NO.258 An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

D. Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans

A. Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

B. Monthly vulnerability scans, biweekly topology scans, daily host discovery scans

C. Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans

NO.259 A user reports a malware alert to the help desk A technician verifies the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do NEXT?

B. Sanitize the workstation and verify countermeasures are restored

A. Document the procedures and walk through the incident training guide

C. Reverse engineer the malware to determine its purpose and risk to the organization

D. Isolate the workstation and issue a new computer to the user.

NO.260 A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verity that a user's data is not altered without the user's consent Which of the following would be an appropriate course of action?

C. Automate the use of a hashing algorithm after verified users make changes to their data

A. Use a DLP product to monitor the data sets for unauthorized edits and changes.

B. Use encryption first and then hash the data at regular, defined times

D. Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

NO.261 An incident response team detected malicious software that could have gained access to IT Certification Guaranteed, The Easy Way! 86 credit card dat a. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place. Which of the following should be notified for lessons learned?

A. The human resources department

NO.262 A small marketing firm uses many SaaS applications that hold sensitive information The firm has discovered terminated employees are retaining access to systems for many weeks after their end date. Which of the following would BEST resolve the issue of lingering access?

D. Set up a privileged access management tool that can fully manage privileged account access.

A. Configure federated authentication with SSO on cloud provider systems

B. Perform weekly manual reviews on system access to uncover any issues

C. Implement MFA on cloud-based systems

NO.264 An organization is developing software to match customers' expectations. Before the software goes into production, it must meet the following quality assurance guidelines Uncover all the software vulnerabilities. Safeguard the interest of the software's end users. Reduce the likelihood that a defective program will enter production. Preserve the Interests of me software producer Which of me following should be performed FIRST?

E. Conduct a static analysis of the code

A. Run source code against the latest OWASP vulnerabilities

B. Document the life-cycle changes that look place.

C. Ensure verification and vacation took place during each phase.

D. Store the source code in a s oftware escrow.

Which of the following BEST describes the reason why the email was blocked?

C. The IP address and the remote server name are the same.

B. The email originated from the www.spamfilter.org URL.

D. The IP address was blacklisted.

NO.267 A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server. Tool A reported the following:

B. Tool A used fuzzing logic to test vulnerabilities.

D. Tool B utilized machine learning technology F. Tool B is unauthenticated

NO.268 The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?

B. Implement an EDR mail module that will rewrite and analyze email links.

A. Turn on full behavioral analysis to avert an infection

C. Reconfigure the EDR solution to perform real-time scanning of all files

D. Ensure EDR signatures are updated every day to avert infection.

E. Modify the EDR solution to use heuristic analysis techniques for malware.

NO.270 A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

D. Adding a banner to incoming messages that identifies the messages as external

A. Implementing a sandboxing solution for viewing emails and attachments

B. Limiting email from the finance department to recipients on a pre-approved whitelist

C. Configuring email client settings to display all messages in plaintext when read

NO.271 A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the IT Certification Guaranteed, The Easy Way! 89 analyst finds the following:

B. The DMARC record's policy tag is incorrectly configured

A. The DMARC record's DKIM alignment tag Is incorrectly configured

C. The DMARC record does not have an SPF alignment tag

D. The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3

NO.272 During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

B. Disable error messaging for authentication

A. Set the web page to redirect to an application support page when a bad password is entered.

C. Recognize that error messaging does not provide confirmation of the correct element of authentication

D. Avoid using password-based authentication for the application

NO.273 An organization recently discovered that spreadsheet files containing sensitive financial data were improperly stored on a web server. The management team wants to find out if any of these files were downloaded by pubic users accessing the server. The results should be written to a text file and should induce the date. time, and IP address associated with any spreadsheet downloads. The web server's log file Is named webserver log, and the report We name should be accessreport.txt. Following is a sample of the web servefs.log file: 2017-0-12 21:01:12 GET /index.htlm - @4..102.33.7 - return=200 1622 Which of the following commands should be run if an analyst only wants to include entries in which spreadsheet was successfully downloaded?

C. more webserver.log | grep ' -E ''return=200 | accessreport.txt

A. more webserver.log | grep * xIs > accessreport.txt

B. more webserver.log > grep ''xIs > egrep -E 'success' > accessreport.txt

D. more webserver.log | grep -A *.xIs < accessreport.txt

NO.274 Which of the following MOST accurately describes an HSM?

