Question 11
Which of the following is a difference between SOAR and SCAP?
A. SOAR can be executed faster and with fewer false positives than SCAP because of advanced heuristics.
B. SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope.
C. SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does.
D. SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts.
Question 12
An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:
Which of the following ports should be closed?
A. 21
B. 80
C. 443
D. 1433
Question 13
An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?
A. Monthly vulnerability scans, biweekly topology scans, daily host discovery scans
B. Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans
C. Monthly host discovery scans, biweekly vulnerability scans, monthly topology scans
D. Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans
Question 14
SIMULATION -Malware is suspected on a server in the environment.
The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.
INSTRUCTIONS -Servers 1, 2, and 4 are clickable. Select the Server and the process that host the malware.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question 15
While reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with political propaganda. Which of the following BEST describes this type of actor?
A. Hacktivist
B. Nation-state
C. Insider threat
D. Organized crime
Question 16
A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:
A. detection and prevention capabilities to improve.
B. which systems were exploited more frequently.
C. possible evidence that is missing during forensic analysis.
D. which analysts require more training.
E. the time spent by analysts on each of the incidents.
Question 17
An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?
A. SCADA
B. CAN bus
C. Modbus
D. IoT
Question 18
An internally developed file-monitoring system identified the following excerpt as causing a program to crash often: char filedata[100]; fp = fopen(`access.log`, `r`); srtcopy (filedata, fp); printf (`%s
`, filedata);
Which of the following should a security analyst recommend to fix the issue?
A. Open the access.log file in read/write mode.
B. Replace the strcpy function.
C. Perform input sanitization.
D. Increase the size of the file data butter.
Question 19
A company's legal and accounting teams have decided it would be more cost-effective to offload the risks of data storage to a third party. The IT management team has decided to implement a cloud model and has asked the security team for recommendations. Which of the following will allow all data to be kept on the third-party network?
A. VDI
B. SaaS
C. CASB
D. FaaS
Question 20
A security analyst discovers suspicious host activity while performing monitoring activities. The analyst pulls a packet capture for the activity and sees the following:
A. The host attempted to download an application from utoftor.com.
B. The host downloaded an application from utoftor.com.
C. The host attempted to make a secure connection to utoftor.com.
D. The host rejected the connection from utoftor.com.
