100% found this document useful (1 vote)

118 views

CompTIA Cybersecurity Analyst (CySA+)

The document discusses a book for preparing for the CompTIA CySA+ certification exam. It provides sample exam questions and answers to help readers practice for the actual exam.

Uploaded by

DEVITZONE

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

118 views

CompTIA Cybersecurity Analyst (CySA+)

The document discusses a book for preparing for the CompTIA CySA+ certification exam. It provides sample exam questions and answers to help readers practice for the actual exam.

Uploaded by

DEVITZONE

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 14

1

https://devitzone.com
CompTIA CyberSecurity Analyst
[CySA+ CS0-002]

https://devitzone.com

Thank you for purchased this book for CompTIA CyberSecurity Analyst (CySA+ CS0-002) exam preparation.
Please practice/review all questions thoroughly as well study the study guides which the CompTIA.org has
recommend for the exam preparation prior to attend the actual exam.
2
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
CompTIA CySA+ (CS0-002)
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 1:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A human resources employee sends out a mass email to all employees that contains their personnel
D E V I T ZAOsecurity
records. NE.com D E V IisT Zcalled
analyst O N E in
. c to
o maddress
D E V I Tthe
Z O concern
NE.com ofDthe
E V human
I T Z O Nresources
E . c o m D director
E V I T Z Oon
N Ehow
. c om
to
prevent
D E V I T Zthis
O Nfrom
E . c ohappening
m D E V I TinZO the
N Efuture.
. c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Which
D E V I Tof
ZOthe
N Efollowing
. c o m D Ewould
V I T Zbe
O Nthe
E . BEST
c o m solution
D E V I T Zto
ONrecommend
E . c o m D Eto
V Ithe
T Z director?
O N E . c o m D E V I T Z O N E . c om

D E VA.I TInstall
Z O N Ea. data
c o m loss
D E Vprevention
I T Z O N E . system,
c o m D Eand
V I Ttrain
Z O Nhuman
E . c o mresources
D E V I T Zemployees
O N E . c o mon
D EitsV Iuse.
T Z OProvide PII
N E . c om
training to all employees at the company. Encrypt PII information.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Enforce encryption on all emails sent within the company. Create a PII program and policy on how
D E V I TtoZ Ohandle
N E . c data.
o m DTrain
E V I Tall
ZO human
N E . c resources
o m D E V I employees.
T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
present a plan on how PII should be handled.
D E VD.I TInstall
Z O N Especific
. c o m Dequipment
E V I T Z O NtoE create
.comD a Ehuman
VITZO resources
N E . c o mpolicy
D E V that
ITZO protects
N E . c oPII
m Ddata.
E V I Train
T Z O Ncompany
E . c om
employees on how to handle PII data. Outsource all PII to another company. Send the human
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
resources director to training for PII handling.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 2:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
During an incident, a cyber-security analyst found several entries in the web server logs that are related to
an
D EIP
V Iwith
T Z OaNbad
E . creputation.
o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I Tof
Which ZO N Efollowing
the . c o m D Ewould
V I T Zcause
O N E .the
com D E V Ito
analyst T Zfurther
O N E . review
c o m D Ethe
V Iincident?
T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TBadReputationIp
Z O N E . c o m D E -V- I[2019-94-12 m D E V“GET
T Z O N E . c o10:43z) I T Z O/etc/pasawd"
N E . c o m D E403
V I T1023
Z O N E . c o m D E V I T Z O N E . c om

D E VB.I TBadReputationip
Z O N E . c o m D E-V- I[2019-34-12 m D E V"SET
T Z O N E . c o10:43z] ITZO/index.html?src=../.esh/id_raa”
N E . c o m D E V I T Z O N E . c o m401
D E17044
V I T Z O N E . c om
C. BadReputationIp - - (2019-34-12 10:43z] “SET /a.php?arc=/etc/pasawd” 403 11056
D E VD.I TBedReputationIp
Z O N E . c o m D E -V- I[2015-04-12
T Z O N E . c o10:43z]
m D E V"SET
ITZO N E . c o m D E V I T Z O N E . c o200
/a.php?erec=../../.ssh/id_rsa® m D15036
E V I T Z O N E . c om
E. BadReputationip - - [2019-04-12 10:43z] "SET /favicon.ico?arc=../usr/share/icons” 200 19064
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question
D E V I T Z O N3:E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

An
D E Vincident
I T Z O Nresponder
E . c o m D Esuccessfully
V I T Z O N E .acquired
c o m D E Vapplication
I T Z O N E . binaries
c o m D E off
V I TaZ mobile
O N E . c device
o m D E for
V I Tlater
Z O Nforensic
E . c om
analysis.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following should the analyst do NEXT?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

A. Decompile each binary to derive the source code.

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Perform a factory reset on the affected mobile device.
D E VC.I TCompute
Z O N E . cSHA-256
o m D E Vhashes
I T Z O Nfor
E .each
c o mbinary.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Encrypt the binaries using an authenticated AES-256 mode of operation.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
E. Inspect the permissions manifests within each application.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
3
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 4:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a
security
D E V I T Zperspective?
O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TUnauthorized,
Z O N E . c o m Dunintentional,
E V I T Z O N E .benign
c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Unauthorized, intentional, malicious
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Authorized, intentional, malicious
D E VD.I TAuthorized,
ZONE.com unintentional,
D E V I T Z O Nbenign
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N https://www.sciencedirect.com/topics/computer-science/insider-attack
Explanation: E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N5:E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst is investigating an incident that appears to have started with SOL injection against a
publicly
D E V I T Zavailable
ONE.co web
m Dapplication.
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Which
D E V I Tof
ZOthe
N Efollowing
. c o m D EisVthe
I T ZFIRST
O N Estep
. c o the
m D analyst
E V I T Z should
O N E . ctake
omD toEprevent
VITZON future
E . c oattacks?
m D E V I T Z O N E . c om

