The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?
A. A mean time to remediate of 30 days
B. A mean time to detect of 45 days
C. A mean time to respond of 15 days
D. Third-party application testing
The security team reviews a web server for XSS and runs the following Nmap scan:
Which of the following most accurately describes the result of the scan?
A. An output of characters > and " as the parameters used m the attempt
B. The vulnerable parameter ID hccp://l72.31.15.2.php?id-2 and unfiltered characters returned
C. The vulnerable parameter and unfiltered or encoded characters passed > and " as unsafe
D. The vulnerable parameter and characters > and " with a reflected XSS attempt
A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?
A. Upload the binary to an air gapped sandbox for analysis
B. Send the binaries to the antivirus vendor
C. Execute the binaries on an environment with internet connectivity
D. Query the file hashes using VirusTotal
Which of the following software assessment methods world peak times?
A. Security regression testing
B. Stress testing
C. Static analysis testing
D. Dynamic analysis testing
E. User acceptance testing
A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originating from an internal host to a blocklisted external server. Which of the following best describes the activity that is taking place?
A. Data exfiltration
B. Rogue device
C. Scanning
D. Beaconing
Which of the following actions would an analyst most likely perform after an incident has been investigated?
A. Risk assessment
B. Root cause analysis
C. Incident response plan
D. Tabletop exercise
An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact. Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize is efforts?
A. OS type
B. OS or application versions
C. Patch availability
D. System architecture
E. Mission criticality
A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?
A. Directory traversal
B. SQL injection
C. Buffer overflow
D. Cross-site scripting
A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties Which of the following would allow the IT team to determine which devices are USB enabled?
A. Asset tagging
B. Device encryption
C. Data loss prevention
D. SIEMIogs
A security analyst is reviewing the network security monitoring logs listed below:
Count: 2 Event#3.3505 2020-01-30 10:40 UTC GPL WEB SERVER robots. txt access
10.1.1.128 -> 10.0.0.10 IPVer=4 hlen=5 tos=0 dlen=269 ID=0 flags=0 offset=0 tt1=0 chksum=22704 Protocol: 6 sport=45260 => dport=80 Sec=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=23415 chksum=0
Count: 22 Event#3.3507 2020-01-30 10:40 UTC ET WEB SPECIFIC APPS PHPStudy Remote Code Execution Backdoor
10.1.1.129 -> 10.0.0.10 IPVer=4 hen=5 tos=0 dlen=269 ID=0 flags=0 offset=0 tt1=0 chksum=22704 Protocol: 6 sport=65200 -> dport=80 Sea=0 Ack=0 off=5 Res=0 Flags=******** win=0 urp=26814 chksum=0
Count: 30 Event#3.3522 2020-01-30 10:40 UTC ET WEB SERVER WEB-PHP phpinfo access
10.1.1.130 -> 10.0.0.10 IPVer=4 hen=5 tos=0 dlen=269 ID=0 flags=0 offset=0 tt1=0 chksum=22704 Protocol: 6 sport=58175 -> dport=80 Sec=0 Ack=0 Off=5 Res=0 Flags=******** win=0 urp=22875 chksum=0
Count: 22 Event#3.3728 2020-01-30 10:40 UTC GPL WEB SERVER 403 Forbidden
10.0.0.10 -> 10.1.1.129 IPVer=4 hen=5 tos=0 dlen=533 ID=0 flags=0 offset=0 tt1=0 chksum=20471 Protocol: 6 sport=80 -> dport=65200 Sea=0 Ack=0 Off=5 Res=0 Flags=******** win=0 urp=59638 chksum=0
Which of the following is the analyst MOST likely observing? (Choose two.)
A. 10.1.1.128 sent potential malicious traffic to the web server.
B. 10.1.1.128 sent malicious requests, and the alert is a false positive
C. 10.1.1.129 successfully exploited a vulnerability on the web server
D. 10.1.1.129 sent potential malicious requests to the web server
E. 10.1.1.129 can determine mat port 443 is being used
F. 10.1.1.130 can potentially obtain information about the PHP version