- All Exams Instant Download
Which of the following most likely describes the observed activity?
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?A . Business continuity plan B. Vulnerability management plan C. Disaster recovery plan D. Asset management planView AnswerAnswer: C Explanation:
Which of the following most likely describes the observed activity?
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...
According to the security policy, which of the following vulnerabilities should be the highest priority to patch?
The Company shall prioritize patching of publicly available systems and services over patching of internally available system. According to the security policy, which of the following vulnerabilities should be the highest priority to patch? A) B) C) D) A . Option A B. Option B C. Option C D. Option...
Which of the following steps of an attack framework is the analyst witnessing?
An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?A . Exploitation B. Reconnaissance C. Command and control D. Actions on objectivesView...
Which of the following choices should the analyst look at first?
Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...
Which of the following best describes what is happening?
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . Beaconinq B. Domain Name System...
When starting an investigation, which of the following must be done first?
When starting an investigation, which of the following must be done first?A . Notify law enforcement B. Secure the scene C. Seize all related evidence D. Interview the witnessesView AnswerAnswer: B Explanation: The first thing that must be done when starting an investigation is to secure the scene. Securing the...
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?A . The lead should review what is documented in the incident response policy or plan B. Management level members of the CSIRT should make that decision C. The lead...
Which of the following scripting languages was used in the script?
A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: Which of the following scripting languages was used in the script?A . PowerShel B. Ruby C. Python D....