D E VA.I TModify
Z O N E the
. c o IDS
m Drules
E V I TtoZ have
O N Ea. csignature
o m D E Vfor
I T ZSQL
O Ninjection.
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Take the server offline to prevent continued SQL injection attacks.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Create a WAF rule In block mode for SQL injection
D E VD.I TAsk
Z O the
N E .developers
c o m D E V to
I T implement
ZONE.com parameterized
D E V I T Z O NSQL
E . c queries.
o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N6:E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D Esecurity
A V I T Z Oanalyst
N E . c o wants
m D E VtoI Tidentify
Z O N E .which
c o m Dvulnerabilities
E V I T Z O N E .ac potential
o m D E V Iattacker
T Z O N E might
. c o m initially
D E V I T exploit
Z O N E .ifc om
the
network
D E V I T ZisOcompromised.
N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which
D E V I Tof
ZOthe
N Efollowing
. c o m D Ewould
V I T Zprovide
O N E . c the
o m BEST
D E V results?
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TBaseline
Z O N E . cconfiguration
o m D E V I T Zassessment
O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Un-credentialed scan
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Network ping sweep
D E VD.I TExternal
Z O N E . penetration
c o m D E V I Ttest
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N7:E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

The
D E V inability
I T Z O N Eto
. c odo
mDremote
E V I T Zupdates
O N E . c oof
mDcertificates
E V I T Z O Nkeys
E . c osoftware
m D E V I Tand
Z O Nfirmware
E . c o m DisE VaI Tsecurity
Z O N E . issue
c om
commonly associated with:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

A. Web servers on private networks.

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. HVAC control systems
D E VC.I Tsmartphones
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. firewalls and UTM devices
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
4
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 8:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of me following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity
analysis
D E V I T Ztoolset?
O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TItZ automatically

O N E . c o m D performs
EVITZON remedial
E . c o mconfiguration
D E V I T Z O N changes
E . c o m DloEenterprise
V I T Z O N Esecurity
. c o m Dservices
E V I T Z O N E . c om
B. It enables standard checklist and vulnerability analysis expressions for automaton
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. It establishes a continuous integration environment for software development operations
D E VD.I TItZ provides
O N E . c ovalidation
m D E V I Tof
ZOsuspected
N E . c o msystem
D E V I Tvulnerabilities
Z O N E . c o mthrough
D E V I T workflow
Z O N E . c oorchestration
m D E V I T Z O N E . c om

D E V I T Z O N9:E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question
D Emalicious
A V I T Z O Nartifact
E.com D Ecollected
was V I T Z O Nduring
E . c o an
m Dincident
E V I T Z response
O N E . c o procedure.
m D E V I T ZAOsecurity
N E . c o analyst
m D E V IisTunable
Z O N E to
. c run
om
it
D EinVaI sandbox
T Z O N E to
.counderstand
m D E V I T ZitsOfeatures
NE.com and
D Emethod
V I T Z Oof
N operation.
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Which
D E V I Tof
Z Othe
N Efollowing
. c o m D Eprocedures
V I T Z O N E is
. c the
o m BEST
D E V Iapproach
T Z O N E . to
c operform
mDEVIa T Zfurther
O N E . canalysis
o m D E of
V I the
T Z Omalware's
N E . c om
capabilities?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Reverse engineering
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Dynamic analysis
D E VC.I TStrings
Z O N E extraction
. c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Static analysis
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 10:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following technologies can be used to house the entropy keys for disk encryption on
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
desktops and laptops?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Self-encrypting drive
D E VB.I TBus
Z O encryption
N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. TPM
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. HSM
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 11:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst has discovered malware is spreading across multiple critical systems and is originating
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
from single workstations, which belongs to a member of the cyber infrastructure team who has legitimate
administrator
D E V I T Z O N Ecredentials.
. c o m D E V An
I T Zanalysis
O N E . cofo the
m D traffic
E V I T Zindicates
O N E . c othe
mDworkstation
E V I T Z O Nswept
E.com theD networking
E V I T Z O N Elooking
. c om
for vulnerable hosts to infect.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

Which of the following would have worked BEST to prevent the spread of this infection?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Vulnerability scans of the network and proper patching.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. A properly configured and updated EDR solution.
D E VC.I TAZ honeypot
ONE.com used
D E to
V Icatalog
T Z O N Ethe
. c anomalous
o m D E V I Tbehavior
Z O N E . cand
o mupdate
D E V I Tthe
Z OIPS.
N E . c o m D E V I T Z O N E . c om
D. Logical network segmentation and the use of jump boxes
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
5
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 12:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A CyberSecurity analyst needs to re-architect the network using a firewall and a VPN server to achieve the
highest
D E V I T level
Z O N of
E .security
c o m D ETo
V IBEST
T Z Ocomplete
N E . c o mthis
D E task,
V I T Zthe
O Nanalyst
E . c o mshould
D E V Iplace
TZON the:
E . c o m D E V I T Z O N E . c om

D E VA.I Tfirewall
Z O N E .behind
c o m Dthe
E V VPN
I T Z Oserver
N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. VPN server parallel to the firewall
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. VPN server behind the firewall
D E VD.I TVPN
Z O Non
E .the
c o firewall
m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N13:
Question E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I Tof
Which Z Othe
N Efollowing
. c o m D EBEST
V I T Zdescribes
O N E . c o the
m D primary
E V I T Z Orole
N E ol
. c oa m D Eassessment
risk V I T Z O N E as
. c oitmrelates
D E V I to
T Z compliance
O N E . c om
with
D E V risk-based
I T Z O N E . frameworks?
c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TItZ demonstrates

