Which are successful Disaster Recovery Plan best practices options to be considered? (Choose three.)
During an audit, an organization's ability to establish key performance indicators for its service hosting solution is discovered to be weak. What could be the cause of this?
When performing a vulnerability assessment from outside the perimeter, which of the following network devices is MOST likely to skew the scan results?
Which of the following plans helps IT security staff detect, respond to, and recover from a cyber attack?
What allows a company to restore normal business operations in a matter of minutes or seconds?
What is the definition of a security breach?
During a log review, an incident responder is attempting to process the proxy server’s log files but finds that
they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?
ABC Company uses technical compliance tests to verify that its IT systems are configured according to organizational information security policies, standards, and guidelines. Which two tools and controls can ABC Company use to verify that its IT systems are configured accordingly? (Choose two.)
Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?
Which three of the following are included in encryption architecture? (Choose three.)
To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)
Which term best describes an asset's susceptibility to damage or loss due to a threat?
Which of the following does the command nmap –open 10.10.10.3 do?
Which service is commonly found on port 3306?
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = “attacker@somewhere.com”; DROP TABLE members; –”
Which of the following did the hackers perform?
Which of the following represents a front-end security capability that addresses cyber resiliency?
Which of the following describes United States federal government cybersecurity policies and guidelines?
A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?
A system administrator identifies unusual network traffic from outside the local network. Which of the following
is the BEST method for mitigating the threat?
Which of the following is BEST suited to prevent piggybacking into a sensitive or otherwise restricted area of a facility?
A network administrator has determined that network performance has degraded due to excessive use of
social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?
What are three examples of incident response? (Choose three.)
A digital forensics investigation requires analysis of a compromised system's physical memory. Which of the following tools should the forensics analyst use to complete this task?
Which of the following backup strategies will result in the shortest backup time during weekdays and use the least amount of storage space but incur the longest restore time?
Where are log entries written for auditd in Linux?
Organizations considered “covered entities” are required to adhere to which compliance requirement?
When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?
While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?
If an organization suspects criminal activity during the response to an incident, when should they notify law enforcement authorities?
After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?
During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?
A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?
A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be
PRIMARY focus of the incident response team?
An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.
Which of the following provides the organization with the BEST chance for recovering their data?
According to SANS, when should an incident retrospective be performed?
Which term describes the process of collecting logs from many sources across an IT infrastructure into a single, centralized platform to be reviewed and analyzed?
A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?
What is baseline security?
Which encryption technology was built into Mac OS X?
Vulnerability scanners generally classify vulnerabilities by which of the following? (Choose two.)
An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?
Which answer option is a tactic of social engineering in which an attacker engages in an attack performed by phone?
Which of the following sources is best suited for monitoring threats and vulnerabilities?
The statement of applicability (SOA) document forms a fundamental part of which framework?
An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After
reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
What are the two most appropriate binary analysis techniques to use in digital forensics analysis? (Choose two.)
Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)
According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?