- All Exams Instant Download
Which of the following should the cybersecurity analyst do FIRST?
A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?A . Apply the required patches to remediate the vulnerability. B. Escalate the incident to senior management for guidance. C. Disable all privileged user accounts on the network....
Which of the following would BEST meet that goal?
An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations . Which of the following would BEST meet that goal?A . Root-cause analysis B. Active response C. Advanced antivirus D. Information-sharing community E. Threat huntingView...
Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint . Which of the following data sources will BEST help the analyst to determine whether this event constitutes an...
Which of the following are components of the intelligence cycle? (Select TWO.)
Which of the following are components of the intelligence cycle? (Select TWO.)A . Collection B. Normalization C. Response D. Analysis E. Correction F. DissensionView AnswerAnswer: B,E
Which of the following is the MOST likely cause of this issue?
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame. Which of the following is...
Which of the following should be done to prevent this issue from reoccurring?
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features....
Which of the following is the BEST course of action?
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month. The affected servers are virtual machines. Which of the following is the...
Which of the following would be the BEST solution to recommend to the director?
A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future. Which of the following would be the BEST...
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implementA . federated authentication B. role-based access control. C. manual account reviews D. multifactor authentication.View AnswerAnswer: A
Which of the following would be the MOST appropriate to remediate the controller?
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer...