O N E . c o m D Ethe
V I organization's
T Z O N E . c o mmitigation
DEVITZO ofNrisks
E . c associated
o m D E V I Twith
ZON internal
E . c o mthreats.
D E V I T Z O N E . c om
B. It serves as the basis for control selection.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. It prescribes technical control requirements.
D E VD.I TItZ is
O an
N Einput
. c o mtoDthe
E V business
I T Z O N Eimpact
.comD assessment.
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N14:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Esmall
V I T Zbusiness
O N E . c odoes
m D Enot
V I Thave
Z O N enough
E . c o m Dstaff
E V Iin
T Zthe
O N accounting
E . c o m D E Vdepartment
I T Z O N E . cto
o msegregate
D E V I T Z duties.
O N E . c The
om
controller writes the checks for the business and reconciles them against the ledger. To ensure there is no
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
fraud occurring, the business conducts quarterly reviews in which a different officer in the business
compares
D E V I T Z OallN the
E . ccleared
o m D E checks
V I T Z Oagainst
N E . c othe
m Dledger.
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Which
D E V I Tof
ZOthe
N Efollowing
. c o m D EBEST
V I T describes
ZONE.co this
m Dtype
E V Iof
T Zcontrol?
O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TDeterrent
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Preventive
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Compensating
D E VD.I TDetective
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N15:
Question E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst is investigating a malware infection that occurred on a Windows system. The system was
not
D E Vconnected
I T Z O N E .to
c oa m
network
D E V I Tand
ZONhad
E . no
com wireless
D E V I Tcapability
Z O N E . cCompany
o m D E V policy
ITZON prohibits
E . c o m using
D E V Iportable
T Z O N E media
. c om
or mobile storage. The security analyst is trying to determine which user caused the malware to get onto
D E Vsystem.
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

the
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following registry keys would MOST likely have this information?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. HKEY_USERS\<user SID>\Software\Microsoft\Windows\CurrentVersion\Run
D E VB.I THKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. HKEY_USERS\<user SID>\Software\Microsoft\Windows\explorer\MountPoints2
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
6
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. HKEY_USERS\<user SID>\Software\Microsoft\Internet Explorer\Typed URLs
E.I THKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\iusb3hub
DEV Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N16:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Esecurity
V I T Z Oanalyst
N E . c oreceives
m D E V Ian
T Zalert
O N Efrom
.com the
D ESIEM
V I T Zabout
O N Ea. cpossible
o m D E Vattack
I T Z Ohappening
NE.comD onE Vthe
I T network.
Z O N E . c The
om
analyst opens the alert and sees the IP address of the suspected server as 192.168.54.66 which is a part of
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
the network 192 168 54 0/24. The analyst then pulls all the command history logs from that server and sees
the
D E Vfollowing.
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D Eroute
$ V I T Z-n
O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
$ ifconfig -a
$
D Eping
V I T 192.168.54.1
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
$ tcpdump 192.168.54.80 -nns
$
D Ehping
V I T Z-s
O N192.168.54.80
E . c o m D E V I T-cZ O
3 N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Which
D E V I Tof
ZOthe
N Efollowing
. c o m D Eactivities
VITZON is EMOST
. c o mlikely
D E V happening
I T Z O N E . con
omtheD server?
E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TAZ MITM

O N E . attack
c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Enumeration
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Fuzzing
D E VD.I TAZ vulnerability
O N E . c o m Dscan
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N17:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

As
D E part
V I T ZofOaNmerger
E . c o mwith
D E Vanother
I T Z O Norganization,
E . c o m D E V aI TChief
Z O NInformation
E . c o m D E VSecurity
I T Z O NOfficer
E . c o m(CISO)
D E V IisT working
Z O N E . cwith
om
an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
concerned with the potential legal liability and fines associated with data privacy.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Based on the CISO's concerns, the assessor will MOST likely focus on:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Qualitative probabilities.
D E VB.I TQuantitative
Z O N E . c o mprobabilities.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VC.I TQualitative
Z O N E . c o magnitude.
m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Quantitative magnitude.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 18:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
scenarios derived from the available threat intelligence information.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

After forming the basis of the scenario, which of the following may the threat hunter construct to
establish
DEVITZO a framework
N E . c o m D for
E V threat
I T Z O Nassessment?
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TCritical
Z O N E asset
. c o mlist
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Threat vector
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Attack profile
D E VD.I THypothesis
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
7
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 19:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst needs to reduce the overall attack surface.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following infrastructure changes should the analyst recommend?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Implement a honeypot.
D E VB.I TAir
Z Ogap
N E sensitive
. c o m D Esystems.
V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VC.I TIncrease
Z O N E . cthe
o mnetwork
D E V I Tsegmentation.
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Implement a cloud-based architecture.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Explanation:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://www.securitymagazine.com/articles/89283-ways-to-reduce-your-attacksurface
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 20:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
behavior results in the industrial generators overheating and destabilizing the power supply.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following would BEST identify potential indicators of compromise?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Use Burp Suite to capture packets to the SCADA device's IP.
D E VB.I TUse
ZON E . c o m to
tcpdump D Ecapture
V I T Z Opackets
N E . c ofrom
m D Ethe
V I SCADA
T Z O N Edevice
. c o mIP.
D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VC.I TUse
ZON Wireshark
E . c o m DtoE V
capture
ITZON packets
E.com between
D E V I T SCADA
Z O N E devices
. c o m Dand
E V Ithe
TZOmanagement
N E . c o m D system.
E V I T Z O N E . c om
D. Use Nmap to capture packets from the management system to the SCADA devices.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 21:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
risk element in the implementation of data confidentially protection.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following is the BEST technical security control to mitigate this risk?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Switch to RADIUS technology
D E VB.I TSwitch
Z O N Eto
. cTACACS+
o m D E V technology.
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Switch to 802 IX technology
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Switch to the WPA2 protocol.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 22:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

