- All Exams Instant Download
Which of the following best describes what is happening?
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . Beaconinq B. Domain Name System...
Which of the following describes what the analyst has noticed?
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?A . Beaconing B. Cross-site scripting C. Buffer overflow D. PHP traversalView AnswerAnswer: A Explanation:
Which of the following tuning recommendations should the security analyst share?
An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed: Which of the following tuning recommendations should the security analyst share?A . Set an HttpOnlvflaq to force communication by HTTPS B. Block requests without an X-Frame-Options header C. Configure an Access-Control-Allow-Origin header...
Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?
An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?A . Hard disk B. Primary boot partition...
Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?
An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company...
Which of the following should be the next step in the remediation process?
A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?A . Testing B. Implementation C. Validation D. RollbackView AnswerAnswer: C Explanation: The next step in the remediation process after applying a software patch is...
Which of the following logs should the team review first?
An incident response team receives an alert to start an investigation of an internet outage. The outage is preventing all users in multiple locations from accessing external SaaS resources. The team determines the organization was impacted by a DDoS attack. Which of the following logs should the team review first?A...
Which of the following security operations tasks are ideal for automation?
Which of the following security operations tasks are ideal for automation?A . Suspicious file analysis: - Look for suspicious-looking graphics in a folder. - Create subfolders in the original folder based on category of graphics found. - Move the suspicious graphics to the appropriate subfolder B. Firewall IoC block actions:...
Which of the following has occurred?
The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry change B. Rename computer C. New account introduced D. Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...
Which of the following choices should the analyst look at first?
Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...
