An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation? A. Packet of death B. Zero-day malware C. PII exfiltration D. Known virus A. >>>30. An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users that the application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analyst during their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reported problems? A. The security analyst should perform security regression testing during each application development cycle B. The security analyst should perform end user acceptance security testing during each application development cycle C. The security analyst should perform secure coding practices during each application life cycle D. The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle A. >>>31. A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and production is affected. Which of the following sources would be used to evaluate which network service was interrupted? A. SyslogB. Network mapping C. Firewall logs D. NIDS E. >>>32. Given the following output from a Linux machine: file2cable -i eth0 -f file.pcap Which of the following BEST describes what a security analyst is trying to accomplish? A. The analyst is attempting to measure bandwidth utilization on interface eth0 B. The analyst is attempting to capture traffic on interface eth0 C. The analyst is attempting to replay captured data from a PCAP file D. The analyst is attempting to capture traffic for a PCAP file E. The analyst is attempting to use a protocol analyzer to monitor network traffic A. >>>33. A malicious user is reviewing the following output: root:~#ping 192.168.1.137 64 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms 64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 ms root:~# Based on the above output, which of the following is the device between the malicious user and the target? A. Proxy B. Access point C. Switch D. Hub D. >>>34. The Chief Information Security Office (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice? A. OSSIM B. SDLC C. SANS D. ISO A. >>>35. As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following types of testing is being performed? A. FuzzingB. Regression testing C. Stress testing D. Input validation A. >>>36. An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue? A. Netflow analysis B. Behavioral analysis C. Vulnerability analysis D. Risk analysis D. >>>37. In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Which of the following is the BEST way to proceed? A. Attempt to identify all false positives and exceptions, and then resolve all remaining items B. Hold off on additional scanning until the current list of vulnerabilities have been resolved C. Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities D. Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first D. >>>38. Which of the following is MOST effective for correlation analysis by log for threat management? A. PCAP B. SCAP C. IPS D. SIEM A. C. >>>39. Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO) A. To schedule personnel resources required for test activities B. To determine frequency of team communication and reporting C. To mitigate unintended impacts to operations D. To avoid conflicts with real intrusions that may occur E. To ensure tests have measurable impact to operationsD. >>>40. A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organizations internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure. The scope of activity as described in the statement of work is an example of: A. session hijacking B. vulnerability scanning C. social engineering D. penetration testing E. friendly DoS D. >>>41. An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, and procedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan? A. Conduct a risk assessment B. Develop a data retention policy C. Execute vulnerability scanning D. Identify assets B. >>>42. A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows: HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Tues, 19 Apr 2016 06:32:24 GMT Content-Type: text/html Content-Length: 111 <html><head><title>Site Not Found</title></head> <body>No web site is configured at this address. </body></html> Which of the following actions should be taken to remediate this security issue? A. Set "Allowlatescanning" to 1 in the URLScan.ini configuration file B. Set "Removeserverheader" to 1 in the URLScan.ini configuration file C. Set "Enable logging" to O in the URLScan.ini configuration file. D. Set "Perprocess logging" to 1 in the URLScan.ini configuration file. A. >>>43. A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used toprovide ARP scanning and reflects the MOST efficient method for accomplishing the task? A. nmap B. tracert C. ping -a D. nslookup C. >>>44. A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of "password" grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a productoin deployment? A. Manual peer review B. User acceptance testing C. Input validation D. Stress test the application C. >>>45. A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the BEST action for the cybersecurity analyst to perform? A. Continue monitoring critical systems. B. Shut down all server interfaces C. Inform management of the incident D. Inform users regarding the affected systems D. >>>46. A SIEM analyst noticed a spike in activities from the guest wireless network to several health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST? A. Contact the Office of Civil Rights (OCR) to report the breach B. Notify the Chief Privacy Officer (CPO) C. Activate the incident response plan D. Put an ACL on the gateway router C. D. >>>47. Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Selec [Show More]
Last updated: 1 year ago
Preview 1 out of 42 pages
Law> QUESTIONS & ANSWERS > CLG 0010 DOD GOV. COM. PUR. CARD OVERVIEW EXAM Questions and Answers. (All)
CLG 0010 DOD GOV. COM. PUR. CARD OVERVIEW EXAM Questions and answers, 2022 update, Rated A+ whose responsibility is it to comply with Government agency standards of conduct? (select the three tha...