The steering committee for information security management annually reviews the security incident
D E V I T Zfor
register ON E .organization
the c o m D E V I TtoZ O N Efor
look . c otrends
m D E and
V I T systematic
Z O N E . c o issues.
m D E VThe
I T Zsteering
O N E . c committee
o m D E V I Twants
Z O N Eto. crank
om
the
D E Vrisks
ITZO based
N E . con
o mpast
D E Vincidents
I T Z O N Eto. cimprove
o m D E Vthe
I T Zsecurity
O N E . c program
o m D E V Ifor
T Z next
O N E year.
. c o mBelow
D E V I is
T Zthe
O Nincident
E . c om
register for the organization.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
8
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following should the organization consider investing in FIRST due to the potential impact of
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
availability?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Hire a managed service provider to help with vulnerability management
D E VB.I TBuild
Z O NaE warm
. c o msite
D E in
V Icase
T Z Oof
N system
E . c o moutages
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Invest in a failover and redundant system, as necessary
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Hire additional staff for the IT department to assist with vulnerability management and log review
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Explanation:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Both on July 31 and November 24, the organization could not restore multiple days due to missing disaster
recovery
D E V I T Z plan.
O N E Therefore,
. c o m D E Vfailover
I T Z O Nsystems
E . c o mare
D Every
V I T important
Z O N E . c ofor
m Dthis
E Vorganization.
I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N23:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I Tmedical
Legacy Z O N E .equipment,
c o m D E V I which
T Z O Ncontains
E . c o m sensitive
D E V I T Z data,
O N E cannot
. c o m Dbe
E Vpatched.
I T Z O N E . c o m D E V I T Z O N E . c om

D E V I Tof
Which ZO N Efollowing
the . c o m D EisVthe
I T ZBEST
O N Esolution
. c o m Dto
EV I T Z O Nthe
improve E . cequipment's
o m D E V I T Zsecurity
O N E . cposture?
o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Move the legacy systems behind a WAF
D E VB.I TImplement
Z O N E . c o an
mD airE gap
V I T for
Z Othe
N E legacy
.comD systems.
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Implement a VPN between the legacy systems and the local network.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

D. Place the legacy systems in the DMZ

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 24:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following assessment methods should be used to analyze how specialized software
performs
D E V I T Z Oduring
N E . cheavy
o m D Eloads?
V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
9
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Stress test
DEV B.I TAPI
Z O compatibility
N E . c o m D E lest
V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Code review
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. User acceptance test
D E VE.I TInput
Z O N validation
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N25:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Ecybersecurity
V I T Z O N E . analyst
c o m D Ehas
V I access
T Z O Nto
E .several
c o m D threat
E V I T Zfeeds
O N Eand
. c o wants
m D E VtoI Torganize
Z O N E .them
c o m while
D E V I simultaneously
T Z O N E . c om
comparing intelligence against network traffic.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following would BEST accomplish this goal?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A.I TContinuous
DEV ZONE.com integration
D E V I T Z and
O N Edeployment
. c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Automation and orchestration
D E VC.I TStatic
Z O N Eand
. c odynamic
m D E V analysis
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VD.I TInformation
ZONE.com sharing
D E V I and
T Z Oanalysis
N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N26:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Esecurity
V I T Z Oanalyst
N E . c oimplemented
m D E V I T Z O aNsolution
E.comD that
E V would
I T Z O Nanalyze
E . c o mthe
D Eattacks
V I T Z Othat
N E .the
com organization’s
D E V I T Z O Nfirewalls
E . c om
failed to prevent. The analyst used the existing systems to enact the solution and executed the following
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
command.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
S sudo nc -1 -v -c maildemon . py 25 caplog, txt
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following solutions did the analyst implement?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Log collector
D E VB.I TCrontab
Z O N E . mail
c o mscript
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Snikhole
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Honeypot
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 27:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for
D E V I T Zaccess
remote O N E .to
c oamportion
D E V I T of
Z Oits
N EVDI
. c oenvironment.
m D E V I T Z O The
N E . analyst
c o m D Everified
V I T Z Onetwork-level
N E . c o m D E Vauthentication
I T Z O N E . c om
is
enabled
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which
D E V I Tof
ZOthe
N Efollowing
. c o m D EisVthe
I T ZBEST
O N Eremediation
. c o m D E V for
I T Zthis
O Nvulnerability?
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

