NEW QUESTION 1
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?

• A. Begin blocking all IP addresses within that subnet.
• B. Determine the attack vector and total attack surface.
• C. Begin a kill chain analysis to determine the impact.
• D. Conduct threat research on the IP addresses

Answer: D

NEW QUESTION 2
A security architect is reviewing the options for performing input validation on incoming web form submissions. Which of the following should the architect as the MOST secure and manageable option?

• A. Client-side whitelisting
• B. Server-side whitelisting
• C. Server-side blacklisting
• D. Client-side blacklisting

Answer: B

NEW QUESTION 3
A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.
Which of the following would be the BEST solution to recommend to the director?

• A. Install a data loss prevention system, and train human resources employees on its us
• B. Provide PII training to all employees at the compan
• C. Encrypt PII information.
• D. Enforce encryption on all emails sent within the compan
• E. Create a PII program and policy on how to handle dat
• F. Train all human resources employees.
• G. Train all employee
• H. Encrypt data sent on the company networ
• I. Bring in privacy personnel to present a plan on how PII should be handled.
• J. Install specific equipment to create a human resources policy that protects PII dat
• K. Train company employees on how to handle PII dat
• L. Outsource all PII to another compan
• M. Send the human resources director to training for PII handling.

Answer: A

NEW QUESTION 4
A web-based front end for a business intelligence application uses pass-through authentication to authenticate users The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

• A. Change the security model to force the users to access the database as themselves
• B. Parameterize queries to prevent unauthorized SQL queries against the database
• C. Configure database security logging using syslog or a SIEM
• D. Enforce unique session IDs so users do not get a reused session ID

Answer: B

NEW QUESTION 5
An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders Which of the following controls is the MOST appropriate to mitigate risks?

• A. Data deduplication
• B. OS fingerprinting
• C. Digital watermarking
• D. Data loss prevention

Answer: D

NEW QUESTION 6
A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?

• A. Violating national security policy
• B. Packet injection
• C. Loss of intellectual property
• D. International labor laws

Answer: A

NEW QUESTION 7
A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:
Antivirus is installed on the remote host:
Installation path: C:\Program Files\AVProduct\Win32\ Product Engine: 14.12.101
Engine Version: 3.5.71
Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.
The engine version is out of date. The oldest supported version from the vendor is 4.2.11. The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

• A. This is a false positive, and the scanning plugin needs to be updated by the vendor.
• B. This is a true negative, and the new computers have the correct version of the software.
• C. This is a true positive, and the new computers were imaged with an old version of the software.
• D. This is a false negative, and the new computers need to be updated by the desktop team.

Answer: C

NEW QUESTION 8
A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost-paymonts .c onf file The output of the diff command against the known-good backup reads as follows

Which of the following MOST likely occurred?

• A. The file was altered to accept payments without charging the cards
• B. The file was altered to avoid logging credit card information
• C. The file was altered to verify the card numbers are valid.
• D. The file was altered to harvest credit card numbers

Answer: A

NEW QUESTION 9
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/ "><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/XMLSchema-instance "></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap
<<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>somebody@companyname.com 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body>< 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/"><s:Body><IsLoggedIn+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i="
http://www.w3.org/2001/XMLSchema-instance"><a:Authentication>
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0
<a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authe 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89
Which of the following MOST likely explains how the clients' accounts were compromised?

• A. The clients' authentication tokens were impersonated and replayed.
• B. The clients' usernames and passwords were transmitted in cleartext.
• C. An XSS scripting attack was carried out on the server.
• D. A SQL injection attack was carried out on the server.

Answer: A

NEW QUESTION 10
An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company Which of the following technical controls would BEST accomplish this goal?

• A. DLP
• B. Encryption
• C. Data masking
• D. SPF

Answer: A

NEW QUESTION 11
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?

• A. Decompile each binary to derive the source code.
• B. Perform a factory reset on the affected mobile device.
• C. Compute SHA-256 hashes for each binary.
• D. Encrypt the binaries using an authenticated AES-256 mode of operation.
• E. Inspect the permissions manifests within each application.

Answer: C

NEW QUESTION 12
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

Which of the following should the analyst review to find out how the data was exfilltrated?

• A. Monday's logs
• B. Tuesday's logs
• C. Wednesday's logs
• D. Thursday's logs

Answer: D

NEW QUESTION 13
An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

• A. Duplicate all services in another instance and load balance between the instances.
• B. Establish a hot site with active replication to another region within the same cloud provider.
• C. Set up a warm disaster recovery site with the same cloud provider in a different region
• D. Configure the systems with a cold site at another cloud provider that can be used for failover.

Answer: C

NEW QUESTION 14
Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

• A. Self-encrypting drive
• B. Bus encryption
• C. TPM
• D. HSM

Answer: A

NEW QUESTION 15
During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect.
Which of the following is the BEST place to acquire evidence to perform data carving?

• A. The system memory
• B. The hard drive
• C. Network packets
• D. The Windows Registry

Answer: A

NEW QUESTION 16
While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:
• All sensitive data must be classified
• All sensitive data must be purged on a quarterly basis
• Certificates of disposal must remain on file for at least three years
This framework control is MOST likely classified as:

• A. prescriptive
• B. risk-based
• C. preventive
• D. corrective

Answer: A

NEW QUESTION 17
An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding. When of the following would be the BEST integration option for the service?

• A. Manually log in to the service and upload data files on a regular basis.
• B. Have the internal development team script connectivity and file translate to the new service.
• C. Create a dedicated SFTP sue and schedule transfers to ensue file transport security
• D. Utilize the cloud products API for supported and ongoing integrations

Answer: A

NEW QUESTION 18
A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor's labs.
Which of the following is the main concern a security analyst should have with this arrangement?

• A. Making multiple trips between development sites increases the chance of physical damage to the FPGAs.
• B. Moving the FPGAs between development sites will lessen the time that is available for security testing.
• C. Development phases occurring at multiple sites may produce change management issues.
• D. FPGA applications are easily cloned, increasing the possibility of intellectual property theft.

Answer: B

NEW QUESTION 19
A security analyst gathered forensics from a recent intrusion in preparation for legal proceedings. The analyst used EnCase to gather the digital forensics. cloned the hard drive, and took the hard drive home for further analysis. Which of the following of the security analyst violate?

• A. Cloning procedures
• B. Chain of custody
• C. Hashing procedures
• D. Virtualization

Answer: B

NEW QUESTION 20
......