Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?

Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?A . Application B. Users C. Network infrastructure D. Configuration filesView AnswerAnswer: A Explanation: Reference: https://blog.qualys.com/securitylabs/2016/01/07/open-redirection-a-simple-vulnerability-threatens- your-web-applications

December 15, 2022 No Comments READ MORE +

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?A . Conducting post-assessment tasks B. Determining scope C. Identifying critical assets D. Performing a vulnerability scanView AnswerAnswer: C

December 14, 2022 No Comments READ MORE +

Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?

Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?A . There may be duplicate computer names on the network. B. The computer name may not be admissible evidence in court. C. Domain Name System (DNS) records...

December 13, 2022 No Comments READ MORE +

Which of the following technologies would reduce the risk of a successful SQL injection attack?

Which of the following technologies would reduce the risk of a successful SQL injection attack?A . Reverse proxy B. Web application firewall C. Stateful firewall D. Web content filteringView AnswerAnswer: B Explanation: Reference: http://www.enterprisenetworkingplanet.com/netsecur/article.php/3866756/10-Ways-to-Prevent-or- Mitigate-SQL-Injection-Attacks.htm

December 13, 2022 No Comments READ MORE +

Which of the following methods has been used?

An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?A . Password sniffing B. Brute force attack C. Rainbow tables D. Dictionary attackView AnswerAnswer: C

December 12, 2022 No Comments READ MORE +

The malware author used which type of command and control?

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?A . Internet Relay Chat (IRC) B. Dnscat2 C. Custom channel...

December 11, 2022 No Comments READ MORE +

Which of the following represents the missing factor in this formula?

A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?A . Exploits B. Security C. Asset D. ProbabilityView AnswerAnswer: C Explanation: Reference: https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-commonly-mixed-up-terms/

December 10, 2022 No Comments READ MORE +

Which of the following actions should the security administrator take?

According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator’s group. Which of the following actions should the security administrator take?A . Review the system log on the affected workstation....

December 10, 2022 No Comments READ MORE +

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?A . 3 months B. 6 months C. 1 year D. 5 yearsView AnswerAnswer: C Explanation: Reference: https://www.pcisecuritystandards.org/documents/Prioritized-Approach-for-PCI_DSS-v3_2.pdf

December 10, 2022 No Comments READ MORE +

Which of the following tools would help mitigate this risk from recurring?

An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?A . Data loss prevention (DLP) B. Firewall C. Web proxy D. File integrity monitoringView AnswerAnswer:...

December 10, 2022 No Comments READ MORE +