Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the

following threat motives does this MOST likely represent?

A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.

The unknown process is MOST likely:

Which two mitigation strategies can prevent an attack delivered via malware? (Choose two.)

Which of the following can increase an attack surface?

Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)

Detailed step-by-step instructions to follow during a security incident are considered:

Which three answer options are password attack methods and techniques? (Choose three.)

After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?

During recovery from an incident, which three options should a company focus on? (Choose three.)

An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After

reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?

A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?

In which of the following attack phases would an attacker use Shodan?

Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

Which of the following backup strategies will result in the shortest backup time during weekdays and use the least amount of storage space but incur the longest restore time?

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:

-Running antivirus scans on the affected user machines

-Checking department membership of affected users

-Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

-Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?

Which two answer options are the BEST reasons to conduct post-incident reviews after an incident occurs in an organization? (Choose two.)

Which of the following regulations is most applicable to a public utility provider operating in the United States?

To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)

If an organization suspects criminal activity during the response to an incident, when should they notify law enforcement authorities?

Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?

An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?

A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)

Which of the following security best practices should a web developer reference when developing a new web- based application?

It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

During an incident, the following actions have been taken:

-Executing the malware in a sandbox environment

-Reverse engineering the malware

-Conducting a behavior analysis

Based on the steps presented, which of the following incident handling processes has been taken?

Nmap is a tool most commonly used to:

The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)

A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?

Which standard was implemented in the United States to protect the privacy of patient medical information through restricted access to medical records and regulations for sharing medical records?

Which two answer options correctly highlight the difference between static and dynamic binary analysis techniques? (Choose two.)

A security analyst needs to capture network traffic from a compromised Mac host. They attempt to execute the tcpdump command using their general user account but continually receive an "Operation Not Permitted" error.

Use of which of the following commands will allow the analyst to capture traffic using tcpdump successfully?

A forensic analyst has been tasked with analyzing disk images with file extensions such as .001, .002, etc. Which of the following disk imaging tools was MOST LIKELY used to create these image files?

Which of the following sources is best suited for monitoring threats and vulnerabilities?

Which of the following are components of Security Content Automation Protocol (SCAP)?

What are three examples of incident response? (Choose three.)

An incident responder has collected network capture logs in a text file, separated by five or more data fields.

Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?

During an audit, an organization's ability to establish key performance indicators for its service hosting solution is discovered to be weak. What could be the cause of this?

Which of the following is a cybersecurity solution for insider threats to strengthen information protection?

Which are successful Disaster Recovery Plan best practices options to be considered? (Choose three.)

Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)

Which of the following technologies would reduce the risk of a successful SQL injection attack?

Which of the following, when exposed together, constitutes PII? (Choose two.)

A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST

likely used by the analyst for the initial discovery?

When performing a vulnerability assessment from outside the perimeter, which of the following network devices is MOST likely to skew the scan results?

A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?

Which of the following does the command nmap –open 10.10.10.3 do?

A system administrator pulls records from a database that only requires the use of their general user vs. domain admin account. Use of the general user account demonstrates which of the following concepts?

Vulnerability scanners generally classify vulnerabilities by which of the following? (Choose two.)

Which of the following enables security personnel to have the BEST security incident recovery practices?

What is the primary purpose of the "information security incident triage and processing function" in the (CSIRT) Computer Security Incident Response Team Services Framework?

When reviewing log files from a recent incident, the response team discovers that most of the network-based indicators are IP-based. It would be helpful to the response team if they could resolve those IP-based indicators to hostnames. Which of the following is BEST suited for this task?

Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?