Question No : 1
A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?

• A.Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
• B.Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
• C.Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
• D.Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Show Answers

Answer:
Explanation:
Reference: https://www.cyberark.com/what-is/privileged-access-management/

Question No : 2
A security analyst discovered that the company’s WAF was not properly configured.
The main web server was breached, and the following payload was found in one of the malicious requests:



Which of the following would BEST mitigate this vulnerability?

• A.CAPTCHA
• B.Input validation
• C.Data encoding
• D.Network intrusion prevention

Show Answers

Answer:
Explanation:
Reference: https://hdivsecurity.com/owasp-xml-external-entities-xxe

Question No : 3
Which of the following is required for an organization to meet the ISO 27018 standard?

• A.All Pll must be encrypted.
• B.All network traffic must be inspected.
• C.GDPR equivalent standards must be met
• D.COBIT equivalent standards must be met

Show Answers

Answer:

Question No : 4
A security analyst notices a number of SIEM events that show the following activity:



Which of the following response actions should the analyst take FIRST?

• A.Disable powershell.exe on all Microsoft Windows endpoints.
• B.Restart Microsoft Windows Defender.
• C.Configure the forward proxy to block 40.90.23.154.
• D.Disable local administrator privileges on the endpoints.

Show Answers

Answer:
Explanation:
top the data exfiltration and sever all malicious traffic first, and then clean up the internal mess.

Question No : 5
Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.
Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

• A.Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.
• B.Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.
• C.Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.
• D.Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

Show Answers

Answer:

Question No : 6
A security is assisting the marketing department with ensuring the security of the organization’s social media platforms.
The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username
The password has been shared within the department
Which of the following controls would be BEST for the analyst to recommend?

• A.Configure MFA for all users to decrease their reliance on other authentication.
• B.Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
• C.Create multiple social media accounts for all marketing user to separate their actions.
• D.Ensue the password being shared is sufficiently and not written down anywhere.

Show Answers

Answer:

Question No : 7
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management. However, she still needs to collect evidence of the intrusion that caused the incident .
Which of the following should Ann use to gather the required information?

• A.Traffic interceptor log analysis
• B.Log reduction and visualization tools
• C.Proof of work analysis
• D.Ledger analysis software

Show Answers

Answer:

Question No : 8
An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.
Which of the following processes can be used to identify potential prevention recommendations?

• A.Detection
• B.Remediation
• C.Preparation
• D.Recovery

Show Answers

Answer:

Question No : 9
A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:

• A.a decrypting RSA using obsolete and weakened encryption attack.
• B.a zero-day attack.
• C.an advanced persistent threat.
• D.an on-path attack.

Show Answers

Answer:
Explanation:
Reference: https://www.internetsociety.org/deploy360/tls/basics/

Question No : 10
An enterprise is undergoing an audit to review change management activities when promoting code to production.
The audit reveals the following:
• Some developers can directly publish code to the production environment.
• Static code reviews are performed adequately.
• Vulnerability scanning occurs on a regularly scheduled basis per policy.
Which of the following should be noted as a recommendation within the audit report?

• A.Implement short maintenance windows.
• B.Perform periodic account reviews.
• C.Implement job rotation.
• D.Improve separation of duties.

Show Answers

Answer: