Mock : CompTIA CySA+ (CS0-001)

A(n) ____________ provides organizations with an attacker’s perspective on their security.

Options are :

  • Vulnerability Scan
  • Asset Management
  • Penetration Test (Correct)
  • Patch Management

Answer : Penetration Test

Explanation Penetration tests provide organizations with an attacker’s perspective on their security. The NIST process for penetration testing divides tests into four phases: planning, discovery, attack, and reporting. The results of penetration tests are valuable security planning tools, as they describe the actual vulnerabilities that an attacker might exploit to gain access to a network.

Sam’s security team uses a netflow collector that is capable of handling 1g of traffic per second (1g/s). As the company has grown, the external network collection has increased to 2g/s. This has begun to approach full utilization at various times of the day. If his team doesn’t have money to purchase a more capable collector, what option can he use to still collect useful data?

Options are :

  • Enable QoS
  • Enable netflow compression
  • Enable sampling (Correct)
  • None of these options

Answer : Enable sampling

Explanation The best option is sampling. Random sampling can help the team capture flows that might not normally be usable. Random sampling can capture random packets that pass through, so sampling the random packets may help.

Comptia Linux+ LX0-103 Certification Exam Practice Test Set 6

Aaron is attempting to conduct a passive footprinting exercise against a specific target company. Which of the techniques listed below is not suited for a passive footprinting process?

Options are :

  • WHOIS lookups
  • Banner grabbing (Correct)
  • BGP looking glass usage
  • Registrar checks

Answer : Banner grabbing

Explanation Banner grabbing requires a connection to the host in order to achieve the task at hand and “grab the banner.? This is the only active process listed. All other options are considered to be passive processes and typically use information retrieved from third-parties that do not require a direct lookup comparison to the remote host.

Your company is hiring a penetration tester to conduct an assessment, but wants to exclude social engineering from the list of authorized activities. What document given to the penetration tester should include this requirement?

Options are :

  • Acceptable Use Policy
  • Service Level Agreement
  • Rules of Engagement (Correct)
  • Memorandum of Understanding

Answer : Rules of Engagement

Explanation While the network scope given in the contract documents will define what will be tested, the rules of engagement defines how that testing is to occur. Rules of engagement can state things like no social engineering is allowed, no external website scanning, etc.

In what type of attack does the attacker begins with a normal user account and then seeks to gain additional access rights?

Options are :

  • Privilege escalation (Correct)
  • Spear phishing
  • Cross-site Scripting
  • Remote code exploitation

Answer : Privilege escalation

Explanation Privilege escalation attacks seek to increase the level of access that an attacker has to a target system.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 4

Kyle is replacing a vulnerability scanner with a new product. As he begins to build out the policy, he notices some conflicts in the scanning settings between different documents. Which of the following sources would give him the highest priority with trying to resolve these conflicts?

Options are :

  • NIST guidance documents
  • Vendor best practices
  • Corporate policy (Correct)
  • Configuration settings from the prior system

Answer : Corporate policy

Explanation Of all the document options listed, the best one would be the corporate policy. This document is considered to be binding. The other documents may provide information but compliance with the other documents isn’t considered to be mandatory.

Mary Beth is preparing her organization for the required quarterly PCI DSS external vulnerability scan. Who can perform this scan?

Options are :

  • Anyone
  • Any qualified individual
  • Only employees of the company
  • Only an approved scanning vendor (Correct)

Answer : Only an approved scanning vendor

Explanation Quarterly required external vulnerability scans must be run by a PCI DSS approved scanning vendor (ASV).

Ryan wants to purge a drive to ensure that the data cannot be extracted from it when it is no longer on-site. Which of the following is not an option for purging hard drives on Windows systems?

Options are :

  • Use the built-in Windows sdelete command line. (Correct)
  • Use Eraser
  • Use DBAN
  • Encrypt the drive and then delete the key

Answer : Use the built-in Windows sdelete command line.

Explanation Windows does not come with a secure erase tool, either in a GUI or command line based tool. A third-party program is required; examples can be Eraser, DBAN, etc. The best answer would be to use the built-in Windows sdelete command line since this is looking for options that aren’t there.

SY0-401 CompTIA Security+ Certification Practice Exam Set 3

Juanita wanted to track the changes made to the registry as well as the file system while running a suspect executable on a Windows system. Which Sysinternal tool will allow this to occur?

Options are :

  • App Monitor
  • Resource Tracker
  • Process Monitor (Correct)
  • There is not a Sysinternals tool with this capability

Answer : Process Monitor

Explanation The best answer is Process Monitor. Process Monitor gives you information like details of tracking a filesystem and registry changes. This is typically used by sys admins as well as forensic and incident response professionals.

