Question

A cyber security analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?

A. Contact the Office of Civil Rights (OCR) to report the breach

B. Put an ACL on the gateway router

C. Notify the Chief Privacy Officer (CPO)

D. Activate the incident response plan

---------------------------------------------------------------------------------------

NO.269 Given the following access log: access_log: 10.1.1.3 - -[66.66.132.6 -100] "Get /js/query-ui/js/?a aspectRatio: this originalsize, height#7e47c183ba-e (HTTP/1.1" 403 22 access_log: 10.1.1.3 - - [66.66.132.6 -100] "Get /s/query-ui/js/?a aspectRatio:this.originalsize, height | 1:a-e (HTTP/1.1" 303 333 access_log: 10.1.1.3 --[66.66.132.6 -100] "Get /scripts/query-ui/js/J): optgroup=F option;F .tbody=? tfootF .colorgroup=F caption=F thread; th=F .td; if (!c.support.htmlSerialize)._default= (1, HTTP/1.1" 403 338

Which of the following accurately describes what this log displays? A.

A. A vulnerability in jQuery

B. Application integration with an externally hosted database

C. A vulnerability scan performed from the Internet

D. A vulnerability in Javascript

Please expert answers only. Explain your answers into details for a thumbs up.

Answer 1

Answer)
1. The analyst here has discovered that significant amount of data has been uploaded to the cloud provider, thus the following is the valid action which should be taken:
B. Put an ACL on the gateway router

The analysis here firstly needs to block the continued possible exfiltration of data using the ACL before even proceeding with the incidence response. Thus here the first purpose would be the stop the uploading of data.

2. The following is the valid information which the log displays:
C. A vulnerability scan performed from the Internet

This is the access log which is using the script running the vulnerability scan being performed from the Internet on the hosts to find possible vulnerabilities.

**Please Hit Like if you appreciate my answer. For further doubts on the or answer please drop a comment, I'll be happy to help. Thanks for posting.**