An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?
A. Beaconing
B. Cross-site scripting
C. Buffer overflow
D. PHP traversal
An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?
A. Scope
B. Weaponization
C. CVSS
D. Asset value
Which of the following is an important aspect that should be included in the lessons-learned step after an incident?
A. Identify any improvements or changes in the incident response plan or procedures
B. Determine if an internal mistake was made and who did it so they do not repeat the error
C. Present all legal evidence collected and turn it over to iaw enforcement
D. Discuss the financial impact of the incident to determine if security controls are well spent
An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next? A Take a snapshot of the compromised server and verify its integrity
A. Restore the affected server to remove any malware
B. Contact the appropriate government agency to investigate
C. Research the malware strain to perform attribution
An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has:
1.
created the initial evidence log.
2.
disabled the wireless adapter on the device.
3.
interviewed the employee, who was unable to identify the website that was accessed.
4.
reviewed the web proxy traffic logs.
Which of the following should the analyst do to remediate the infected device?
A. Update the system firmware and reimage the hardware.
B. Install an additional malware scanner that will send email alerts to the analyst.
C. Configure the system to use a proxy server for Internet access.
D. Delete the user profile and restore data from backup.
A. High GPU utilization
B. Bandwidth consumption
C. Unauthorized changes
D. Unusual traffic spikes
A security analyst discovers the following firewall log entries during an incident:
Which of the following is MOST likely occurring?
A. Banner grabbing
B. Port scanning
C. Beaconing
D. Data exfiltration
An organization announces that all employees will need to work remotely for an extended period of time. All employees will be provided with a laptop and supported hardware to facilitate this requirement. The organization asks the information security division to reduce the risk during this time. Which of the following is a technical control that will reduce the risk of data loss if a laptop is lost or stolen?
A. Requiring the use of the corporate VPN
B. Requiring the screen to be locked after five minutes of inactivity
C. Requiring the laptop to be locked in a cabinet when not in use
D. Requiring full disk encryption
Which of the following is the BEST option to protect a web application against CSRF attacks?
A. Update the web application to the latest version.
B. Set a server-side rate limit for CSRF token generation.
C. Avoid the transmission of CSRF tokens using cookies.
D. Configure the web application to only use HTTPS and TLS 1.3.