A threat hunting team receives a report about possible APT activity in the network.
Which of the following threat management frameworks should the team implement?
A.
NIST SP 800-53
B.
MITRE ATT&CK
C.
The Cyber Kill Chain
D.
The Diamond Model of Intrusion Analysis
NIST SP 800-53
Reference: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf
The Chief information Officer (CIO) of a large bank, which uses multiple third-party
organizations to deliver a service, is concerned about the handling and security of
customer data by the parties. Which of the following should be implemented to BEST
manage the risk?
A.
Establish a review committee that assesses the importance of suppliers and ranks them
according to contract renewals. At the time of contract renewal, incorporate designs and
operational controls into the contracts and a right-to-audit clause. Regularly assess the
supplier’s post-contract renewal with a dedicated risk management team.
B.
Establish a team using members from first line risk, the business unit, and vendor
management to assess only design security controls of all suppliers. Store findings from
the reviews in a database for all other business units and risk teams to reference.
C.
Establish an audit program that regularly reviews all suppliers regardless of the data
they access, how they access the data, and the type of data, Review all design and
operational controls based on best practice standard and report the finding back to upper
management.
D.
Establish a governance program that rates suppliers based on their access to data, the
type of data, and how they access the data Assign key controls that are reviewed and
managed based on the supplier’s rating. Report finding units that rely on the suppliers and
the various risk teams.
Establish a review committee that assesses the importance of suppliers and ranks them
according to contract renewals. At the time of contract renewal, incorporate designs and
operational controls into the contracts and a right-to-audit clause. Regularly assess the
supplier’s post-contract renewal with a dedicated risk management team.
A forensic expert working on a fraud investigation for a US-based company collected a few
disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was
obtained legally?
A.
Lawyers
B.
Court
C.
Upper management team
D.
Police
Lawyers
An organization’s assessment of a third-party, non-critical vendor reveals that the vendor
does not have cybersecurity insurance and IT staff turnover is high. The organization uses
the vendor to move customer office equipment from one service location to another. The
vendor acquires customer data and access to the business via an API.
Given this information, which of the following is a noted risk?
A.
Feature delay due to extended software development cycles
B.
Financial liability from a vendor data breach
C.
Technical impact to the API configuration
D.
The possibility of the vendor’s business ceasing operations
Financial liability from a vendor data breach
Reference: https://legal.thomsonreuters.com/en/insights/articles/data-breach-liability
A company that all mobile devices be encrypted, commensurate with the full disk
encryption scheme of assets, such as workstation, servers, and laptops. Which of the
following will MOST likely be a limiting factor when selecting mobile device managers for
the company?
A.
Increased network latency
B.
Unavailable of key escrow
C.
Inability to selected AES-256 encryption
D.
Removal of user authentication requirements
Increased network latency
A vulnerability scanner detected an obsolete version of an open-source file-sharing
application on one of a company’s Linux servers. While the software version is no longer
supported by the OSS community, the company’s Linux vendor backported fixes, applied
them for all current vulnerabilities, and agrees to support the software in the future.
Based on this agreement, this finding is BEST categorized as a:
A.
true positive.
B.
true negative.
C.
false positive.
D.
false negative.
false positive.
An engineering team is developing and deploying a fleet of mobile devices to be used for
specialized inventory management purposes. These devices should:
* Be based on open-source Android for user familiarity and ease.
* Provide a single application for inventory management of physical assets.
* Permit use of the camera be only the inventory application for the purposes of scanning
* Disallow any and all configuration baseline modifications.
* Restrict all access to any device resource other than those requirement ?
A.
Set an application wrapping policy, wrap the application, distributes the inventory APK
via the MAM tool, and test the application restrictions.
B.
Write a MAC sepolicy that defines domains with rules, label the inventory application,
build the policy, and set to enforcing mode.
C.
Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove
unnecessary functions via MDL, configure to block network access, and perform integration
testing
D.
Build and install an Android middleware policy with requirements added, copy the file
into/ user/init, and then built the inventory application.
Set an application wrapping policy, wrap the application, distributes the inventory APK
via the MAM tool, and test the application restrictions.
A high-severity vulnerability was found on a web application and introduced to the
enterprise. The vulnerability could allow an unauthorized user to utilize an open-source
library to view privileged user information. The enterprise is unwilling to accept the risk, but
the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until
the issue can be fixed?
A.
Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
B.
Change privileged usernames, review the OS logs, and deploy hardware tokens.
C.
Implement MFA, review the application logs, and deploy a WAF.
D.
Deploy a VPN, configure an official open-source library repository, and perform a full
application review for vulnerabilities.
Deploy a VPN, configure an official open-source library repository, and perform a full
application review for vulnerabilities.
Reference: https://www.microfocus.com/en-us/what-is/sast
Over the last 90 days, many storage services has been exposed in the cloud services
environments, and the security team does not have the ability to see is creating these
instance. Shadow IT is creating data services and instances faster than the small security
team can keep up with them. The Chief information security Officer (CIASO) has asked the
security officer (CISO) has asked the security lead architect to architect to recommend
solutions to this problem.
Which of the following BEST addresses the problem best address the problem with the
least amount of administrative effort?
A.
Compile a list of firewall requests and compare than against interesting cloud services.
B.
Implement a CASB solution and track cloud service use cases for greater visibility.
C.
Implement a user-behavior system to associate user events and cloud service creation events.
D.
Capture all log and feed then to a SIEM and then for cloud service events
Implement a user-behavior system to associate user events and cloud service creation events.
A security engineer is hardening a company’s multihomed SFTP server. When scanning a
public-facing network interface, the engineer finds the following ports are open:
22
25
110
137
138
139
445
Internal Windows clients are used to transferring files to the server to stage them for
customer download as part of the company’s distribution process.
Which of the following would be the BEST solution to harden the system?
A.
Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
B.
Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
C.
Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.
D.
Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface
Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
Page 6 out of 20 Pages |
Previous |