Question No : 1
HOTSPOT
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.

INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

Show Answers

Answer:

Question No : 2
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?

• A.Injection attack
• B.Memory corruption
• C.Denial of service
• D.Array attack

Show Answers

Answer:
Explanation:
Reference: https://economictimes.indiatimes.com/definition/memory-corruption

Question No : 3
An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application.
The working hypothesis is as follows:
• Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target.
• The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.
• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks.
Which of the following BEST represents the technique in use?

• A.Improving detection capabilities
• B.Bundling critical assets
• C.Profiling threat actors and activities
• D.Reducing the attack surface area

Show Answers

Answer:

Question No : 4
An organization is focused on restructuring its data governance programs and an analyst has been Tasked with surveying sensitive data within the organization.
Which of the following is the MOST accurate method for the security analyst to complete this assignment?

• A.Perform an enterprise-wide discovery scan.
• B.Consult with an internal data custodian.
• C.Review enterprise-wide asset Inventory.
• D.Create a survey and distribute it to data owners.

Show Answers

Answer:

Question No : 5
A company just chose a global software company based in Europe to implement a new supply chain management solution.
Which of the following would be the MAIN concern of the company?

• A.Violating national security policy
• B.Packet injection
• C.Loss of intellectual property
• D.International labor laws

Show Answers

Answer:

Question No : 6
An organization is experiencing issues with emails that are being sent to external recipients Incoming emails to the organization are working fine.
A security analyst receives the following screenshot ot email error from the help desk.



The analyst the checks the email server and sees many of the following messages in the logs.
Error 550 - Message rejected
Which of the following is MOST likely the issue?

• A.The DMARC queue is full
• B.SPF is failing.
• C.Port 25 is not open.
• D.The DKIM private key has expired

Show Answers

Answer:

Question No : 7
When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

• A.nmap CsA CO <system> -noping
• B.nmap CsT CO <system> -P0
• C.nmap CsS CO <system> -P0
• D.nmap CsQ CO <system> -P0

Show Answers

Answer:

Question No : 8
A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment.
Which of the following would be the BEST method to protect the company's data?

• A.Implement UEM on an systems and deploy security software.
• B.Implement DLP on all workstations and block company data from being sent outside the company
• C.Implement a CASB and prevent certain types of data from being downloaded to a workstation
• D.Implement centralized monitoring and logging for an company systems.

Show Answers

Answer:
Explanation:
Cloud Access Security Broker (CASB): An enterprise management software designed to mediate access to cloud services by users across all types of devices

Question No : 9
A cybersecurity analyst is supposing an incident response effort via threat intelligence.
Which of the following is the analyst MOST likely executing?

• A.Requirements analysis and collection planning
• B.Containment and eradication
• C.Recovery and post-incident review
• D.Indicator enrichment and research pivoting

Show Answers

Answer:

Question No : 10
During an investigation, an analyst discovers the following rule in an executive’s email client:
IF * TO <[email protected]> THEN mailto: <[email protected]>
SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]>
The executive is not aware of this rule.
Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

• A.Check the server logs to evaluate which emails were sent to <[email protected]>
• B.Use the SIEM to correlate logging events from the email server and the domain server
• C.Remove the rule from the email client and change the password
• D.Recommend that management implement SPF and DKIM

Show Answers

Answer: