A security analyst wishes to scan the network to view potentially vulnerable systems the way an...
A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker would. Which of the following would BEST enable the analyst to complete the objective?
A.Perform a non-credentialed scan
B.Conduct an intrusive scan
C.Attempt escalation of privilege
D.Execute a credentialed scan
Homework Answers
Performing a non-credentialed scan is the best option because that is how an attacker would see when they first enter the network. It acts as first level scan for the network because an attacker would easily find those patches.
Add Answer to:
A security analyst wishes to scan the network to view potentially vulnerable systems the way an...
A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine...
A security analyst performs various types of vulnerability
scans. Review the vulnerability scan
results to determine the type of scan that was executed and if a
false positive
occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the
results were generated from a credentialed
scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the
results for false positives and check the
findings that display false positives. NOTE: If you...
A systems administrator has created network file shares for each department with associated security groups for...
A systems administrator has created network file shares for each department with associated security groups for each role within the organization . Which of the following security concepts is the system administrator implementing? separation of duites permission auditing least privilege standard naming concention
A cyber security analyst noticed a spike in activities from the guest wireless network to several...
A cyber security analyst noticed a spike in activities from the
guest wireless network to several electronic health record (EHR)
systems. After further analysis, the analyst discovered that a
large volume of data has been uploaded to a cloud provider in the
last six months. Which of the following actions should the analyst
do FIRST?
A. Contact the Office of Civil Rights (OCR) to report the
breach
B. Put an ACL on the gateway router
C. Notify the Chief Privacy...
A systems administrator is concerned that a server may be compromised. A security analyst notices the...
A systems administrator is concerned that a server may be compromised. A security analyst notices the following log output while aiding with the investigation July 23 01:35:10 LINSERV01 useradd [30245]: failed adding user 'hjasole, data deleted July 23 01:35:10 LINSERVO1 passwd [ 30246] : password for 'hjasole changed by 'root' July 23 01:35:12 LINSERV01 passwd [30263] : password for 'mroch' changed by 'root' July 23 01:38:10 LINSERV01 useradd(30523]: failed adding user 'apache', data deleted July 23 01:42:48 LINSERV01 passwd [32532]...
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic...
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST? A. Contact the Office of Civil Rights (OCR) to report the breach B. Notify the Chief Privacy Officer (CPO) C. Put an ACL on the gateway...
As part of a new BYOD rollout, a security analyst has been asked to find a...
As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BEST help to accomplish this? Require the use of an eight-character PIN. Implement containerization of company data. Require annual AUP sign-off. Use geofencing tools to unlock devices while on the premises.
A cyber security analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does...
A cyber security analyst finds that unpatched servers have
undetected vulnerabilities because the vulnerability scanner does
not have the latest set of signatures. Management directed the
security team to have personnel update the scanners with the latest
signatures at least 24 hours before conducting any scans, but the
outcome is unchanged. Which of the following is the BEST logical
control to address the failure?
A. Manually validate that the existing update is being
performed.
B. Configure a script to automatically...
The Bayside Art Gallery is considering installing a video camera security system to reduce its insurance...
The Bayside Art Gallery is considering installing a video camera security system to reduce its insurance premiums. A diagram of the eight display rooms that Bayside uses for exhibitions is shown in the following figure; the openings between the rooms are numbered 1–13. Asecurity firm proposed that two-way cameras be installed at some room openings. Each camera has the ability to monitor the two rooms between which the camera is located. For example, if a camera were located at opening...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...
A security analyst performs various types of vulnerability
scans. Review the vulnerability scan
results to determine the type of scan that was executed and if a
false positive
occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the
results were generated from a credentialed
scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the
results for false positives and check the
findings that display false positives. NOTE: If you...
A cyber security analyst noticed a spike in activities from the
guest wireless network to several electronic health record (EHR)
systems. After further analysis, the analyst discovered that a
large volume of data has been uploaded to a cloud provider in the
last six months. Which of the following actions should the analyst
do FIRST?
A. Contact the Office of Civil Rights (OCR) to report the
breach
B. Put an ACL on the gateway router
C. Notify the Chief Privacy...
A systems administrator is concerned that a server may be compromised. A security analyst notices the following log output while aiding with the investigation July 23 01:35:10 LINSERV01 useradd [30245]: failed adding user 'hjasole, data deleted July 23 01:35:10 LINSERVO1 passwd [ 30246] : password for 'hjasole changed by 'root' July 23 01:35:12 LINSERV01 passwd [30263] : password for 'mroch' changed by 'root' July 23 01:38:10 LINSERV01 useradd(30523]: failed adding user 'apache', data deleted July 23 01:42:48 LINSERV01 passwd [32532]...
A cyber security analyst finds that unpatched servers have
undetected vulnerabilities because the vulnerability scanner does
not have the latest set of signatures. Management directed the
security team to have personnel update the scanners with the latest
signatures at least 24 hours before conducting any scans, but the
outcome is unchanged. Which of the following is the BEST logical
control to address the failure?
A. Manually validate that the existing update is being
performed.
B. Configure a script to automatically...
The Bayside Art Gallery is considering installing a video camera security system to reduce its insurance premiums. A diagram of the eight display rooms that Bayside uses for exhibitions is shown in the following figure; the openings between the rooms are numbered 1–13. Asecurity firm proposed that two-way cameras be installed at some room openings. Each camera has the ability to monitor the two rooms between which the camera is located. For example, if a camera were located at opening...
Most questions answered within 3 hours.
-
Product J is one of the many products manufactured and sold by
Gooble Company. An income...
asked 3 minutes ago -
Balance the following redox reaction that occurs in H2O2 ---->
H2O + O2
(please show the...
asked 4 minutes ago -
What is the “boreal forest”, and why does it occur where it does
(in broad terms)?
asked 5 minutes ago -
a
62 kg sprinter, started from resr, runs 47 m in 7 s at a constant...
asked 22 minutes ago -
For python 3.7. This should only be a few lines if any, but for
some reason...
asked 32 minutes ago -
what is IoT? How is it being used today? How will it be used in
the...
asked 46 minutes ago -
Please answer the four questions below.
1. If you were going to test a method that...
asked 1 hour ago -
Provide two or three examples of support he uses to reinforce
his arguments?
The Alienation of...
asked 1 hour ago -
QUESTION 1
Why do we see terms with multiple names in the database
community?
Consistency is...
asked 1 hour ago -
In a titration experiment, 11.5 mL of 0.400 M H2SO4 neutralized
48.0 mL of NaOH. What...
asked 1 hour ago -
A shot-putter throws the shot with a horizontal velocity of 10
m/s and a
vertical velocity...
asked 1 hour ago -
Mildred sells industrial-sized refrigeration units. Her
prospective buyer's face looks tense, and his forehead is wrinkled....
asked 1 hour ago