D E VA.I TVerify
Z O N Ethe
. c olatest
m D Eendpoint-protection
V I T Z O N E . c o m Dsignature
E V I T Z O is
N in
E . place.
c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Verify the corresponding patch for the vulnerability is installed^
D E VC.I TVerify
Z O N Ethe
. c osystem
m D E Vlogs
I T Zdo
O not
N E .contain
c o m D indicator
E V I T Z Oof
N Ecompromise.
. c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VD.I TVerify
Z O N Ethe
. c othreat
m D Eintelligence
V I T Z O N E feed
.com is Dupdated
E V I T Z with
O N Ethe
. c olatest
m D Esolutions
V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
10
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 28:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
An incident response team is responding to a breach of multiple systems that contain PII and PHI.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Disclosing the incident to external entities should be based on:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. the responder’s discretion
D E VB.I Tthe
Z O public
N E . c orelations
m D E V Ipolicy
T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VC.I Tthe
Z O communication
N E . c o m D E V Iplan
T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. senior management’s guidance
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 29:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A compliance officer of a large organization has reviewed the firm's vendor management program but has
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The
compliance
D E V I T Z O Nofficer
E . c o wants
m D E VtoI Tgain
Z O some
N E . c level
o m DofE V
assurance
I T Z O N Eon
. c ao recurring
m D E V I Tbasis
Z O Nregarding
E . c o m Dthe
E V implementation
I T Z O N E . c om
of controls by third parties.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
two.)
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Executing vendor compliance assessments against the organization's security controls
D E VB.I TExecuting
Z O N E . c NDAs
o m D Eprior
V I Tto
Z Osharing
N E . c ocritical
m D E data
V I T Zwith
O N third
E . c oparties
m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Soliciting third-party audit reports on an annual basis
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Maintaining and reviewing the organizational risk assessment on a quarterly basis
D E VE.I TCompleting
ZONE.com a business
D E V I T Zimpact
O N E . assessment
c o m D E V I TforZOallNcritical
E.com service
D E V Iproviders
T Z O N E . c o m D E V I T Z O N E . c om
F. Utilizing DLP capabilities at both the endpoint and perimeter levels
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 30:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst is investigating malicious traffic from an internal system that attempted to download
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
captured.
D E V I Tof
Which ZO N Efollowing
the . c o m D Eshould
V I T Z the
O N analyst
E . c o m do?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TShut
Z O Ndown
E . c othe
m Dcomputer
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VB.I TCapture
Z O N E . live
com data
D E using
V I T ZWireshark
O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Take a snapshot
D E VD.I TDetermine
Z O N E . c oifmDNS
DEV I T Z O is
N enabled.
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

logging
D E VE.I TReview
Z O N E .the
c o network
m D E V I logs.
T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Explanation:
D E V I T Z O N EThe
. c oDNS
m D debug
E V I T Zlog
O Nprovides
E.comD extremely
E V I T Z Odetailed
NE.com data
DEV about
I T Z OallN DNS
E . c oinformation
m D E V I T Z that
O N Eis. csent
om
and received by the DNS server, similar to the data that can be gathered using packet capture tools such as
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
network monitor.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
11
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-
2012/dn800669(v=ws.11)
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N31:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Esecurity
V I T Z Oanalyst
N E . c ofor
mD a large
E V I Tfinancial
Z O N E . cinstitution
o m D E V IisT creating
Z O N E . caothreat
m D E model
V I T Z Ofor
N Ea.specific
c o m D Ethreat
V I T Zactor
O N E that is
. c om
likely targeting an organization's financial assets.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which
D E V I Tof
ZOthe
N Efollowing
. c o m D EisVthe
I T ZBEST
O N Eexample
. c o m Dof
E Vthe
I T level
Z O N of
E . sophistication
c o m D E V I T Z this
O N threat
E . c o mactor
D E VisI Tusing?
Z O N E . c om

D E VA.I TSocial
Z O N Emedia
. c o maccounts
D E V I T Zattributed
O N E . c o to
m the
D E Vthreat
I T Z Oactor
N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Custom malware attributed to the threat actor from prior attacks
D E VC.I TEmail
Z O N addresses
E . c o m D Eand
V I Tphone
Z O N numbers
E . c o m Dtied
E V Ito
T Zthe
O Nthreat
E . c o actor
m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D.I TNetwork
DEV Z O N E . cassets
o m D used
E V I TinZ previous
O N E . c oattacks
m D E Vattributed
I T Z O N E .toc othe
mDthreat
E V I Tactor
Z O N E . c o m D E V I T Z O N E . c om
E. IP addresses used by the threat actor for command and control
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 32:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst needs to obtain the footprint of the network. The footprint must identify the following
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
information;
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
• TCP and UDP services running on a targeted system
•D E VTypes
I T Z OofNoperating
E . c o m Dsystems
EVITZO and
N Eversions
. c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
• Specific applications and versions
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following tools should the analyst use to obtain the data?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. ZAP
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Nmap
D E VC.I TProwler
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Reaver
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question
D E V I T Z O N33:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Which
D E V I Tof
Z Othe
N E following
. c o m D E session
VITZON management
E . c o m D E Vtechniques
I T Z O N E . cwill
o m help
D E V to
I T Zprevent
O N E . cao session
m D E V Iidentifier
T Z O N E . from
c om
being stolen via an XSS attack?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. Ensuring the session identifier length is sufficient
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Creating proper session identifier entropy
D E VC.I TApplying
Z O N E . caosecure
m D E Vattribute
I T Z O N on
E . csession
o m D Ecookies
V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

D. Utilizing transport layer encryption on all requests

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
E. Implementing session cookies with the HttpOnly flag
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 34:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A security analyst receives a CVE bulletin, which lists several products that are used in the enterprise. The
analyst
D E V I T immediately
Z O N E . c o mdeploys
D E V I TaZcritical
O N E . csecurity
o m D Epatch.
V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
12
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following BEST describes the reason for the analyst's immediate action?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. A known exploit was discovered.
D E VB.I TThere
Z O N Eis. an
c oinsider
m D E Vthreat.
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Nation-state hackers are targeting the region.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. A new zero-day threat needs to be addressed.
D E VE.I TAZ new
O N Evulnerability
. c o m D E V Iwas
T Z Odiscovered
N E . c o m by
D EaVvendor.
I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N35:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D Emalicious
A V I T Z O Nhacker
E . c o wants
m D E VtoI Tgather
Z O N Eguest
.com DEVITZO
credentials onNaEhotel
. c o m802.11
D E V I network.
T Z O N E . c o m D E V I T Z O N E . c om

