Which of the following is the FIRST step the analyst should take?
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company’s server. Which of the following is the FIRST step the analyst should take? A. Create a full disk image of the server’s hard drive to look for the file containing the malware. B. Run a manual antivirus scan on the machine to […]
Which of the following software security best practices would prevent an attacker from being able to run arbit
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.) A. Parameterized queries B. Session management C. Input validation D. Output encoding E. Data protection F. Authentication Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
Which of the following software security best practices would prevent an attacker from being able to run arbit
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.) A. Parameterized queries B. Session management C. Input validation D. Output encoding E. Data protection F. Authentication Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
Which of the following BEST describes this attack?
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources. Which of the […]
Which of the following should the analyst do FIRST?
A cybersecurity analyst is contributing to a team hunt on an organization’s endpoints. Which of the following should the analyst do FIRST? A. Write detection logic. B. Establish a hypothesis. C. Profile the threat actors and activities. D. Perform a process analysis. Reference: https://www.cybereason.com/blog/blog-the-eight-steps-to-threat-hunting
Which of the following would explain the difference in results?
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following: The analyst runs the following command next: Which of the following would explain the difference in results? A. ICMP is being blocked by a firewall. B. The routing tables for ping and hping3 were […]
Which of the following is the main concern a security analyst should have with this arrangement
A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor’s labs. Which of the following is the main concern a security analyst should have with this arrangement? A. Making multiple trips between development sites increases […]
Which of the following would be the MOST appropriate to remediate the controller?
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization’s production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents […]
Which of the following would MOST likely be included in the incident response procedure after a security breac
Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII? A. Human resources B. Public relations C. Marketing D. Internal network operations center
Which of the following would BEST identify potential indicators of compromise?
An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply. Which of the following would BEST identify potential indicators of compromise? A. Use Burp Suite to capture packets to the SCADA device’s IP. B. Use tcpdump to […]