By bundleHub Solution guider , Uploaded: Aug 28, 2022
*NURSING> QUESTIONS & ANSWERS > ACLS Exam Version A . questions and answers with verified solutions (All)
ACLS Exam Version A . questions and answers with verified solutions
By klaus , Uploaded: May 30, 2022
Social Sciences> QUESTIONS & ANSWERS > BCBA Exam Questions and Answers 100% Pass (All)
BCBA Exam Questions and Answers 100% Pass stimulus class ✔✔any group of stimuli sharing a predetermined set of common elements in one or more of the following: physical features, temporally, & func...
By Nutmegs , Uploaded: May 10, 2023
Human Resource Management> QUESTIONS & ANSWERS > SHRM-CP 2022 Questions and Answers Already Passed (All)
SHRM-CP 2022 Questions and Answers Already Passed SMART goals should have which of the following characteristics? ✔✔Specific, Measurable, Achievable, Relevant, Timely When performing a cost-benefi...
By bundleHub Solution guider , Uploaded: Sep 30, 2022
Medical Studies> QUESTIONS & ANSWERS > CSEP CPT Exam Questions and Answers Latest Updated 2022 Rated A (All)
what is the average stroke volume during exercise and at rest? Correct Answer-Rest: 70 mL/b Exercise: 120-190mL/b what is the average cardiac output at rest and during Exercise? Correct Answer-Rest:...
By clairel^ , Uploaded: Jan 20, 2023
*NURSING> QUESTIONS & ANSWERS > AHA BLS Exam Review Questions and Answers_ Fall 2022/2023. (All)
AHA BLS Exam Review Questions and Answers_ Fall 2021/2022. 1. When should the rescuer initially ensure that the scene is safe? a. When the rescuer first sees a potential victim b. After the rescu...
By CoursesExams , Uploaded: Mar 03, 2022
*NURSING> QUESTIONS & ANSWERS > AHA PALS Exam Questions Fall 2021/2022.. 100% proven pass rate (All)
AHA PALS Exam Questions Fall 2021/2022. 1. A 5-year-old child presents with lethargy, increased work of breathing, and pale color. The primary assessment reveals that the airway is open and the resp...
By bundleHub Solution guider , Uploaded: Aug 30, 2022
Human Nutrition> QUESTIONS & ANSWERS > Servsafe Manager Certification Test Questions and Answers (All)
Servsafe Manager Certification Test Questions and Answers foodborne illness - a disease transmitted to people by food An illness is considered an outbreak when... - • atleast 2 people have the same...
By Professor Lynne , Uploaded: Aug 08, 2022
*NURSING> QUESTIONS & ANSWERS > Relias Dysrhythmia Basic Test 35 Questions and Answers 2023 (Basic A Dysrhythmia) (All)
Relias Dysrhythmia Basic Test 35 Questions and Answers 2023 (Basic A Dysrhythmia)
By Grademaster , Uploaded: Mar 27, 2023
Ryanair security> QUESTIONS & ANSWERS > Ryanair Conversion Questions and Answers 100% Pass. (All)
Ryanair Conversion Questions and Answers 100% Pass How many passengers seats does a Boeing 737-800 have? ✔✔189 How many passenger seats does a Boeing 737-8200 have? ✔✔197 What row are the MED door...
By Nutmegs , Uploaded: Jun 09, 2023
Connected school, study & course
About the document
Sep 23, 2022
Number of pages
This document has been written for:
Sep 23, 2022
Avoid resits and achieve higher grades with the best study guides, textbook notes, and class notes written by your fellow students
Your fellow students know the appropriate material to use to deliver high quality content. With this great service and assistance from fellow students, you can become well prepared and avoid having to resits exams.
Your fellow student knows the best materials to research on and use. This guarantee you the best grades in your examination. Your fellow students use high quality materials, textbooks and notes to ensure high quality
Get paid by selling your notes and study materials to other students. Earn alot of cash and help other students in study by providing them with appropriate and high quality study materials.
Florida State University
Great way to get paid for all of the hard work!.
It is an excellent site to post assignment.
Florida State University
Awesome and a great way to make money!.
Thank you so much for this nice platform.
University Of South Florida
Great! It is a good place to share knowledge.
University of Windsor
G D Goenka University
It is helpful Platform for offering the notes
Louisiana State University
I love this site, they make everything so easy
Florida State University
Great tool for learning! I wish you success.
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
Copyright © Browsegrades · High quality services·