D E V I Tof
Which Z Othe
N Efollowing
. c o m D Etools
V I T ZisOthe
N E malicious
. c o m D E hacker
V I T Z Ogoing
N E . cto
om D Eto
use V Igain
T Z Oaccess
N E . c to
o minformation
DEVITZON E . c om
found on
the
D E Vhotel
ITZO network?
N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TNikto
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Aircrak-ng
D E VC.I TNessus
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VD.I Ttcpdump
Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N36:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Ecompany
VITZON recently
E . c o mexperienced
DEVITZON financial
E . c o mfraud,
D E V Iwhich
T Z O Nincluded
E . c o m shared
D E V I Tpasswords
Z O N E . c obeing
m D Ecompromised
V I T Z O N E . c and
om
improper levels of access being granted The company has asked a security analyst to help improve its
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
controls.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following will MOST likely help the security analyst develop better controls?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. An evidence summarization
D E VB.I TAn
Z Oindicator
N E . c o mofDcompromise
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. An incident response plan
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. A lessons-learned report
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 37:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Bootloader malware was recently discovered on several company workstations. All the workstations run
D E V I T Z Oand
Windows N Eare
. c ocurrent
m D E Vmodels
I T Z O Nwith
E . cUEFI
o m Dcapability.
E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following UEFI settings is the MOST likely cause of the infections?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com

A. Compatibility mode
D E VB.I TSecure
Z O N E boot
.com mode
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
C. Native mode
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Fast boot mode
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
13
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question 38:
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A company's legal department is concerned that its incident response plan does not cover the countless
ways
D E V Isecurity
T Z O N Eincidents
. c o m D Ecan
V I Toccur.
Z O N EThey
.comhave
DEVasked
I T Z Oa Nsecurity
E . c o manalyst
D E V I Tto
Z Ohelp
N E .tailor
c o m the
D E Vresponse
I T Z O N Eplan to
. c om
provide broad coverage for many situations.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following is the BEST way to achieve this goal?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TFocus
Z O N Eon. cincidents
o m D E Vthat
I T Z may
O N Erequire
. c o m Dlaw
E Venforcement
I T Z O N E . c osupport.
m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Focus on common attack vectors first.
D E VC.I TFocus
Z O N Eon. cincidents
o m D E Vthat
I T Z have
O N E a. chigh
o m chance
D E V I Tof
ZO N E . c o mharm.
reputation D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Focus on incidents that affect critical systems.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Question
D E V I T Z O N39:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

A
D Esecurity
V I T Z Oteam
N E . ciso implementing
m D E V I T Z O Na Enew
. c o vulnerability
m D E V I T Z Omanagement
N E . c o m D E program
V I T Z O NinE .an
c oenvironment
m D E V I T Z Othat
N E .has
c oma
historically poor security posture. The team is aware of issues patch management in the environment and
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
expects a large number of findings.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following would be the MOST efficient way to increase the security posture of the
organization
D E V I T Z O N in
E . the
com shortest
D E V I Tamount
Z O N E .of
c otime?
m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E VA.I TCreate
Z O N E an
. c oSLA
m Dstating
E V I T that
Z O Nremediation
E . c o m D E Vactions
ITZON must
E . c occur
o m D Ewithin
V I T Z 30
O Ndays
E . c of
o mdiscovery
D E V I T Zfor
O Nall
E .levels
c om
of vulnerabilities.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
B. Incorporate prioritization levels into the remediation process and address critical findings first.
D E VC.I TCreate
Z O N E classification
. c o m D E V I Tcriteria
Z O N Efor
. c odata
m Dresiding
E V I T Z OonN different
E . c o m Dservers
E V I T Zand
O N provide
E.comD remediation
E V I T Z O N only for
E . c om
servers housing sensitive data.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
D. Implement a change control policy that allows the security team to quickly deploy patches in the
D E V I Tproduction
Z O N E . c o environment
m D E V I T Z OtoN reduce
E . c o mthe
D E risk
V I Tof
ZO any
N Evulnerability
. c o m D E V Ifound.
T Z O N E . c o m D E V I T Z O N E . c om

Question
D E V I T Z O N40:
E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E organization
An V I T Z O N E . crecently
o m D E Vdiscovered
I T Z O N E .some
comD E V I T Z O N E . in
inconsistencies c othe
m Dmotherboards
E V I T Z O N E . it
c oreceived
m D E V Ifrom
T Z O aN vendor.
E . c om
The organization's security team then provided guidance on how to ensure the authenticity of the
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
motherboards it received from vendors.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
Which of the following would be the BEST recommendation for the security analyst to provide'?
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
A. The organization should evaluate current NDAs to ensure enforceability of legal actions.
D E VB.I TThe
ZON E . c o m D Eshould
V I T Z Omaintain
NE.com D relationship
E V I T Z O N Ewith
.com theD vendor
E V I T Z and
O N Eenforce
.comD E V I T Z O N scans.
E . c om
https://devitzone.com

organization the vulnerability

D E VC.I TThe
ZONorganization
E . c o m D Eshould
V I T Z Oensure
NE.co allmmotherboards
D E V I T Z O N Eare
. c equipped
o m D E V Iwith
T Z OaNTPM.
E . c o m D E V I T Z O N E . c om
D. The organization should use a certified, trusted vendor as part of the supply chain.
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

More Questions @
D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om

D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c o m D E V I T Z O N E . c om
https://devitzone.com/categories/comptia 14

