- All Exams Instant Download
Which of the following attack types is the threat analyst seeing?
A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?A . SQL injectionB . CSRFC . Session hijackingD . XSSView AnswerAnswer: D
Which of the following is the BEST option to resolve the board’s concerns for this email migration?
A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by...
Which of the following should the organization consider FIRST to address this requirement?
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice. Which of the following should the organization consider FIRST to address this requirement?A . Implement a change management plan to ensure systems are using the appropriate versions.B . Hire...
Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually . Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?A . Black-box testingB . Gray-box...
Which of the following risk techniques did the department use in this situation?
CORRECT TEXT A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access . Which of the following risk techniques did the department use in this situation? ....
Which of the following steps should the security analyst take FIRST?
A security analyst observes the following while looking through network traffic in a company's cloud log: Which of the following steps should the security analyst take FIRST?A . Quarantine 10.0.5.52 and run a malware scan against the host.B . Access 10.0.5.52 via EDR and identify processes that have network connections.C...
Which of the following compensating controls would be BEST to implement in this situation?
A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC. Which of the following compensating controls would be BEST to implement in this situation?A . EDRB . SIEMC ....
Which of the following risk-handling techniques was used?
Company A acquired Company. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program. Which of the following risk-handling techniques was used?A . AcceptB...
Which of the following risk-handling techniques will BEST meet the organization's requirements?
An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following: 1) There will be a 520,000 per day...
Which of the following should the analyst use to create the list quickly?
A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed . Which of the following should the analyst use to create the list quickly?A . Business impact ratingB . CVE...
