Which of the following can the analyst conclude?
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following: Which of the following can the analyst conclude? […]
As part of the management response phase of the audit, which of the following would BEST demonstrate senior ma
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems. As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue? A. Copies of prior audits that did not identify […]
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
A compliance officer of a large organization has reviewed the firm’s vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the […]
Which of the following commands would MOST likely provide the needed information?
An information security analyst is compiling data from a recent penetration test and reviews the following output: The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would MOST likely provide the needed information? A. ping -t 10.79.95.173.rdns.datacenters.com B. telnet 10.79.95.173 443 C. […]
Which of the following is the FIRST step the analyst should take?
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company’s server. Which of the following is the FIRST step the analyst should take? A. Create a full disk image of the server’s hard drive to look for the file containing the malware. B. Run a manual antivirus scan on the machine to […]
Which of the following software security best practices would prevent an attacker from being able to run arbit
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.) A. Parameterized queries B. Session management C. Input validation D. Output encoding E. Data protection F. Authentication Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
Which of the following software security best practices would prevent an attacker from being able to run arbit
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.) A. Parameterized queries B. Session management C. Input validation D. Output encoding E. Data protection F. Authentication Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
Which of the following BEST describes this attack?
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources. Which of the […]
Which of the following should the analyst do FIRST?
A cybersecurity analyst is contributing to a team hunt on an organization’s endpoints. Which of the following should the analyst do FIRST? A. Write detection logic. B. Establish a hypothesis. C. Profile the threat actors and activities. D. Perform a process analysis. Reference: https://www.cybereason.com/blog/blog-the-eight-steps-to-threat-hunting
Which of the following would explain the difference in results?
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following: The analyst runs the following command next: Which of the following would explain the difference in results? A. ICMP is being blocked by a firewall. B. The routing tables for ping and hping3 were […]