A cyber security analyst who works for a financial services firm received this report: "There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector." The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).
A. Advise the firewall engineer to implement a block on the domain
B. Visit the domain and begin a threat assessment
C. Produce a threat intelligence message to be disseminated to the company
D. Advise the security architects to enable full-disk encryption to protect the MBR
E. Advise the security analysts to add an alert in the SIEM on the string "LockMaster"
F. Format the MBR as a precaution
-------------------------------------------------------------------------------------------
A cyber security analyst is creating ACLs on a perimeter firewall that will deny inbound packets that are from internal addresses, reversed external addresses, and multicast addresses. Which of the following is the analyst attempting to prevent?
A. Broadcast storms
B. DDoS attacks
C. Spoofing attacks
D. Man-in-the-middle attacks.
Expert answers. Please explain your choice of answers to facilitate easy learning and a thumbs up.
Solution
Question 1
Answer
B. Visit the domain and begin a threat assessment
D. Advise the security architects to enable full-disk encryption to
protect the MBR.
Explanation
B)visiting the domain and begin threat assessment to be able to get more details and the behavior & how we can prevent this threat
---
Question 2
Answer
C. Spoofing attacks
Explanation
Spoofing attack imeans when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware/ bypass access controls.
So security analyst for preventing spoof attack he will create Access Control List on a permiter he will deny inbound packets from internal address, reversed address external address & multi-cast address
---
all the best
A cyber security analyst who works for a financial services firm received this report: "There has...
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST? A. Contact the Office of Civil Rights (OCR) to report the breach B. Notify the Chief Privacy Officer (CPO) C. Put an ACL on the gateway...
A threat intelligence analyst who works for an oil and gas company has received the following email from a superior: "We will be connecting our IT network with our ICS. Our IT security has historically been top of the line, and this convergence will make the ICS easier to manage and troubleshoot. Can you please perform a risk/vulnerability assessment on this decision?" Which of the following is MOST accurate regarding ICS in this scenario? A. Convergence decreases attack vectors B....
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...