A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?
In case of a phishing attack, it's crucial to review what actions were taken by the employee and analyze the phishing email to understand its nature and impact.Reference:CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 6, page 246;CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 6, page 255.
A company has the following security requirements:
. No public IPs
* All data secured at rest
. No insecure ports/protocols
After a cloud scan is completed, a security analyst receives reports that several misconfigurations are putting the company at risk. Given the following cloud scanner output:
Which of the following should the analyst recommend be updated first to meet the security requirements and reduce risks?
This VM has a public IP and an open port 80, which violates the company's security requirements of no public IPs and no insecure ports/protocols. It also exposes the VM to potential attacks from the internet. This VM should be updated first to use a private IP and close the port 80, or use a secure protocol such as HTTPS.
Reference[CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition], Chapter 2: Cloud and Hybrid Environments, page 67.[What is a Public IP Address?][What is Port 80?]
A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?
Geoblocking is the best mitigation technique for unusual network scanning activity coming from a country that the company does not do business with, as it can prevent any potential attacks or data breaches from that country. Geoblocking is the practice of restricting access to websites or services based on geographic location, usually by blocking IP addresses associated with a certain country or region. Geoblocking can help reduce the overall attack surface and protect against malicious actors who may be trying to exploit vulnerabilities or steal information. The other options are not as effective as geoblocking, as they may not block all the possible sources of the scanning activity, or they may not address the root cause of the problem. Official Reference:
https://www.blumira.com/geoblocking/
https://www.avg.com/en/signal/geo-blocking
Which of the following is a benefit of the Diamond Model of Intrusion Analysis?
The Diamond Model of Intrusion Analysis is a framework that helps analysts to understand the relationships between the adversary, the victim, the infrastructure, and the capability involved in an attack. It also enables analytical pivoting, which is the process of moving from one piece of information to another related one, and identifies knowledge gaps that need further investigation.
A security analyst is improving an organization's vulnerability management program. The analyst cross-checks the current reports with the system's infrastructure teams, but the reports do not accurately reflect the current patching levels. Which of the following will most likely correct the report errors?
Credentialed vulnerability scans allow the scanner to log into systems and retrieve accurate information about installed patches and configurations. If the reports do not reflect current patching levels, it is likely that the scan is being performed without credentials, leading to incomplete or inaccurate results.
Option A (Updating the scanning engine) ensures the tool has the latest detection capabilities but does not directly affect scan accuracy for missing patches.
Option B (Centralized patching) helps maintain consistency but does not correct reporting errors.
Option D (Resetting plug-ins) may be useful if plug-ins are outdated, but the primary issue is lack of privileged access during scanning.
Thus, C is the correct answer, as credentialed scans provide more accurate vulnerability assessments.
Arthur
14 days agoMa
17 days agoLashon
28 days agoSamira
1 months agoJoanna
2 months agoDelfina
2 months agoBilli
3 months agoRex
3 months agoKris
4 months agoDomitila
4 months agoJamal
4 months agoVivan
5 months agoMartina
5 months agoWerner
5 months agoLynelle
6 months agoMichal
6 months agoDesiree
6 months agoAnnamae
6 months agoValda
7 months agoMarshall
7 months agoKatheryn
7 months agoStanford
7 months agoLaurel
8 months agoPortia
8 months agoErin
8 months agoTamala
8 months agoEdison
8 months agoJohnetta
9 months agoCletus
9 months agoTheodora
9 months agoCora
9 months agoWillow
10 months agoRikki
10 months agoMelissa
10 months agoLavonna
10 months agoDerrick
10 months agoCristen
11 months agoHillary
11 months agoCasie
11 months agoArmando
11 months agoAshanti
1 years agoAileen
1 years agoAlberto
1 years agoNovella
1 years agoCarlee
1 years agoCristen
1 years agoBrandon
1 years agofelvaa
1 years agoalexa
1 years agoNathon
1 years agomelvin
1 years agoMark james
1 years agoAmmie
1 years ago