01. Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder. It appears that the shortcuts redirect users to malicious URLs.
What is the next step the engineer should take to investigate this case?
a) Remove the shortcut files
b) Check the audit logs
c) Identify affected systems
d) Investigate the malicious URLs
02. According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
a) Perform a vulnerability assessment
b) Conduct a data protection impact assessment
c) Conduct penetration testing
d) Perform awareness testing
03. How does Wireshark decrypt TLS network traffic?
a) with a key log file using per-session secrets
b) using an RSA public key
c) by observing DH key exchange
d) by defining a user-specified decode-as
04. The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?
a) Conduct a risk assessment of systems and applications
b) Isolate the infected host from the rest of the subnet
c) Install malware prevention software on the host
d) Analyze network traffic on the host's subnet
05. How is a SIEM tool used?
a) To collect security data from authentication failures and cyber attacks and forward it for analysis
b) To search and compare security data against acceptance standards and generate reports for analysis
c) To compare security alerts against configured scenarios and trigger system responses
d) To collect and analyze security data from network devices and servers and produce alerts
06. What is needed to assess risk mitigation effectiveness in an organization?
a) cost-effectiveness of control measures
b) analysis of key performance indicators
c) compliance with security standards
d) updated list of vulnerable systems
07. The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?
a) Determine the assets to which the attacker has access
b) Identify assets the attacker handled or acquired
c) Change access controls to high risk assets in the enterprise
d) Identify movement of the attacker in the enterprise
08. Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?
a) chmod 666
b) chmod 777
c) chmod 775
d) chmod 774
09. What do 2xx HTTP response codes indicate for REST APIs?
a) additional action must be taken by the client to complete the request
b) the server takes responsibility for error status codes
c) successful acceptance of the client's request
d) communication of transfer protocol-level information
10. Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?
b) internal database
c) internal cloud
d) customer data