As Jason is studying the computer forensics playbook for his company, he notices that forensic investigators are required to use a chain of custody form. What information would be recorded on this form if he were conducting an investigation?

Options are :

  • The list of individuals who made contact with files leading to the investigation
  • The list of former owners/operators of the PC involved in the investigation
  • All individuals who work with evidence during the investigation (Correct)
  • The police officers who take possession of the evidence

Answer : All individuals who work with evidence during the investigation

Explanation Chain of custody forms are forms that list every person who has worked with or who has made contact with the evidence that’s part of an investigation. Typically, these forms record every action taken by each individual. Sometimes, a witness is required to verify whatever actions have been taken.

Crystal needs to perform forensics on a virtual machine. What process should be used to ensure all of the forensic data is acquired?

Options are :

  • Suspend the machine and copy the contents of the directory it resides in (Correct)
  • Perform a live image of the machine
  • Suspend the machine and make a forensic copy of the drive it resides on
  • Turn the virtual machine off and make a forensic copy of it

Answer : Suspend the machine and copy the contents of the directory it resides in

Explanation The best option is to suspend the machine and copy the contents of the directory. This procedure will store the RAM and disk contents. Copying the folder will give all the information needed but the virtual machine shouldn’t be powered off because creating a copy of the drive isn’t necessary because the files would still have to be validated.

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

Of the items below, which of the following parties communicates with the end user during a SAML transaction?

Options are :

  • Relying party
  • SAML identity provider
  • Both the relying party and the SAML identity provider (Correct)
  • Neither the relying party nor the SAML identity provider

Answer : Both the relying party and the SAML identity provider

Explanation The best option is both the relying party and the identity provider. In SAML, the user initiates a request to the relying party and then is redirected to another provider. Then the user authenticates to the SAML identity provider and receives an SAML response sent to the relying party. This confirms their identity.

In SAML authentication, which role of the authentication flow validates the user’s identity?

Options are :

  • The SP
  • The IDP (Correct)
  • The principal
  • The RP

Answer : The IDP

Explanation The best answer is IDP. This tool provides authentication in SAML authentication flows. An SP is a service provider, an RP is a relying party.

What describes the infrastructure needed to support the other architectural domains in the TOGAF framework?

Options are :

  • Business architecture
  • Applications architecture
  • Data architecture
  • Technical architecture (Correct)

Answer : Technical architecture

Explanation TOGAF divides architecture into four domains. Business architecture defines governance and organization and explains the interaction between enterprise architecture and business strategy. Applications architecture includes the applications and systems an organization deploys, the interactions between those systems, and their relation to business processes. Data architecture provides the organization’s approach to storing and managing information assets. Technical architecture describes the infrastructure needed to support the other architectural domains.

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 8

A security consultant is working with a company that runs critical web applications. The consultant has noticed that an application has a serious SQL injection vulnerability, but the system cannot be taken offline during the time period which the consultant is available to remediate the situation. Which of the following is the best compensating control?

Options are :

  • IPS
  • WAF (Correct)
  • Vulnerability scanning
  • Encryption

Answer : WAF

Explanation WAF (web application firewall) seems like the most viable option since it has the ability to serve as a compensating control and matches this specific scenario. Vulnerability scanning wouldn’t be the best option because it only detects and doesn’t correct flaws.

What technology is not PKI x.509 compliant and CANNOT be used in a variety of secure functions?

Options are :

  • AES
  • IDEA (Correct)
  • PKCS
  • SSL/TLS

Answer : IDEA

Explanation AES, PKCS, and SSL/TLS are all compatible with x.509 and can be used in a wide variety of functions and purposes.

A new security appliance was installed on a network as part of a managed service deployment. The vendor who controls the appliance and the IT team is not able to log in or configure it. The IT team is concerned about the appliance receiving necessary updates. Which of the following would perform as the best control to alleviate the concern for the appliance and updates?

Options are :

  • Configuration management
  • Vulnerability scanning (Correct)
  • Intrusion prevention
  • Automatic updates

Answer : Vulnerability scanning

Explanation The best option here is vulnerability scanning. Configuration management and automatic patching would both address the issue, however, due to the current situation, these aren’t viable options with the lack of administrative operations. IPS adds a layer of security but doesn’t patch an operating system.

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 4

Brett is considering the deployment of OpenSSL in his organization. He would like to select a cipher suite. Which of the following ciphers should not be used with OpenSSL?

Options are :

  • DES (Correct)
  • AES
  • RSA
  • ECC

Answer : DES

Explanation The best option is DES. DES is outdated and shouldn’t be used for applications. The AES, RSA, and ECC are all current secure alternatives.

Betsy has been asked to perform an architectural review and uses a view that focuses on the technologies, settings, and configurations used in the architecture. What view is she using?