B. An HSM can be networked based or a removable USB

A. An HSM is a low-cost solution for encryption

C. An HSM is slower at encrypting than software

D. An HSM is explicitly used for MFA

NO.277 A security analyst is supporting an embedded software team. Which of the following is the BEST recommendation to ensure proper error handling at runtime?

A. Perform static code analysis.

B. Require application fuzzing.

The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of IT Certification Guaranteed, The Easy Way! 91 the following BEST describes the situation?

C. This is a true positive and the new computers were imaged with an old version of the software

A. This is a false positive and the scanning plugin needs to be updated by the vendor

B. This is a true negative and the new computers have the correct version of the software

D. This is a false negative and the new computers need to be updated by the desktop team

NO.280 An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?

B. Enforce geofencing to limit data accessibility

A. Require all remote employees to sign an NDA

C. Require users to change their passwords more frequently

D. Update the AUP to restrict data sharing

NO.281 An analyst needs to provide recommendations for the AUP Which of the following is the BEST recommendation to protect the company's intellectual property?

D. AII Internet access must be via a proxy server

A. Company assets must be stored in a locked cabinet when not in use.

B. Company assets must not be utilized for personal use or gain

C. Company assets should never leave the company's property

NO.283 A company's data is still being exfiltered to business competitors after the implementation of a DLP solution. Which of the following is the most likely reason why the data is still being compromised?

B. DRM must be implemented with the DLP solution

A. Printed reports from the database contain sensitive information

C. Users are not labeling the appropriate data sets

D. DLP solutions are only effective when they are implemented with disk encryption

NO.284 A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?

A. Violating national security policy

C. Loss of intellectual property

NO.286 Which of the following BEST explains the function of a managerial control?

A. To help design and implement the security planning, program development, and maintenance of the security life cycle

B. To guide the development of training, education, security awareness programs, and system maintenance

C. To create data classification, risk assessments, security control reviews, and contingency planning

D. To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

NO.287 Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?

B. Creating proper session identifier entropy

A. Ensuring the session identifier length is sufficient

C. Applying a secure attribute on session cookies

D. Utilizing transport layer encryption on all requests

E. Implementing session cookies with the HttpOnly flag

NO.288 During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

C. Communicate the security incident to the threat team for further review and analysis

A. Share details of the security incident with the organization's human resources management team

B. Note the security incident so other analysts are aware the traffic is malicious

D. Report the security incident to a manager for inclusion in the daily report

NO.290 For machine learning to be applied effectively toward security analysis automation, it requires .

C. a multicore, multiprocessor system

D. anomalous traffic signatures.

NO.291 A company uses an FTP server to support its critical business functions The FTP server is configured as follows: The FTP service is running with (he data duectory configured in /opt/ftp/data. The FTP server hosts employees' home aVectories in /home * Employees may store sensitive information in their home directories An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

C. Run the FTP server n a chroot environment

A. Implement file-level encryption of sensitive files

B. Reconfigure the FTP server to support FTPS

D. Upgrade the FTP server to the latest version

NO.293 An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers. Which of the following is a benefit of having these communication plans?

B. They can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.

A. They can help to prevent the inadvertent release of damaging information outside the organization

C. They can help to keep the organization's senior leadership informed about the status of patching during the recovery phase.

D. They can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase

NO.294 A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports. Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access?

B. Whitelist the application server.

A. Apply a firewall application server rule.

C. Sandbox the application server

C. Sandbox the application server. D. Enable port security.

E. Block the unauthorized networks.

NO.296 Which of the following is MOST closely related to the concept of privacy?

A. An individual's control over personal information

B. A policy implementing strong identity management processes

C. A system's ability to protect the confidentiality of sensitive information

D. The implementation of confidentiality, integrity, and availability

NO.297 The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

C. Place a firewall In between the corporate network and the guest network

A. Require the guest machines to install the corporate-owned EDR solution

B. Configure NAC to only allow machines on the network that are patched and have active antivirus.

D. Configure the IPS with rules that will detect common malware signatures traveling from the guest network

NO.299 A business recently acquired a software company. The software company's security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

A. Develop an asset inventory to determine the systems within the software company

B. Review relevant network drawings, diagrams and documentation

C. Perform penetration tests against the software company's Internal and external networks

D. Baseline the software company's network to determine the ports and protocols in use.

NO.300 A security analyst is reviewing port scan data that was collected over the course of several months. The following data represents the trends:

C. Investigate why the number of open SSH ports varied during the six months

A. Review the system configurations to determine if port 445 needs to be open.

B. Assume there are new instances of Apache in the environment

D. Raise a concern to a supervisor regarding possible malicious use Of port 8443

CYSA + (251-300)

Authored by cysa cysa

Computers

Used 37+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

48 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is the order of priority for risk mitigation from highest to lowest?
(ExamTopic'e gore guncellendi)

A. A, B, C, D

B. A, D, B, C

C. B, C, A, D

D. C, B, D, A

E. D, A, C, B

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.252 A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets. Which of the following is the BEST example of the level of sophistication this threat actor is using?

A. Social media accounts attributed to the threat actor

B. Custom malware attributed to the threat actor from prior attacks

C. Email addresses and phone numbers tied to the threat actor

D. Network assets used in previous attacks attributed to the threat actor

E. IP addresses used by the threat actor for command and control

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.253 A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

A. Shut down the computer

B. Capture live data using Wireshark

C. Take a snapshot

D. Determine if DNS logging is enabled.

E. Review the network logs.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.254 An organization has the following policies: Services must run on standard ports. Unneeded services must be disabled. The organization has the following servers: 192.168.10.1 - web server 192.168.10.2 - database server A security analyst runs a scan on the servers and sees the following output:

A. Disable HTTPS on 192.168.10.1

B. Disable IIS on 192.168.10.1

C. Disable DNS on 192.168.10.2

D. Disable MSSQL on 192.168.10.2

E. Disable SSH on both servers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.255 A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior. Which of the following malware analysis approaches is this?

A. White box testing

B. Fuzzing

C. Sandboxing

D. Static code analysis

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.256 A Chief Executive Officer (CEO) is concerned about the company's intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm. Which of the following courses of action is appropriate?

A. Limit all access to the sensitive data based on geographic access requirements with strict rolebased access controls

B. Enable data masking and reencrypt the data sets using AES-256.

C. Ensure the data is correctly classified and labeled, and that DLP rules are appropriate to prevent disclosure.

D. Use data tokenization on sensitive fields, reencrypt the data sets using AES-256, and then create an MD5 hash

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NO.257 An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders Which of the following controls is the MOST appropriate to mitigate risks?

A. Data deduplication

B. OS fingerprinting

C. Digital watermarking

D. Data loss prevention

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

KISIKISIPAS9

Quiz

•

3rd Grade

48 questions

Sprawdzian z systemow sieciowych i podstawowych komend Linux

Quiz

•

2nd - 3rd Grade

44 questions

Technology: Final exam review

Quiz

•

7th - 8th Grade

44 questions

Data Organization in Windows 10

Quiz

•

3rd Grade

50 questions

CSS11_4TH_QTR_EXAM

Quiz

•

11th Grade

47 questions

Easy Quiz

Quiz

•

50 questions

ULANGAN SUMATIF BAB I INFORMATIKA

Quiz

•

10th Grade

52 questions

ÔN TẬP KIỂM TRA HK 1 ĐỊA LÍ 10

Quiz

•

10th Grade

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Computers

9 questions

FOREST Perception

Lesson

•

20 questions

Place Value

Quiz

•

KG - 3rd Grade

15 questions

Grammar

Quiz

•

KG - 7th Grade

10 questions

Sound Energy Assessment

Quiz

•

KG - 2nd Grade

10 questions

Sound Energy

Quiz

•

KG - 2nd Grade

10 questions

Counting Dimes and Pennies

Quiz

•

KG - 2nd Grade

10 questions

Dr. Seuss

Quiz

•

KG - 5th Grade

10 questions

Place Value: Hundreds, Tens, and Ones

Quiz

•

KG - 2nd Grade

CYSA + (251-300)

Which of the following is the order of priority for risk mitigation from highest to lowest?(ExamTopic'e gore guncellendi)

NO.252 A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets. Which of the following is the BEST example of the level of sophistication this threat actor is using?

NO.253 A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

NO.255 A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior. Which of the following malware analysis approaches is this?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

Which of the following is the order of priority for risk mitigation from highest to lowest?
(ExamTopic'e gore guncellendi)