A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)
A. Conduct input sanitization.
B. Deploy a SIEM.
C. Use containers.
D. Patch the OS
E. Deploy a WAF.
F. Deploy a reverse proxy
G. Deploy an IDS.
A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?
A. NIST SP 800-53
B. MITRE ATTandCK
C. The Cyber Kill Chain
D. The Diamond Model of Intrusion Analysis
A software developer is working on a piece of code required by a new software package. The code should use a protocol to verify the validity of a remote identity. Which of the following should the developer implement in the code?
A. RSA
B. OCSP
C. HSTS
D. CRL
A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?
A. Simulating a spam campaign
B. Conducting a sanctioned vishing attack
C. Performing a risk assessment
D. Executing a penetration test
A company wants to improve the security of its web applications that are running on in-house servers. A risk assessment has been performed, and the following capabilities are desired:
1.
Terminate SSL connections at a central location
2.
Manage both authentication and authorization for incoming and outgoing web service calls
3.
Advertise the web service API
4.
Implement DLP and anti-malware features
Which of the following technologies will be the BEST option?
A. WAF
B. XML gateway
C. ESB gateway
D. API gateway
Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.
Which of the following will the analyst most likely use NEXT?
A. Process explorer
B. Vulnerability scanner
C. Antivirus
D. Network enumerator
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?
A. Traffic interceptor log analysis
B. Log reduction and visualization tools
C. Proof of work analysis D. Ledger analysis software
Over the last 90 days, many private storage services have been exposed in the cloud services environments, and the security team does not have the ability to see who is creating these instances. Shadow IT is creating data services and instances faster than the email security team can keep up with them. The Chief Information Security Officer (CISO) has asked the security lead architect to recommend solutions to this problem.
Which of the following BEST addresses the problem with the least amount of administrative effort?
A. Compile a list of firewall requests and compare them against interesting cloud services
B. Implement a CASB solution and track cloud service use cases for greater visibility
C. Implement a user-behavior analytics system to associate user events with cloud service creation events
D. Capture all logs and feed them to a SIEM. and then analyze for cloud service events.
A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility. Which of the following systems should the consultant review before making a recommendation?
A. CAN
B. ASIC
C. FPGA
D. SCADA
SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.
The company's hardening guidelines indicate the following:
1.
There should be one primary server or service per device.
2.
Only default ports should be used.
3.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:
1.
The IP address of the device
2.
The primary server or service of the device
3.
The protocol(s) that should be disabled based on the hardening guidelines
To select multiple protocols, use CTRL+CLICK.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A. Check the answer in explanation.
B. PlaceHoder
C. PlaceHoder
D. PlaceHoder