Options are :

  • Operational view
  • Acquisition view
  • Technical view (Correct)
  • Logical view

Answer : Technical view

Explanation Technical views focus on technologies, settings, and configurations. Operational views look at how a function is performed or what it accomplishes, while a logical view describes how systems interconnect. Acquisition views focus on the procurement process.

Natalie’s organization is adopting the ITIL service management strategy. Which of the following is an ITIL core activity that includes security management as a process?

Options are :

  • Service strategy
  • Service design (Correct)
  • Service transition
  • Service operation

Answer : Service design

Explanation ITIL places service management into the service design core activity. The other processes that are in service design are: design coordination, service catalog management, service-level management, availability management, capacity management, IT service continuity management, and supplier management.

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

Bucky, a web developer, wants to protect a new web app from MITM (man-in-the-middle) attacks where attackers steal tokens stored in cookies. Which of the following controls would best prevent this attack?

Options are :

  • Forcing the use of TLS for the web application
  • Forcing the use of SSL for the web application
  • Setting the secure attribute on the cookie (Correct)
  • Hashing the cookie value

Answer : Setting the secure attribute on the cookie

Explanation The best option is setting a secure attribute on the cookie because this will help ensure that it’s always sent over only an encrypted connection. SSL/TLS doesn’t ensure encrypted connections and hashing the value doesn’t change the security.

Chesney is working to evaluate some forensic tools and would like to have the option of an open source forensic suite. Which one of the following best meets this need?

Options are :

  • FTK
  • EnCase
  • SIFT (Correct)
  • Helix

Answer : SIFT

Explanation The best option is SIFT (SANS investigative forensics toolkit) which is an open sourced forensics tool. FTK, EnCase, and Helix are all commercial tools.

Brittney is working to create a password policy for her organization and would like to include a setting that will limit the length of exposure an account would have with a compromised password. Which of the following would best meet this requirement?

Options are :

  • Minimum password length
  • Password history
  • Password expiration (Correct)
  • Password complexity

Answer : Password expiration

Explanation The best control listed here would be password expiration policy. This policy forces password changes at specific intervals of time and either locks out the person who types it wrong consistently or alerts the user to a compromise. The other tools are used to prevent compromise but aren’t effective controls to do so.

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

Russell is designing an infrastructure to be used for authentication and wants to run an authentication protocol over an insecure network without having to use additional encryption services. Which of the following is most appropriate for this situation?

Options are :

  • RADIUS
  • TACACS
  • TACACS+
  • Kerberos (Correct)

Answer : Kerberos

Explanation The best option is Kerberos. This protocol is designed to send data over insecure networks while using a strong encryption to protect the information. RADIUS, TACACS, and TACACS+ are all protocols that contain vulnerabilities that require additional encryption.

Steven is hoping to deploy a new application that he received from a vendor. He’s unsure if the hardware is adequate to support the number of users during peak periods. What type of testing can be done to help evaluate this issue?

Options are :

  • User acceptance testing
  • Load testing (Correct)
  • Regression testing
  • Fuzz testing

Answer : Load testing

Explanation Load testing or stress testing would be the best option. Load testing tests an application's load or a system's load or a network load under full load conditions and identifies the performance. The other tests do not work for a high-demand situation.

Melanie has access to a Windows system located on an Active Directory domain as part of a white-box penetration test. Which command would provide information about other systems on the network?

Options are :

  • net use (Correct)
  • net user
  • net group
  • net config

Answer : net use

Explanation The best answer is the net use command. This command lists network shares that the workstation is using, which identifies file servers and file sharing. Net group can only be used on domain controllers; net config allows servers/workstations services to be controlled and net user shows user accounts on local PC.

SK0-004 CompTIA Server+ Certification Practice Exam Set 1

Frank noticed that port 3389 was open on one of the POS (point-of-sale) terminals during a scheduled PCI compliance scan. What service should be found enabled on the system?

Options are :

  • MySQL
  • RDP (Correct)
  • TOR
  • Jabber

Answer : RDP

Explanation Port 3389 is an RDP port used for Remote Desktop Protocol. If this port isn’t supposed to be opened, then an incident response plan should be the next step.

What two techniques are commonly used by port and vulnerability scanners to perform services system identification?

Options are :

  • Comparing response fingerprints and registry scanning
  • Banner grabbing and UDP response timing
  • Using the oslookup utility and UDP response timing
  • Banner grabbing and comparing response fingerprints (Correct)

Answer : Banner grabbing and comparing response fingerprints

Explanation Service and version identification is often performed by grabbing service banners and checking responses for services to known fingerprints of those services. UDP response timing, along with other TCP/IP stack fingerprinting techniques, are used to identify operating systems, while oslookup is not an actual utility.

