NEW QUESTION 1

An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration
tester has received the following output from the latest scan:

The penetration tester knows the organization does not use Timbuktu servers and wants to have Nmap interrogate the ports on the target in more detail. Which of the following commands should the penetration tester use NEXT?

• A. nmap –sV 192.168.1.13 –p1417
• B. nmap –sS 192.168.1.13 –p1417
• C. sudo nmap –sS 192.168.1.13
• D. nmap 192.168.1.13 –v

Answer: A

NEW QUESTION 2

A system administrator has reviewed the following output:

Which of the following can a system administrator infer from the above output?

• A. The company email server is running a non-standard port.
• B. The company email server has been compromised.
• C. The company is running a vulnerable SSH server.
• D. The company web server has been compromised.

Answer: A

NEW QUESTION 3

Given the following access log:

Which of the following accurately describes what this log displays?

• A. A vulnerability in jQuery
• B. Application integration with an externally hosted database
• C. A vulnerability scan performed from the Internet
• D. A vulnerability in Javascript

Answer: C

NEW QUESTION 4

While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a
foreign domain known to have well-funded groups that specifically target the company’s R&D department. Historical data reveals other corporate assets were previously targeted. This evidence MOST likely describes:

• A. an APT.
• B. DNS harvesting.
• C. a zero-day exploit.
• D. corporate espionage.

Answer: A

NEW QUESTION 5

External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?

• A. Stress testing
• B. Regression testing
• C. Input validation
• D. Fuzzing

Answer: A

NEW QUESTION 6

The development team cur.en.ly consists of lh.ee developers who each specialize in a specific programming language:
Developer 1 – C++/C#
Developer 2 – Python Developer 3 – Assembly
Which of the following SDLC best practices would be challenging lo implement with the current available staff?

• A. Fuzzing
• B. Peer review
• C. Regression testing
• D. Stress testing

Answer: B

NEW QUESTION 7

Organizational policies require vulnerability remediation on severity 7 or greater within one week. Anything with a severity less than 7 must be remediated within 30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updates to omit the false positive from future scans:
The organization has three Apache web servers:

The results of a recent vulnerability scan are shown below:

The team performs some investigation and finds a statement from Apache:

Which of the following actions should the security team perform?

• A. Ignore the false positive on 192 166 1.22
• B. Remediate 192 168. 1. 20 within 30 days.
• C. Remediate 192 168 1 22 Within 30 days
• D. investigate the false negative on 192.168.1.20

Answer: C

NEW QUESTION 8

An analyst is preparing for a technical security compliance check on all Apache servers. Which of the following will be the BEST to use?

• A. CIS benchmark
• B. Nagios
• C. OWASP
• D. Untidy
• E. Cain & Abel

Answer: A

NEW QUESTION 9

Which of the following principles describes how a security analyst should communicate during an incident?

• A. The communication should be limited to trusted parties only.
• B. The communication should be limited to security staff only.
• C. The communication should come from law enforcement.
• D. The communication should be limited to management only.

Answer: B

NEW QUESTION 10

Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations alter returning to work awl logging in. The building security team informs the IT security team that the cleaning stall was caught using the systems after the accounting department users left for the day Which of the following steps should the IT security team take to help prevent this from happening again? (Select TWO)

• A. Install a web monitors application to track Internet usage after hours
• B. Configure a policy for workstation account timeout at three minutes
• C. Configure NAC lo set time-based restrictions on the accounting group to normal business hours
• D. Configure mandatory access controls to allow only accounting department users lo access the workstations
• E. Set up a camera to monitor the workstations for unauthorized use

Answer: BC

NEW QUESTION 11

Review the following results:

Which of the following has occurred?

• A. This is normal network traffic.
• B. 123.120.110.212 is infected with a Trojan.
• C. 172.29.0.109 is infected with a worm.
• D. 172.29.0.109 is infected with a Trojan.

Answer: A

NEW QUESTION 12

A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike Which of the
following describes what may be occurring?

• A. Someone has logged on to the sinkhole and is using the device
• B. The sinkhole has begun blocking suspect or malicious traffic
• C. The sinkhole has begun rerouting unauthorized traffic
• D. Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.

Answer: C

NEW QUESTION 13

Which of the following is a best practice with regard to interacting with the media during an incident?

• A. Allow any senior management level personnel with knowledge of the incident to discuss it.
• B. Designate a single point of contact and at least one backup for contact with the media.
• C. Stipulate that incidents are not to be discussed with the media at any time during the incident.
• D. Release financial information on the impact of damages caused by the incident.

