A cybersecurity analyst has several log files to review. Instead of using…
A cybersecurity analyst has several log files to review. Instead of using…
The director of software development is concerned with recent web application security incidents, including th
The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server. The director would like to work with the security team to implement a standardized way to design, build, and test web a…
Which of the following stakeholders would need to be aware of an e-discovery notice received by the security o
Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the…
A company has several internal-only, web-based applications on the internal network. Remote employees are allo
A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the…
While preparing for a third-party audit, the vice president of risk management and the vice presi…
While preparing for a third-party audit, the vice president of risk management and the vice presi…
Which of the following is occurring?
After running a packet analyzer on the network, a security analyst has noticed the following output:
Which of the following is occurring?
Which of the following should be done FIRST to prevent …
The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:
Locky.js xerty.ini xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?
Which of the following combinations suggests how the th…
A threat intelligence analyst who works for a technology firm received this report from a vendor.
“There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is
R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector.”
Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?
Which of the following threats has the security analyst…
A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?
Which of the following is MOST likely to drive up the i…
During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between
150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident’s impact assessment?