A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company’s server: Which of the following BEST describes this kind of attack?A . Directory traversalB . SQL injectionC . APID . Request forgery View Answer Answer: D...
A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst Include in this documentation? (Select TWO).A . The order of volatilityB . A checksumC . The location of the artifactsD . The vendor’s nameE . The date and timeF . A warning banner View...Continue reading
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:A . perform attribution to specific APTs and nation-state actors.B . anonymize any PII that is observed within the IoC data.C . add...Continue reading
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?A . The most common set...Continue reading
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments . Which of the following BEST explains the appliance’s vulnerable state?A . The system was configured with weak default security settings.B . The device uses weak encryption ciphers.C . The vendor has...Continue reading
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment . Which of the following recommendations would BEST address the CSO’s concern?A . Deploy an MDM solution.B . Implement managed FDD . Replace all...Continue reading
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked . Which of the following would BEST these requirement?A . RAB . OCSPC . CRLD . CSR...Continue reading
A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues . Which of the following would be the BEST resource for determining the order of priority?A . NmapnB . Heat mapsC . Network...Continue reading
A security analyst is reviewing the following attack log output: Which of the following types of attacks does this MOST likely represent?A . Rainbow tableB . Brute-forceC . Password-sprayingD . Dictionary View Answer Answer: C...
Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?A . Data encryptionB . Data maskingC . AnonymizationD . Tokenization View Answer Answer: A...