Labs
No ratings yet
Labs
51 pages
PDF SSCP Systems Security Certified Practitioner all in one exam guide 3rd Edition Gibson download
No ratings yet
PDF SSCP Systems Security Certified Practitioner all in one exam guide 3rd Edition Gibson download
65 pages
220-1101 Updated Dumps - CompTIA a+ Certification Exam Core 1
No ratings yet
220-1101 Updated Dumps - CompTIA a+ Certification Exam Core 1
9 pages
CompTIA Linux Study Guide Exam XK0 005 5th Edition Richard Blum Christine Bresnahan download pdf
100% (4)
CompTIA Linux Study Guide Exam XK0 005 5th Edition Richard Blum Christine Bresnahan download pdf
40 pages
CC Certified in Cybersecurity Cert Guide (For Raymond Rhine)
No ratings yet
CC Certified in Cybersecurity Cert Guide (For Raymond Rhine)
454 pages
CompTIA Network+ (N10-008) Dumps
No ratings yet
CompTIA Network+ (N10-008) Dumps
5 pages
C700 PerformanceAssessment
100% (1)
C700 PerformanceAssessment
18 pages
CompTIA-CS0-002-Dump 2
No ratings yet
CompTIA-CS0-002-Dump 2
55 pages
N10-008 Exam Dumps
No ratings yet
N10-008 Exam Dumps
4 pages
COMPTIA A+ Core 1 Exam Tenth Edition (Author of Comptia Network+ Guide To Networks) Jill West All Chapter Instant Download
100% (7)
COMPTIA A+ Core 1 Exam Tenth Edition (Author of Comptia Network+ Guide To Networks) Jill West All Chapter Instant Download
53 pages
Truefoundry - ML Engineer Intern Assignment
No ratings yet
Truefoundry - ML Engineer Intern Assignment
10 pages
Cyber Incident Response - Data Loss Playbook
91% (11)
Cyber Incident Response - Data Loss Playbook
23 pages
Data Analyst CV
No ratings yet
Data Analyst CV
2 pages
Security Certification Roadmap - Paul Jerimy Media
No ratings yet
Security Certification Roadmap - Paul Jerimy Media
1 page
Comptia 220-701: Exam Name: Comptia A+ Essentials (2009) Q & A: 511 Q&As
No ratings yet
Comptia 220-701: Exam Name: Comptia A+ Essentials (2009) Q & A: 511 Q&As
5 pages
CS0-002 PrepAway
100% (1)
CS0-002 PrepAway
88 pages
SY0-601.prepaway - Premium.exam.174q: Number: SY0-601 Passing Score: 800 Time Limit: 120 Min File Version: 4.1
100% (1)
SY0-601.prepaway - Premium.exam.174q: Number: SY0-601 Passing Score: 800 Time Limit: 120 Min File Version: 4.1
65 pages
Data Analysis Methods
50% (2)
Data Analysis Methods
4 pages
IST/Switch: High-Performance Transaction Processing and Switching
No ratings yet
IST/Switch: High-Performance Transaction Processing and Switching
4 pages
Comptia Ucertify cs0-002 Exam Prep 2021-Apr-06 by Mick 79q Vce
0% (1)
Comptia Ucertify cs0-002 Exam Prep 2021-Apr-06 by Mick 79q Vce
19 pages
SY0-601 en
No ratings yet
SY0-601 en
210 pages
Getting Started in Cybersecurity
No ratings yet
Getting Started in Cybersecurity
28 pages
Ccna
0% (1)
Ccna
47 pages
V11 CompTIA CS0 002 v11 - Unlocked
No ratings yet
V11 CompTIA CS0 002 v11 - Unlocked
153 pages
Cysa+ Cs0-002 Exam Topics Notes: 1.0 Threat and Vulnerability Management
50% (2)
Cysa+ Cs0-002 Exam Topics Notes: 1.0 Threat and Vulnerability Management
14 pages
CompTIA Security+ Study Guide SY0-501
No ratings yet
CompTIA Security+ Study Guide SY0-501
37 pages
SEcurity+ Questions
No ratings yet
SEcurity+ Questions
17 pages
Security + Sample Paper - PK
100% (1)
Security + Sample Paper - PK
17 pages
CompTIA SY0 501
No ratings yet
CompTIA SY0 501
255 pages
Comptia: Comptia Cysa+ Certification Exam (Cs0-002)
No ratings yet
Comptia: Comptia Cysa+ Certification Exam (Cs0-002)
8 pages
R/Comptia: Advertise
No ratings yet
R/Comptia: Advertise
4 pages
Sy0 701
No ratings yet
Sy0 701
8 pages
Patch Management Lab Tutorial Supplement
No ratings yet
Patch Management Lab Tutorial Supplement
17 pages
sy0-701_2 3
No ratings yet
sy0-701_2 3
11 pages
CompTIA Security+ SY0-301 Practice Test
No ratings yet
CompTIA Security+ SY0-301 Practice Test
28 pages
SY0 601 Premium
No ratings yet
SY0 601 Premium
173 pages
Security+ 601 Practice Questions Sample Questions Training CompTIA
No ratings yet
Security+ 601 Practice Questions Sample Questions Training CompTIA
2 pages
Cs0-002 Dumps Comptia Cybersecurity Analyst (Cysa+) Certification Exam
No ratings yet
Cs0-002 Dumps Comptia Cybersecurity Analyst (Cysa+) Certification Exam
13 pages
CompTIA A+220-602 Practice Questions
No ratings yet
CompTIA A+220-602 Practice Questions
75 pages
Comptia - Selftestengine.pt0 001.exam - Prep.2021 Apr 03.by - Myron.130q.vce
No ratings yet
Comptia - Selftestengine.pt0 001.exam - Prep.2021 Apr 03.by - Myron.130q.vce
6 pages
DumpsFinal PDF
No ratings yet
DumpsFinal PDF
168 pages
Exam
No ratings yet
Exam
24 pages
Comptia Cysa+ Certification Cs0-001 Exam: New Vce and PDF Exam Dumps From Passleader
No ratings yet
Comptia Cysa+ Certification Cs0-001 Exam: New Vce and PDF Exam Dumps From Passleader
21 pages
Comptia - Transcender.sy0 601.PDF.2021 Sep 10.by - Dick.89q.vce
No ratings yet
Comptia - Transcender.sy0 601.PDF.2021 Sep 10.by - Dick.89q.vce
18 pages
New SY0-501 Exam Questions - Pass CompTIA SY0-501
80% (5)
New SY0-501 Exam Questions - Pass CompTIA SY0-501
