28 Questions
What can block an attack at Layer 7?
WAF
How can a business operations manager mitigate concerns about a PC hardware failure?
Perform a physical-to-virtual migration
What is the BEST action to prevent reinfection from an infection vector on an internet-facing Windows server?
Block port 3389 inbound from untrusted networks
Which of the following actions is commonly used to prevent malware reinfection?
Implementing application whitelisting
What technology uses SAML for authentication?
Federation
In cybersecurity, which technology is specifically designed to protect web applications?
NIDS
What should the SOC consider to BEST improve its response time?
Implement a SOAR with customizable playbooks
In the context of validating transactions securely, which solution is the BEST to adopt?
PKI
What technology BEST meets the requirements of providing centralized infrastructure management and consistent user desktop experience?
VDI
To enhance incident response time, what should be done with OSINT artifacts?
Catalog them in a central repository
Which technology is NOT typically used for transaction validation and artifact issuance?
OAuth
What method should be recommended to reduce the need for constant replacement of aging end-user machines?
Implementing VDI environments
After discovering large data exfiltration during a penetration test, what should be the client's NEXT step to mitigate the issue?
Perform containment on the critical servers and resources
What type of controls should a security analyst implement to limit unauthorized access to a physical site with the lowest possible budget?
Deterrent controls
A company is migrating servers to the cloud to reduce its technology footprint. Which solution will require the LEAST management and support?
SaaS
Who is responsible for protecting an organization's collected personal information?
Data Protection Officer
What was the reason a RAM image could not be taken?
The computer was turned off
To compare biometric solutions for the highest likelihood of denying unauthorized access, what should an organization focus on?
FRR
In the case of a data leak involving proprietary information, what is the BEST remediation approach?
CASB
In the scenario where an attacker spoofed the IP address associated with a shopping site, which attack took place?
On-path attack
What was confirmed about the corporate network in the data leak incident involving the COPE tablet?
It was secure
When a company is considering transitioning to the cloud, what aspect should be evaluated?
Network security
What type of malware is MOST likely causing the repeated deletion of files when the Chief Financial Officer logs in to the file server?
Logic bomb
After identifying malware spreading through the corporate network, what should the analyst do NEXT?
Attempt to quarantine all infected hosts to limit further spread
What caused the company to realize it was still vulnerable despite applying rules to inbound traffic and implementing ACLs on critical servers?
Outbound traffic not being restricted
In which stage of the Cyber Kill Chain is the adversary currently operating if they are able to maintain a presence in the network?
Command and control
What would be the most appropriate action for preventing similar issues in the future after a logic bomb incident?
Monitoring system logs for unusual activities
Why is it important for a security analyst to activate the CSIRT after identifying malware spreading through the corporate network?
To involve a response team with expertise in handling security incidents
Explore solutions for a large MSSP's SOC to enhance incident response time, focusing on strategies to reduce manual tasks and optimize analysts' efforts. Consider the benefits of collecting OSINT and using NIDS appliances for efficient incident resolution.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