Answer: B

NEW QUESTION 14

Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:

• A. sniffing.
• B. hardening.
• C. hashing
• D. sandboxing

Answer: D

NEW QUESTION 15

Poky allows scanning of vulnerabilities during production hours. But production servers have been crashing later due lo unauthorized scans performed by junior technicians. Which of the following is the BEST solution to avoid production server downtime due to these types of scans?

• A. Transition from centralized to agent-based scans
• B. Require vulnerability scans be performed by trained personnel.
• C. Configure daily automated detailed vulnerability reports.
• D. Scan only as required to regulatory compliance.
• E. Implement sandboxing to analyze the results of each scan.

Answer: B

NEW QUESTION 16

A cyber incident response team finds a vulnerability on a company website that allowed an attacker to inject malicious code into its web application. There have been numerous unsuspecting users visiting the infected page, and the malicious code executed on the victim’s browser has led to stolen cookies, hijacked sessions, malware execution, and bypassed access control. Which of the following exploits is the attacker conducting on the company’s website?

• A. Logic bomb
• B. Rootkit
• C. Privilege escalation
• D. Cross-site scripting

Answer: D

NEW QUESTION 17

While conducting research on malicious domains, a threat intelligence analyst received a blue screen of death. The analyst rebooted and received a message stating that the computer had been locked and could only be opened by following the instructions on the screen. Which of the following combinations describes the MOST likely threat and the PRIMARY mitigation for the threat?

• A. Ransomware and update antivirus
• B. Account takeover and data backups
• C. Ransomware and full disk encryption
• D. Ransomware and data backups

Answer: D

NEW QUESTION 18

A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?

• A. Quarterly
• B. Yearly
• C. Bi-annually
• D. Monthly

Answer: A

NEW QUESTION 19

A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber-attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?

• A. Invest in and implement a solution to ensure non-repudiation
• B. Force a daily password change
• C. Send an email asking users not to share their credentials
• D. Run a report on all users sharing their credentials and alert their managers of further actions

Answer: C

NEW QUESTION 20

An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?

• A. Wireshark
• B. Qualys
• C. netstat
• D. nmap
• E. ping

Answer: D

NEW QUESTION 21

A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

• A. Install agents on the endpoints to perform the scan
• B. Provide each endpoint with vulnerability scanner credentials
• C. Encrypt all of the traffic between the scanner and the endpoint
• D. Deploy scanners with administrator privileges on each endpoint

Answer: A

NEW QUESTION 22

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?

• A. Threat intelligence reports
• B. Technical constraints
• C. Corporate minutes
• D. Governing regulations

Answer: A

NEW QUESTION 23

A security analyst performed a review of an organization’s software development life cycle. The analyst reports that the life cycle does not contain a phase m which team members evaluate and provide critical feedback on another developer's code. Which of the following assessment techniques is BEST for describing the analyst's report?

• A. Architectural evaluation
• B. Waterfall
• C. Whitebox testing
• D. Peer review

Answer: D

NEW QUESTION 24

The board of directors made the decision to adopt a cloud-first strategy. The current security infrastructure was designed for on-premise implementation. A critical application that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid cloud deployment model. Which of the following should be conducted FIRST?

• A. Develop a request for proposal.
• B. Perform a risk assessment.
• C. Review current security controls.
• D. Review the SLA for FISMA compliance.

Answer: C

NEW QUESTION 25

Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?

• A. Mobile devices
• B. All endpoints
• C. VPNs
• D. Network infrastructure
• E. Wired SCADA devices

Answer: A

Explanation:
Reference
http://www.corecom.com/external/livesecurity/eviltwin1.htm

NEW QUESTION 26

A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to SYN floods from a small number of IP addresses.
Which of the following would be the BEST action to take to support incident response?

• A. Increase the company’s bandwidth.
• B. Apply ingress filters at the routers.
• C. Install a packet capturing tool.
• D. Block all SYN packets.

Answer: B

NEW QUESTION 27

A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report over a
five-minute sample is included.

Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

• A. Perform reverse lookups on each of the IP addresses listed to help determine if the traffic necessary.
• B. Recommend that networking block the unneeded protocols such as Quicklime lo clear up some of the congestion
• C. Put ACLs in place to restrict traffic destined for random or non-default application ports
• D. Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic

Answer: A

NEW QUESTION 28
......