- All Exams Instant Download
Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
During an investigation, an analyst discovers the following rule in an executive’s email client: IF * TO <[email protected]> THEN mailto: <[email protected]> SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]> The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact...
Which of the following should the analyst do?
A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?A . Shut down the computerB . Capture live data...
Which of the following can the analyst conclude?
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following: Which of the...
An incident response team is responding to a breach of multiple systems that contain PII and PHI.
An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:A . the responder’s discretionB . the public relations policyC . the communication planD . senior management’s guidanceView AnswerAnswer: A
Which of the following secure coding techniques can be used to prevent cross-site request forgery attacks?
Which of the following secure coding techniques can be used to prevent cross-site request forgery attacks?A . Input validationB . Output encodingC . Parameterized queriesD . TokenizationView AnswerAnswer: D
Which of the following commands should the administrator run NEXT to further analyze the compromised system?
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output. Which of the following commands should the administrator run NEXT to further analyze the compromised system?A . strace /proc/1301B . rpm -V openash-serverC . /bin/la -1 /proc/1301/exeD . kill -9...
Which of the following is the FIRST step the analyst should take?
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?A . Create a full disk image of the server's hard drive to look for the file containing the malware.B . Run a manual antivirus...
An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding. When of the following would be the BEST integration option for the service?
An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding. When of the following would be the BEST integration option for the service?A . Manually log in to the service and upload data files on a regular basis.B . Have the internal...
Which of the following attacks can be prevented by using output encoding?
Which of the following attacks can be prevented by using output encoding?A . Server-side request forgeryB . Cross-site scriptingC . SQL injectionD . Command injectionE . Cross-site request forgeryF . Directory traversalView AnswerAnswer: B
Which of the following conclusions can be drawn with respect to the threat and impact?
An organization suspects it has had a breach, and it is trying to determine the potential impact. The organization knows the following: ✑ . The source of the breach is linked to an IP located in a foreign country. ✑ The breach is isolated to the research and development servers....
