Question 61
Which of the following is the BEST way to gather patch information on a specific server?
A. Event Viewer
B. Custom script
C. SCAP software
D. CI/CD
Question 62
A security analyst reviews SIEM logs and discovers the following error event:
Which of the following environments does the analyst need to examine to continue troubleshooting the event?
A. Proxy server
B. SQL server
C. Windows domain controller
D. WAF appliance
E. DNS server
Question 63
A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked.
Which of the following methods would be MOST appropriate to use?
A. The Cyber Kill Chain
B. The MITRE ATT&CK framework
C. An adversary capability model
D. The Diamond Model of Intrusion Analysis
Question 64
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations.
Which of the following would work BEST to prevent this type of incident in the future?
A. Implement a UTM instead of a stateful firewall and enable gateway antivirus.
B. Back up the workstations to facilitate recovery and create a gold image.
C. Establish a ransomware awareness program and implement secure and verifiable backups.
D. Virtualize all the endpoints with daily snapshots of the virtual machines.
Question 65
A computer hardware manufacturer is developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one.
Which of the following can the hardware manufacturer implement to prevent firmware downgrades?
A. Encryption
B. eFuse
C. Secure Enclave
D. Trusted execution
Question 66
An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application.
The working hypothesis is as follows:
A. Improving detection capabilities
B. Bundling critical assets
C. Profiling threat actors and activities
D. Reducing the attack surface area
Question 67
A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?
A. Make sure the scan is credentialed, covers all hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.
B. Make sure the scan is uncredentialed, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
D. Make sure the scan is credentialed, uses a limited plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.
Question 68
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
A. DNSSEC
B. DMARC
C. STP
D. S/IMAP
Question 69
A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with adware. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?
A. Blacklist the hash in the next-generation antivirus system.
B. Manually delete the file from each of the workstations.
C. Remove administrative rights from all developer workstations.
D. Block the download of the file via the web proxy.
Question 70
A newly appointed Chief Information Security Officer has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
A. Planning
B. Continuous monitoring
C. Risk response
D. Risk analysis
E. Oversight
