Question 1

While analyzing logs from a WAF, a cybersecurity analyst finds the following: "GET /form.php?id=463225%2b%2575%256e%2569%256f%256e%2b%2573%2574%2box3133333731,1223,1224&name=&state=IL" Which of the following BEST describes what the analyst has found?

Accepted Answer

The request contains encoded characters that suggest an attempt to bypass the WAF by obfuscating the payload.

Question 2

Which of the following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

Accepted Answer

SCAP (Security Content Automation Protocol) enables standardized expressions for checklists and vulnerability analysis, facilitating automation in cybersecurity analysis.

Question 3

Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

Accepted Answer

Filesystem encryption encrypts the data on the disk, making it inaccessible to unauthorized users, even if the device is stolen or compromised.

Question 4

A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party, mail.marketing.com. Below is the existing SPF record: v=spf1 a mx -all Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?

Accepted Answer

Including "include:mail.marketing.com" allows the third-party mail server to send emails on behalf of the company. The "~all" mechanism is a soft fail, which is less strict than "-all" and helps reduce the chances of emails being marked as spam.

Question 5

After a breach involving the exfiltration of a large amount of sensitive data, a security analyst is reviewing the following firewall logs to determine how the breach occurred:  Which of the following IP addresses does the analyst need to investigate further?

Accepted Answer

The answer of After a breach involving the exfiltration of...

Question 6

A hybrid control is one that:

Accepted Answer

The answer of A hybrid control is one that:
...

Question 7

An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested in a secure, built-in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

Accepted Answer

The answer of An organization that handles sensitive financial information...

Question 8

An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented. Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

Accepted Answer

Creating one cloud account with three separate VPCs for each environment allows for segmentation while maintaining simplicity in management. Security rules can be configured to control access between the environments, ensuring both security and ease of maintenance.

Question 9

A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised. Which of the following would provide the BEST results?

Accepted Answer

An uncredentialed scan is a type of vulnerability assessment that does not require any credentials to be provided. This makes it a good option for identifying vulnerabilities that could be exploited by an attacker who does not have any authorized access to the network.

Question 10

A security analyst is reviewing the following web server log: GET %2f..%2f..%2f.. %2f.. %2f.. %2f.. %2f../etc/passwd Which of the following BEST describes the issue?

Accepted Answer

The log entry shows an attempt to access the /etc/passwd file using encoded characters to traverse directories, which is indicative of a directory traversal exploit.

Question 11

When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

Accepted Answer

The command "nmap -sS -O <system> -P0" performs a stealth SYN scan (-sS) without pinging the host (-P0), which is suitable for systems that do not respond to ping.

Question 12

A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet. Which of the following solutions would meet this requirement?

Accepted Answer

The answer of A development team signed a contract that...

Question 13

Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity?

Accepted Answer

API integration allows different cloud instances to share data efficiently and with minimal complexity by providing a standardized way for applications to communicate and exchange information.

Question 14

An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

Accepted Answer

Threat hunting involves actively searching for potential threats and vulnerabilities before they can be exploited, aligning with a proactive security stance.

Question 15

A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Big Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

Accepted Answer

The value of the risk is calculated by multiplying the potential loss ($1.5 million) by the probability of the event occurring (5%), which equals $75,000.

Question 16

A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided. Which of the following data privacy standards does this violate?

Accepted Answer

The purpose limitation principle states that personal data should be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Using the data for marketing notifications when it was collected for recalls and adverse reactions violates this principle.

Question 17

A cybersecurity analyst is supporting an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

Accepted Answer

The answer of A cybersecurity analyst is supporting an incident...

Question 18

A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:  Which of the following should the analyst review to find out how the data was exfiltrated?

Accepted Answer

The answer of A security analyst is conducting a post-incident...

Question 19

An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

Accepted Answer

The answer of An analyst is investigating an anomalous event...

Question 20

A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would MOST likely indicate if the email is malicious?

Accepted Answer

The answer of A user receives a potentially malicious email...

Exam 5: CompTIA Cloud Essentials+