Which example of technical control is recommended to mitigate and prevent vulnerabilities such as cross-site scripting, cross-site request forgery, SQL injection, and command injection? user input sanitization process-level remediation secrets…
Which kind of event is a successful identification of a security attack? false negative false positive true positive true negative Explanation & Hint: True positives are successful identification of security…
Which kind of event occurs when an intrusion detection device identifies an activity as acceptable behavior and the activity is acceptable? false positives false negatives true negatives true positives Explanation…
Which kinds of events are malicious activities not detected by a network security device? false positives false negatives true negatives true positives Explanation & Hint: False negatives are malicious activities…
What kind of events diminishes the value and urgency of real alerts? false positives false negatives true negatives true positives Explanation & Hint: False positives are situations in which a…
Which kind of event is also called a "benign trigger"? false positive false negative true positive true negative Explanation & Hint: False positives are "false alarms" or "benign triggers." They…
Match the term to the respective description. false positive ==> A security device triggers an alarm, but there is no malicious activity or actual attack taking place true positive ==>…
When creating a cybersecurity analyst report, which control category includes information concerning the access control vestibule? technical administrative operational physical Explanation & Hint: During a penetration testing engagement, the cybersecurity…
Which control category includes information on mandatory vacations and user training in the cybersecurity analyst report? technical administrative operational physical Explanation & Hint: During a penetration testing engagement, the cybersecurity…
A cybersecurity analyst report should contain minimum password requirements and policies and procedures. These are examples that are included in which control category? technical administrative operational physical Explanation & Hint:…
Which document provides several cheat sheets and detailed guidance on preventing vulnerabilities such as cross-site scripting, SQL injection, and command injection? OWASP CVE GDPR CVSS Explanation & Hint: The use…
A recent pen-test results in a cybersecurity analyst report, including information on process-level remediation, patch management, and secrets management solutions. Which control category is represented by this example? technical administrative …
Which two items are examples of technical controls that can be recommended as mitigations and remediation of the vulnerabilities found during a pen test? (Choose two.) multifactor authentication certificate management …
Match the description to the respective control category. Key rotation Technical control Input sanitization Technical control Secure software development life cycle Administrative control Role-based access control Administrative control Time-of-day restrictions…
Which tool can ingest the results from many penetration testing tools a cybersecurity analyst uses and help this professional produce reports in formats such as CSV, HTML, and PDF? Dradis …
Which item is included in the temporal metric group used by CVSS? exploit code maturity integrity impact modified base metrics attack vector Explanation & Hint: CVSS uses three metric groups…
Which item is included in the environmental metric group used by CVSS? privileges required confidentiality requirements report confidence availability impact Explanation & Hint: CVSS uses three metric groups in determining…
Which three items are included in the base metric group used by CVSS? (Choose three.) attack complexity integrity impact modified base metrics user interaction availability requirements remediation level Explanation &…
Match the CVSS metric group with the respective information. Environmental metric group ==> Includes modified base metrics, confidentiality, integrity, and availability requirements Base metric group ==> Includes exploitability metrics and impact metrics…
Which vulnerability catalog creates a list of publicly known vulnerabilities, each assigned an ID number, description, and reference? CVE CVSS OWASP WSTG NIST SP 800-115 Explanation & Hint: Vulnerability scanners…