11 pages
sy0-701_8
No ratings yet
sy0-701_8
20 pages
Bn303 Wireless Network & Security
No ratings yet
Bn303 Wireless Network & Security
16 pages
Pages From CompTIA - 220-901
No ratings yet
Pages From CompTIA - 220-901
33 pages
More Sample Ques 2
No ratings yet
More Sample Ques 2
284 pages
Qualys Pci Compliance Getting Started Guide
No ratings yet
Qualys Pci Compliance Getting Started Guide
12 pages
SY0-501 Braindumps
100% (3)
SY0-501 Braindumps
19 pages
SY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopics
No ratings yet
SY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopics
180 pages
Security+ 601 Practice Questions - Sample Questions - Training - CompTIA
No ratings yet
Security+ 601 Practice Questions - Sample Questions - Training - CompTIA
5 pages
SY0-601 (630 Questions)
No ratings yet
SY0-601 (630 Questions)
14 pages
CompTIA Cybersecurity Career Pathway
No ratings yet
CompTIA Cybersecurity Career Pathway
2 pages
CASP Certification Guide ONLINE
No ratings yet
CASP Certification Guide ONLINE
4 pages
CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Bobby E. Rogers download pdf
100% (5)
CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Bobby E. Rogers download pdf
62 pages
Cyber Security Incident Report: Electronic Physical
No ratings yet
Cyber Security Incident Report: Electronic Physical
1 page
All Actual Tests PDF
No ratings yet
All Actual Tests PDF
138 pages
1.1 Mastering Security Basics
0% (1)
1.1 Mastering Security Basics
24 pages
CompTiaSampleQA (ITF)
No ratings yet
CompTiaSampleQA (ITF)
17 pages
SIEM Complete Self-Assessment Guide
From Everand
SIEM Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
CompTIA PenTest+ Certification The Ultimate Study Guide to Practice Tests, Preparation and Ace the Exam
From Everand
CompTIA PenTest+ Certification The Ultimate Study Guide to Practice Tests, Preparation and Ace the Exam
Jake T Mills
No ratings yet
(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests
From Everand
(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests
Ben Malisow
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
HXGN Smart Quality: Unlock The Potential of Manufacturing Quality Data
No ratings yet
HXGN Smart Quality: Unlock The Potential of Manufacturing Quality Data
2 pages
Cypress
100% (1)
Cypress
25 pages
Com S 461 Assignment I
No ratings yet
Com S 461 Assignment I
5 pages
Types of Comments in Java
No ratings yet
Types of Comments in Java
4 pages
What Is SQL? - SQL Introduction
No ratings yet
What Is SQL? - SQL Introduction
184 pages
Novo (A) Documento Do Microsoft Word (2) .CDM
No ratings yet
Novo (A) Documento Do Microsoft Word (2) .CDM
3 pages
Government Polytechnic Awasari (Khurd) : Tal-Ambegaon, Pune
No ratings yet
Government Polytechnic Awasari (Khurd) : Tal-Ambegaon, Pune
16 pages
Logcat
No ratings yet
Logcat
35 pages
Hardware Sizing For Software Application
No ratings yet
Hardware Sizing For Software Application
41 pages
Competitor Analysis KubeSphere,Rancher and OpenShift
No ratings yet
Competitor Analysis KubeSphere,Rancher and OpenShift
18 pages
Vsphere Update Manager 67 Install Administration Guide
No ratings yet
Vsphere Update Manager 67 Install Administration Guide
200 pages
Open Interfaces CCT SDK
No ratings yet
Open Interfaces CCT SDK
26 pages
Capstone-Chapter I-V Jacel Rosatase (2) 777 (FINAL)
No ratings yet
Capstone-Chapter I-V Jacel Rosatase (2) 777 (FINAL)
110 pages
Advanced Data Base
No ratings yet
Advanced Data Base
15 pages
DDOS - 6.0 - DDOS - Upgrade - 4
No ratings yet
DDOS - 6.0 - DDOS - Upgrade - 4
7 pages
ITGC Domain Control Number Process
No ratings yet
ITGC Domain Control Number Process
19 pages
SPUWELD - Your Welding Assistant
No ratings yet
SPUWELD - Your Welding Assistant
15 pages
Yugug
No ratings yet
Yugug
2 pages
Suggestion: by Exam Aasaan Hai
No ratings yet
Suggestion: by Exam Aasaan Hai
13 pages
Reporting Dashboards - Him Operations I - Blueprint 2
No ratings yet
Reporting Dashboards - Him Operations I - Blueprint 2
35 pages
How To Configure Elastic
No ratings yet
How To Configure Elastic
25 pages
A Tutorial For Spring Hibernate JSF Richfaces
No ratings yet
A Tutorial For Spring Hibernate JSF Richfaces
19 pages
The Seven-Step Software Testing Process
No ratings yet
The Seven-Step Software Testing Process
6 pages
DBMS(R23) LAB MANUAL -FINAL COPY (1)
No ratings yet
DBMS(R23) LAB MANUAL -FINAL COPY (1)
55 pages
Sample Content Process Mining On SAP S4HANA Order To Cash
No ratings yet
Sample Content Process Mining On SAP S4HANA Order To Cash
37 pages

CompTIA Cybersecurity Analyst (CySA+)

Uploaded by

CompTIA Cybersecurity Analyst (CySA+)

Uploaded by

1

A. Decompile each binary to derive the source code.

A. Web servers on private networks.

D E VA.I TItZ automatically

D E VA.I TItZ demonstrates

D E VA.I TAZ MITM

D. Place the legacy systems in the DMZ

D. Utilizing transport layer encryption on all requests

organization the vulnerability

You might also like