- All Exams Instant Download
Which of the following has occurred?
The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry change B. Rename computer C. New account introduced D. Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?A . Business continuity plan B. Vulnerability management plan C. Disaster recovery plan D. Asset management planView AnswerAnswer: C Explanation:
Which of the following should be the next step in the remediation process?
A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?A . Testing B. Implementation C. Validation D. RollbackView AnswerAnswer: C Explanation: The next step in the remediation process after applying a software patch is...
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?A . The lead should review what is documented in the incident response policy or plan B. Management level members of the CSIRT should make that decision C. The lead...
Which of the following is the first step that should be performed when establishing a disaster recovery plan?
Which of the following is the first step that should be performed when establishing a disaster recovery plan?A . Agree on the goals and objectives of the plan B. Determine the site to be used during a disaster C Demonstrate adherence to a standard disaster recovery process D. Identity applications...
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAM B. IDS C. PKI D. DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...
Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?
A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to...
Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?
Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?A . Develop a call tree to inform impacted users B. Schedule a review with all teams to discuss what occurred C. Create an executive summary to...
Which of the following will produce the data needed for the briefing?
A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logs B. Indicators of compromise C. Risk assessment D. Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...
Which of the following describes what the analyst has noticed?
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?A . Beaconing B. Cross-site scripting C. Buffer overflow D. PHP traversalView AnswerAnswer: A Explanation:
