A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)
A.incident response playbooks
B.asset vulnerability assessment
C.report of staff members with asset relations
D.key assets and executives
E.malware analysis report
Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?
B.actions on objectives
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A.Tapping interrogation replicates signals to a separate port for analyzing traffic
B.Tapping interrogations detect and block malicious traffic
C.Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D.Inline interrogation detects malicious traffic but does not block the traffic
Refer to the exhibit. Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)
A.Create an ACL on the firewall to allow only TLS 1.3
B.Implement a proxy server in the DMZ network
C.Create an ACL on the firewall to allow only external connections
D.Move the webserver to the internal network
E.Move the webserver to the external network
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
A.Perform a vulnerability assessment
B.Conduct a data protection impact assessment
C.Conduct penetration testing
D.Perform awareness testing
A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?
A.Classify the criticality of the information, research the attacker's motives, and identify missing patches
B.Determine the damage to the business, extract reports, and save evidence according to a chain of custody
C.Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited
D.Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?
A.Identify the business applications running on the assets
B.Update software to patch third-party software
C.Validate CSRF by executing exploits within Metasploit
D.Fix applications according to the risk scores
An engineer is analyzing a possible compromise that happened a week ago when the company database servers unexpectedly went down. The analysis reveals that attackers tampered with Microsoft SQL Server Resolution Protocol and launched a DDoS attack. The engineer must act quickly to ensure that all systems are protected. Which two tools should be used to detect and mitigate this type of future attack? (Choose two.)
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?
An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?
A.Host a discovery meeting and define configuration and policy updates
B.Update the IDS/IPS signatures and reimage the affected hosts
C.Identify the systems that have been affected and tools used to detect the attack
D.Identify the traffic with data capture using Wireshark and review email filters
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?
A.Investigate the vulnerability to prevent further spread
B.Acknowledge the vulnerabilities and document the risk
C.Apply vendor patches or available hot fixes
D.Isolate the assets affected in a separate network
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.
Which technology should be used to accomplish this task?
Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?
A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.
What is the next step in handling the incident?
A.Block the source IP from the firewall
B.Perform an antivirus scan on the laptop
C.Identify systems or services at risk
D.Identify lateral movement
A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?
A.Determine the systems involved and deploy available patches
B.Analyze event logs and restrict network access
C.Review access lists and require users to increase password complexity
D.Identify the attack vector and update the IDS signature list
A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real- time. What is the first step the analyst should take to address this incident?
A.Evaluate visibility tools to determine if external access resulted in tampering
B.Contact the third-party handling provider to respond to the incident as critical
C.Turn off all access to the patient portal to secure patient records
D.Review system and application logs to identify errors in the portal code
Refer to the exhibit. What results from this script?
A.Seeds for existing domains are checked
B.A search is conducted for additional seeds
C.Domains are compared to seed rules
D.A list of domains as seeds is blocked
Refer to the exhibit. An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?
A.a DOS MZ executable format
B.a MS-DOS executable archive
C.an archived malware
D.a Windows executable file
Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?
A.The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
B.The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
C.The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
D.The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?
B.TCP small services
C.port UDP 161 and 162
D.UDP small services
Refer to the exhibit. Which indicator of compromise is represented by this STIX?
A.website redirecting traffic to ransomware server
B.website hosting malware to download files
C.web server vulnerability exploited by malware
D.cross-site scripting vulnerability to backdoor server
Refer to the exhibit. What is occurring in this packet capture?
A.TCP port scan
Refer to the exhibit. How must these advisories be prioritized for handling?
A.The highest priority for handling depends on the type of institution deploying the devices
B.Vulnerability #2 is the highest priority for every type of institution
C.Vulnerability #1 and vulnerability #2 have the same priority
D.Vulnerability #1 is the highest priority for every type of institution
The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?
A.Conduct a risk assessment of systems and applications
B.Isolate the infected host from the rest of the subnet
C.Install malware prevention software on the host
D.Analyze network traffic on the host's subnet
An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?
A.Assess the network for unexpected behavior
B.Isolate critical hosts from the network
C.Patch detected vulnerabilities from critical hosts
D.Perform analysis based on the established risk factors
Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?
A.Threat scores are high, malicious ransomware has been detected, and files have been modified
B.Threat scores are low, malicious ransomware has been detected, and files have been modified
C.Threat scores are high, malicious activity is detected, but files have not been modified
D.Threat scores are low and no malicious file activity is detected
An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?
A.Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.
B.Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.
C.Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.
D.Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.
Refer to the exhibit. Which data format is being used?
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?
A.Contain the malware
B.Install IPS software
C.Determine the escalation path
D.Perform vulnerability assessment
2023 Latest Braindump2go 350-201 PDF and 350-201 VCE Dumps Free Share: