Internal cyber security suspects a network server as the target of a zero-day attack. What type of analysis should the cyber security team use to verify this?
A cybersecurity consultant is helping a company organize its internal incident response team. The consultant recommends that they need to be able to collect information about system events and system activity leading up to an incident. What should the team use?
A company contracts with an outside organization to perform a blind penetration test. The primary goal of the test is to determine how vulnerable the network is to data theft and modification. The rules of engagement include a specification to test other potential vulnerabilities discovered during testing. What is the first step that the testers should take when performing the test?
The incident response team needs to make forensic copy of a hard disk. What should the team do before creating the copy?
A company's newly established forensic response team is working with a cybersecurity specialist to create a detailed incident response plan. They need to document guidelines for prioritizing data collection at the site of an incident. Which data source should have the highest priority?
An internal data exfiltration attack resulted in a small amount of unpublished material being uploaded to an external site. Investigation into the potential impact of the incident revealed an unexpected vulnerability: Any materials from the publisher. either sold directly by the publisher or through a third party, can be copied and redistributed without any restrictions. The publisher needs to prevent this from happening in the future in a way that protects the materials from unauthorized duplication or redistribution. What is the BEST solution the publisher should implement?
A Company is preparing to develop an application an application that will be used extensively Through the organization developers are directed to find all information they can about security controls that directly relate to scenarios used in designing the application. what organization provides this information?
A detailed analyst for SEIM server data, IDS collected data, and network captures uncovers unusual network traffic. Short bursts of outgoing traffic are being sent late at night to an external address. The cybersecurity teams wants to gather additional information about the activity to plan the best course of action. What should the team do first?
A company designated a Computer Security Incident Response Team (CSIRT) to enable the company to manage incidents using internal resources. The team needs to repurpose a laptop computer as a forensic workstation. They need to set up the workstation as quickly as possible and at minimum cost. What should they install on the computer?
The security team updated your vulnerability scanner with current plug-ins. The result after running a non-credentialed scan of the network shows an increase in reported vulnerabilities. A custom application running on several hosts is reported as vulnerable. The security team suspects a false positive. What action should the security team take first?
The incident response team determines that confidential information, including PHI was downloaded during an incident. The legal department directs that a statement be issued to potentially impacted customers that this has happened. Why is this important?
What are two key roles of management in an incident response process?
An Internet service provider (ISP) is acquiring a small regional competitor. Negotiations are ongoing. An unauthorized disclosure of information about the acquisition occurred. Additional release of information could increase the cost of the acquisition or jeopardize the deal. The ISP's security team initially suspects a social engineering exploit. It was finally identified as being from an email sent by an ISP employee. The employee's excuse was that he did not know what he could or could not say about the acquisition. What is the BEST solution that both companies should put in place to minimize the risk of additional unauthorized release of information?
A web application lets field sales personnel look up customer information. A sudden spike of data transmissions from the web site is detected. Closer investigation indicates that the traffic started after the following string was used to connect to the web site: http://frelcompany.com/showcust.php?ID=1000 OR in What type of vulnerability is being exploited?
A company is in the process of classifying data in advance of implementing an information security vulnerability management process. A security specialist is asked to identify personally identifying information (PII) on file about employees. Which two of the following should the specialist classify as P11? (Choose two.)
A company works with a cybersecurity consultant to establish a computer incident response team. The team includes members from different departments in the company, including: * Technical services * Information technology (IT) * Management * Human resources (HR) * Public relations • Legal The team is developing an incident response plan that includes communication plans and guidelines in case of an incident. The team needs to ensure secure, reliable, and appropriate communications. Which two items should be included in the communication plan? (Choose two.)
A company deploys a CRM web application in its perimeter network to provide access to outside sales personnel. The internal security team works with the supplier's technical support to resolve compatibility and security issues during deployment. During this process, the internal security team learns that the application has a maintenance hook. What is the potential risk of a maintenance hook
A member of the cyber team executes the following from a Linux host: ping -b -c 3 -i30 192.168.2.255 What type of environmental reconnaissance effort does this indicate?
A security consultant helps a company to implement an information vulnerability management process. What is the first step in the process that the security consultant should recommend?
A company determines that recent incidents were due to network resources being overloaded which made them more vulnerable to exploit attempts. This included crashing a critical database server through a denial-of-service (DoS) attack. The company decides to implement trend analysis to manage resource requirements proactively. What is the first step in setting up trend analysis?
Analysis of a recent incident exposed a need to modify or update the following: * Permission assignments * Router and firewall configurations * VLAN boundaries Where should the information technology (IT) department find guidelines for how best to implement these?
A company tests an update to an internally developed application at its corporate office. The update must be made available to remote offices for download on an as needed basis. The file is made available from a website accessible to remote offices. The company needs to ensure the integrity and authenticity of the file after download. Which technology should the company use?
A company uses websites for communication with both employees and customers. The company hosts multiple private and public websites. Some websites have been found vulnerable to session hijacking after attacks are detected. What is the BEST way to prevent session hijacking in the future?
1. A company contracts a data security specialist to help with data classification for implementing an information security vulnerability management process. The specialist is tasked with identifying data as confidential, proprietary, private, or public. What kind of data should be identified as proprietary data?
- B. Technical, patent, trade secret or other information that could reduce a company's competitive edge if released
- C. Personally identifying information (P11) about employees, customers, or other individuals that could facilitate malicious activity if released
A post-incident audit described the need to update and enforce password policies. New maximum age and minimum age limits are specified in the policy. The limits are enforced for Microsoft Active Directory Domain Services (AD DS) users through Group Policy. Technical services needs to enforce the policy for a small number of users who are able to directly log onto the network's two Linux servers. What should technical services do?
Users report a problem with a commercial customer management application. Any time a user accesses a customer record, even to just view the record, it is deleted from the database. The application runs as a web application. Antivirus software running on the web server and the database server does not report any problems. How should the security analyst classify the threat?
A company deploys a new web application in a limited release as part of its user acceptance testing (UAT). The company needs to monitor, capture, and analyze real-world activity between users and the web application with a focus on application security. What should the company use?
A company's internal network uses only layer 3 switches. The network is configured as multiple physical subnets and makes extensive used for VLANs. A recent incident raised concerns about how the network is configured. A cybersecurity consultant makes recommendations to minimize the future risk to three critical servers. The servers should be configured: * As part of the same IP subnet. * Segmented from the rest of the network. * So all traffic to or from the servers must go through a firewall. * To prevent the servers from communicating directly with each other. The servers are currently configured as part of a VLAN with other servers and network clients. What network configuration should be used?
A company wants to employ continuous scans as part of its information security vulnerability management process. A security consultant recommends using standards to enable the automated vulnerability management that can enumerate software flaws and configuration issues. Which standard should the company use to provide this?
A credentialed vulnerability scan reports a known vulnerability on multiple databases. The vulnerability is not reported when a non-credentialed scan runs. The vulnerability is due to configuration settings required to support a legacy application. The security team does not want the vulnerability to be reported on future scans. The team needs to ensure that this does not otherwise impair the accuracy of the scans. What should the security team do?
About Individual Course:
|Learning Style||Self-Paced Learning|
|Course Duration||1 Hour|