Question 41
The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading. Which of the following should be the NEXT step in this incident response?
A. Send a sample of the malware to the antivirus vendor and request urgent signature creation.
B. Begin deploying the new anti-malware on all uninfected systems.
C. Enable an ACL on all VLANs to contain each segment.
D. Compile a list of IoCs so the IPS can be updated to halt the spread.
Question 42
A vulnerability assessment solution is hosted in the cloud. This solution will be used as an accurate inventory data source for both the configuration management database and the governance, risk, and compliance tool. An analyst has been asked to automate the data acquisition. Which of the following would be the BEST way to acquire the data?
A. CSV export
B. SOAR
C. API
D. Machine learning
Question 43
Which of the following is MOST closely related to the concept of privacy?
A. The implementation of confidentiality, integrity, and availability
B. A system's ability to protect the confidentiality of sensitive information
C. An individual's control over personal information
D. A policy implementing strong identity management processes
Question 44
An organization is focused on restructuring its data governance programs, and an analyst has been tasked with surveying sensitive data within the organization.
Which of the following is the MOST accurate method for the security analyst to complete this assignment?
A. Perform an enterprise-wide discovery scan.
B. Consult with an internal data custodian.
C. Review enterprise-wide asset inventory.
D. Create a survey and distribute it to data owners.
Question 45
Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?
A. Deploying HIPS to block malicious ActiveX code
B. Installing network-based IPS to block malicious ActiveX code
C. Adjusting the web-browser settings to block ActiveX controls
D. Configuring a firewall to block traffic on ports that use ActiveX controls
Question 46
A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot be reused. Which of the following is the BEST approach?
A. Degaussing
B. Shredding
C. Formatting
D. Encrypting
Question 47
During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content. Which of the following is the NEXT step the analyst should take?
A. Validate the binaries' hashes from a trusted source.
B. Use file integrity monitoring to validate the digital signature.
C. Run an antivirus against the binaries to check for malware.
D. Only allow whitelisted binaries to execute.
Question 48
An organization recently discovered that spreadsheet files containing sensitive financial data were improperly stored on a web server. The management team wants to find out if any of these files were downloaded by public users accessing the server. The results should be written to a text file and should include the date, time, and IP address associated with any spreadsheet downloads. The web server's log file is named webserver.log, and the report file name should be accessreport.txt. Following is a sample of the web server's log file:
2017-0-12 21:01:12 GET /index.htlm - @4..102.33.7 - return=200 1622
Which of the following commands should be run if an analyst only wants to include entries in which a spreadsheet was successfully downloaded?
A. more webserver.log | grep *.xls > accessreport.txt
B. more webserver.log > grep ''xIs > egrep -E 'success' > accessreport.txt
C. more webserver.log | grep ' -E ''return=200 | accessreport.txt
D. more webserver.log | grep -A *.xIs < accessreport.txt
Question 49
A security analyst is running a tool against an executable of an unknown source. The input supplied by the tool to the executable program and the output from the executable are shown below:
Which of the following should the analyst report after viewing this information?
A. A dynamic library that is needed by the executable is missing.
B. Input can be crafted to trigger an injection attack in the executable.
C. The tool caused a buffer overflow in the executable's memory.
D. The executable attempted to execute a malicious command.
Question 50
A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent. Which of the following would be an appropriate course of action?
A. Automate the use of a hashing algorithm after verified users make changes to their data.
B. Use encryption first and then hash the data at regular, defined times.
C. Use a DLP product to monitor the data sets for unauthorized edits and changes.
D. Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.
