NO.153 A pharmaceutical company’s marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.
Which of the following data privacy standards does this violate?

NO.154 A security analyst is reviewing the following server statistics:

Which of the following Is MOST likely occurring?

NO.155 A corporation has implemented an 802.1X wireless network using self-signed certificates. Which of the following represents a risk to wireless users?

NO.156 A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:


Which of the following technologies would MOST likely be used to prevent this phishing attempt?

NO.157 A company’s application development has been outsourced to a third-party development team. Based on the SLA. The development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement?

NO.158 Which of me following BEST articulates the benefit of leveraging SCAP in an organization’s cybersecurity analysis toolset?

NO.159 Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company’s API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s=”http://schemas.s/soap/envelope/
“><s:Body><GetIPLocation+xmlns=”http://tempuri.org/”>
<request+xmlns:a=”http://schemas.somesite.org”+xmlns:i=”http://www.w3.org/2001/XMLSchema-instance
“></s:Body></s:Envelope> 192.168.1.22 – – api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap
<<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil=”true”/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil=”true”/><a:Username>[email protected]
192.168.5.66 – – api.somesite.com 200 0 11558 1712 2024 192.168.4.89
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s=”
http://schemas.xmlsoap.org/soap/envelope/”><s:Body><GetIPLocation+xmlns=”http://tempuri.org/”>
<a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil=”true”/></request></GetIPLocation></s:Body><
192.168.1.22 – – api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s=”
http://schemas.xmlsoap.org/soap/envelope/ http://tempuri.org/”>
<request+xmlns:a=”http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i=”
http://www.w3.org/2001/XMLSchema-instance
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0<
<a:NetworkId>4</a:NetworkId><a:ProviderId>”1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authe
192.168.5.66 – – api.somesite.com 200 0 1378 1209 48 192.168.4.89
Which of the following MOST likely explains how the clients’ accounts were compromised?

NO.160 A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost- paymonts.conf file.
The output of the diff command against the known-good backup reads as follows

Which of the following MOST likely occurred?

NO.161 A new vanant of malware is spreading on ihe company network using TCP 443 to contact its command-and-control server The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

NO.162 A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.
Which of the following will remediate this software vulnerability?

NO.163 A security engineer is reviewing security products that identify malicious actions by users as part of a company’s insider threat program. Which of the following is the MOST appropriate product category for this purpose?

NO.164 An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5.
This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?

NO.165 After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:

Which of the following IP addresses does the analyst need to investigate further?

NO.166 A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?

NO.167 The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading Which of the following should be the NEXT step in this incident response?

NO.168 A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?

NO.169 A company’s marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)