NEW QUESTION NO: 10
A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?
A. Use the IP addresses to search through the event logs.
B. Analyze the trends of the events while manually reviewing to see if any of the indicators match.
C. Create an advanced query that includes all of the indicators, and review any of the matches.
D. Scan for vulnerabilities with exploits known to have been used by an APT.
Answer: B
Section: (none)
Explanation/Reference:
Explanation:

NEW QUESTION NO: 11
A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.
The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client.
Which of the following should the company implement?
A. Port security
B. WPA2
C. Mandatory Access Control
D. Network Intrusion Prevention
Answer: A
Section: (none)

NEW QUESTION NO: 12
An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?
A. Configure a script to automatically update the scanning tool.
B. Manually validate that the existing update is being performed.
C. Test vulnerability remediation in a sandbox before deploying.
D. Configure vulnerability scans to run in credentialed mode.
Answer: A
Section: (none)
Explanation/Reference:
Explanation:

NEW QUESTION NO: 13
A threat intelligence analyst who works for a financial services firm received this report:
"There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector."
The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).
A. Advise the firewall engineer to implement a block on the domain
B. Visit the domain and begin a threat assessment
C. Produce a threat intelligence message to be disseminated to the company
D. Advise the security architects to enable full-disk encryption to protect the MBR
E. Advise the security analysts to add an alert in the SIEM on the string "LockMaster"
F. Format the MBR as a precaution
Answer: B,D
Section: (none)
Explanation/Reference:

NEW QUESTION NO: 14
A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?
A. A compensating control
B. Altering the password policy
C. Creating new account management procedures
D. Encrypting authentication traffic
Answer: D
Section: (none)

NEW QUESTION NO: 15
A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network.
Which of the following protocols needs to be denied?
A. TCP
B. SMTP
C. ICMP
D. ARP
Answer: C
Section: (none)

NEW QUESTION NO: 16
A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows:

Which of the following actions should be taken to remediate this security issue?
A. Set "Allowlatescanning" to 1 in the URLScan.ini configuration file.
B. Set "Removeserverheader" to 1 in the URLScan.ini configuration file.
C. Set "Enablelogging" to 0 in the URLScan.ini configuration file.
D. Set "Perprocesslogging" to 1 in the URLScan.ini configuration file.
Answer: B
Section: (none)
Explanation/Reference:
Explanation:
ref: http://www.acunetix.com/blog/articles/configure-web-server-disclose-identity/

NEW QUESTION NO: 17
Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?
A. Co-hosted application
B. Transitive trust
C. Mutually exclusive access
D. Dual authentication
Answer: B
Section: (none)

NEW QUESTION NO: 18
A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:

Based on the above information, which of the following should the system administrator do? (Select TWO).
A. Verify the vulnerability using penetration testing tools or proof-of-concept exploits.
B. Review the references to determine if the vulnerability can be remotely exploited.
C. Mark the result as a false positive so it will show in subsequent scans.
D. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.
E. Implement the proposed solution by installing Microsoft patch Q316333.
Answer: D,E
Section: (none)

NEW QUESTION NO: 19
A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched.
Which of the following tools could be used to reduce the risk of being compromised?
A. Web application firewall
B. Network firewall
C. Web proxy
D. Intrusion prevention system
Answer: B
Section: (none)

NEW QUESTION NO: 20
A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?
A. Start the change control process.
B. Rescan to ensure the vulnerability still exists.
C. Implement continuous monitoring.
D. Begin the incident response process.
Answer: A
Section: (none)
Explanation/Reference:
Explanation: