لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Several critical bugs were identified during a vulnerability scan. The SLA risk requirement is that all critical vulnerabilities should be patched within 24 hours. After sending a notification to the asset owners, the patch cannot be deployed due to planned, routine system upgrades Which of the following is the best method to remediate the bugs?
A. Reschedule the upgrade and deploy the patch
B. Request an exception to exclude the patch from installation
C. Update the risk register and request a change to the SLA
D. Notify the incident response team and rerun the vulnerability scan
عرض الإجابة
اجابة صحيحة: C
السؤال #2
An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?
A. Take a snapshot of the compromised server and verify its integrity
B. Restore the affected server to remove any malware
C. Contact the appropriate government agency to investigate
D. Research the malware strain to perform attribution
عرض الإجابة
اجابة صحيحة: B
السؤال #3
While reviewing web server logs, a security analyst discovers the following suspicious line: Which of the following is being attempted?
A. Remote file inclusion
B. Command injection
C. Server-side request forgery
D. Reverse shell
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
A. The lead should review what is documented in the incident response policy or plan
B. Management level members of the CSIRT should make that decision
C. The lead has the authority to decide who to communicate with at any t me
D. Subject matter experts on the team should communicate with others within the specified area of expertise
عرض الإجابة
اجابة صحيحة: A
السؤال #5
An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?
A. Scope
B. Weaponization
C. CVSS
D. Asset value
عرض الإجابة
اجابة صحيحة: B
السؤال #6
A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?
A. Potential precursor to an attack
B. Unauthorized peer-to-peer communication
C. Rogue device on the network
D. System updates
عرض الإجابة
اجابة صحيحة: B
السؤال #7
A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the server pool, users reported issues with the website, indicating the site could not be trusted. Which of the following is the most likely cause of the server issue?
A. The server was configured to use SSI- to securely transmit data
B. The server was supporting weak TLS protocols for client connections
C. The malware infected all the web servers in the pool
D. The digital certificate on the web server was self-signed
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Which of the following does "federation" most likely refer to within the context of identity and access management?
A. Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access
B. An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains
C. Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user
D. Correlating one's identity with the attributes and associated applications the user has access to
عرض الإجابة
اجابة صحيحة: D
السؤال #9
An analyst is reviewing a vulnerability report for a server environment with the following entries: Which of the following systems should be prioritized for patching first?
A. 10
B. 54
C. 54
D. 54
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system, application, or user base is affected by an uptime availability outage?
A. Timeline
B. Evidence
C. Impact
D. Scope
عرض الإجابة
اجابة صحيحة: A
السؤال #11
A SOC manager receives a phone call from an upset customer. The customer received a vulnerability report two hours ago: but the report did not have a follow-up remediation response from an analyst. Which of the following documents should the SOC manager review to ensure the team is meeting the appropriate contractual obligations for the customer?
A. SLA
B. MOU
C. NDA
D. Limitation of liability
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?
A. Command and control
B. Actions on objectives
C. Exploitation
D. Delivery
عرض الإجابة
اجابة صحيحة: A
السؤال #13
An incident response analyst is investigating the root cause of a recent malware outbreak. Initial binary analysis indicates that this malware disables host security services and performs cleanup routines on it infected hosts, including deletion of initial dropper and removal of event log entries and prefetch files from the host. Which of the following data sources would most likely reveal evidence of the root cause? (Select two).
A. Creation time of dropper
B. Registry artifacts
C. EDR data
D. Prefetch files
E. File system metadata
F. Sysmon event log
عرض الإجابة
اجابة صحيحة: A
السؤال #14
A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls, and two-factor authentication. Which of the following does this most likely describe?
A. System hardening
B. Hybrid network architecture
C. Continuous authorization
D. Secure access service edge
عرض الإجابة
اجابة صحيحة: B
السؤال #15
A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network. Which of the following would best aid in decreasing the workload without increasing staff?
A. SIEM
B. XDR
C. SOAR
D. EDR
عرض الإجابة
اجابة صحيحة: A
السؤال #16
A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?
A. Increasing training and awareness for all staff
B. Ensuring that malicious websites cannot be visited
C. Blocking all scripts downloaded from the internet
D. Disabling all staff members' ability to run downloaded applications
عرض الإجابة
اجابة صحيحة: BC
السؤال #17
A systems administrator notices unfamiliar directory names on a production server. The administrator reviews the directory listings and files, and then concludes the server has been compromised. Which of the following steps should the administrator take next?
A. Inform the internal incident response team
B. Follow the company's incident response plan
C. Review the lessons learned for the best approach
D. Determine when the access started
عرض الإجابة
اجابة صحيحة: A
السؤال #18
New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy. Which of the following will the SOC manager most likely recommend to help ensure new employees are accountable for following the company policy?
A. Human resources must email a copy of a user agreement to all new employees
B. Supervisors must get verbal confirmation from new employees indicating they have read the user agreement
C. All new employees must take a test about the company security policy during the cjitoardmg process
D. All new employees must sign a user agreement to acknowledge the company security policy
عرض الإجابة
اجابة صحيحة: B
السؤال #19
There are several reports of sensitive information being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?
A. Implement step-up authentication for administrators
B. Improve employee training and awareness
C. Increase password complexity standards
D. Deploy mobile device management
عرض الإجابة
اجابة صحيحة: D
السؤال #20
A systems administrator is reviewing after-hours traffic flows from data-center servers and sees regular outgoing HTTPS connections from one of the servers to a public IP address. The server should not be making outgoing connections after hours. Looking closer, the administrator sees this traffic pattern around the clock during work hours as well. Which of the following is the most likely explanation?
A. C2 beaconing activity
B. Data exfiltration
C. Anomalous activity on unexpected ports
D. Network host IP address scanning
E. A rogue network device
عرض الإجابة
اجابة صحيحة: C
السؤال #21
A security analyst has found a moderate-risk item in an organization's point-of-sale application. The organization is currently in a change freeze window and has decided that the risk is not high enough to correct at this time. Which of the following inhibitors to remediation does this scenario illustrate?
A. Service-level agreement
B. Business process interruption
C. Degrading functionality
D. Proprietary system
عرض الإجابة
اجابة صحيحة: A
السؤال #22
The security operations team is required to consolidate several threat intelligence feeds due to redundant tools and portals. Which of the following will best achieve the goal and maximize results?
A. Single pane of glass
B. Single sign-on
C. Data enrichment
D. Deduplication
عرض الإجابة
اجابة صحيحة: C
السؤال #23
During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?
A. Shut down the server
B. Reimage the server
C. Quarantine the server
D. Update the OS to latest version
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?
A. Enrich the SIEM-ingested data to include all data required for triage
B. Schedule a task to disable alerting when vulnerability scans are executing
C. Filter all alarms in the SIEM with low severity
D. Add a SOAR rule to drop irrelevant and duplicated notifications
عرض الإجابة
اجابة صحيحة: B
السؤال #25
A company that has a geographically diverse workforce and dynamic IPs wants to implement a vulnerability scanning method with reduced network traffic. Which of the following would best meet this requirement?
A. External
B. Agent-based
C. Non-credentialed
D. Credentialed
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.