Question #:1
Scan results identify critical Apache vulnerabilities on a company’s web servers. A security analyst believes
many of these results are false positives because the web environment mostly consists of Windows servers.
Which of the following is the BEST method of verifying the scan results?
A. Run a service discovery scan on the identified servers.
B. Refer to the identified servers in the asset inventory.
C. Perform a top-ports scan against the identified servers.
D. Review logs of each host in the SIEM.
Answer: A
Question #:2
A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst
decides to find a better approach to analyze the logs. Given a list of tools, which of the following would
provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a
report?
A. Kali
B. Splunk
C. Syslog
D. OSSIM
Answer: B
Question #:3
Three similar production servers underwent a vulnerability scan. The scan results revealed that the three
servers had two different vulnerabilities rated “Critical”.
The administrator observed the following about the three servers:
The servers are not accessible by the Internet
AV programs indicate the servers have had malware as recently as two weeks ago
The SIEM shows unusual traffic in the last 20 days
Integrity validation of system files indicates unauthorized modifications
Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).
A. Servers may have been built inconsistently
B. Servers may be generating false positives via the SIEM
C. Servers may have been tampered with
D. Activate the incident response plan
E. Immediately rebuild servers from known good configurations
F. Schedule recurring vulnerability scans on the servers
Answer: C D
Question #:4
A company invested ten percent of its entire annual budget in security technologies. The Chief Information
Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the
same cyber attack its competitor experienced three months ago. However, despite this investment, users are
sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following
will eliminate the risk introduced by this practice?
A. Invest in and implement a solution to ensure non-repudiation
B. Force a daily password change
C. Send an email asking users not to share their credentials
D. Run a report on all users sharing their credentials and alert their managers of further actions
Answer: C
No comments:
Post a Comment