A threat intelligence analyst is conducting research on a new indicator of compromise. At the same time, the web proxy server generated an alert for this same indicator of compromise. When asked about this alert, the analysts insists that they did not visit any of the related sites, but instead they were simply listed in the results page of their search engine query. What is the BEST explanation for what occurred?

Options are :

  • The standard approved browser was not being used by the analyst
  • A link related to the indicator was accidentally clicked by the analyst
  • Prefetch is enabled on the analyst’s web browser (Correct)
  • Alert is unrelated to the search that was conducted

Answer : Prefetch is enabled on the analyst’s web browser

Explanation Prefetch is a capability in modern web browsers that is used to speed up web browsing by grabbing content that may be asked for by the user at a later time. For example, if you search for a term and the results are being shown to the user, prefetch will download the first three results in anticipation of the user clicking one of the top three links. In this case, the prefetch downloaded the malicious content causing the alert.

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 5

Jacob discovers a service running on one of the ports known as a registered port while running a port scanner. What does this tell him about the service?

Options are :

  • It is running on a well-known port (0-1023)
  • The service’s name
  • It is running on a port between 1024 and 49151 (Correct)
  • The vulnerability status of the service

Answer : It is running on a port between 1024 and 49151

Explanation Jacob knows that the ports known as “registered ports? between 1024 and 49151 are assigned by the Internet Assigned Numbers Authority but using one of those ports is not a guarantee that the service matches what is typically being run on it. Discovering a service using a port scanner doesn’t necessarily identify the service correctly, and ports between 0 and 1023 are known as the “well-known? or “system? ports.

What phase of the software development lifecycle is sometimes known as the acceptance, installation, and deployment phase?

Options are :

  • Development
  • Training and Transition (Correct)
  • Operations and Maintenance
  • Disposition

Answer : Training and Transition

Explanation The Training and Transition phase ensures that end users are trained on the software and that the software has entered general use. Because of these activities, this phase is sometimes called the acceptance, installation, and deployment phase.

What popular open source port scanning tool is commonly used for host discovery and service identification?

Options are :

  • nmap (Correct)
  • dd
  • services.msc
  • Windows Defender

Answer : nmap

Explanation Nmap is a popular open source port scanning utility.

CompTIA N10-004 Network+ Certification Practice Test Set 11

Jeff’s remote scans of a class C network block using nmap (nmap -sS 10.0.10.1/24) shows a single web server. If he needs to gather more additional recon information about the network, which of the following techniques would provide additional details?

Options are :

  • Use a UDP scan
  • Perform a scan from on-site (Correct)
  • Scan using the -p 1-65535 flag
  • Use nmap’s IPS evasion techniques

Answer : Perform a scan from on-site

Explanation The best answer is to scan from on-site. If your network is set up correctly, scanning from off-site would be much more difficult. On-site would be much easier to achieve the results of the scan, due to the fact the safeguards aren’t “as much.? Nmap does provide firewall capabilities but it’s not likely to provide you with the information you need.

Nate was asked to assess the technical impact of a reconnaissance performed against his organization. He has been informed that someone has discovered that a third party has been performing recon by querying WHOIS data. How should he categorize the technical impact of the type of recon?

Options are :

  • High
  • Medium
  • Low (Correct)
  • He cannot determine from the information given

Answer : Low

Explanation The best answer would be low. Nate knows domain information is available publicly, but the data published is decided by you and your company. Since nothing is exposed, this can be considered a low impact.

Laura wants to lock down a Cisco router and is using the documentation Cisco provided. What type of documentation is this?

Options are :

  • Primary documentation
  • OEM documentation (Correct)
  • Crowd-sourced documentation
  • System documentation

Answer : OEM documentation

Explanation The best option is OEM documentation. OEM is original equipment manufacturer which is the company that created or built the system. Usually, this information includes information about default settings, recommended settings, minor troubleshooting, etc.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 5

Which of the commands listed provide information about a host?

Options are :

  • dig -x [ip address] (Correct)
  • host [ip address]
  • nslookup [ip address]
  • zonet [ip address]

Answer : dig -x [ip address]

Explanation The dig command will give you information on when a query was performed, the details that were sent, and what flags were sent as well. In most cases, all other items, minus zonet, would provide the same information. Zonet is not a Linux command.

Tanner operates a POS (point-of-sale) network for a company that accepts credit cards, which is required to be PCI-DSS compliant. During an assessment of the POS terminals, he notices a recent Windows OS vulnerability exists on all systems. Since these systems are all embedded and require a manufacturer update, there is no way to install an available patch. What is his best option to stay compliant with PCI-DSS and protect the systems?

Options are :

  • Replace the Windows POS terminals with standard Windows systems
  • Build a custom OS image that includes the patch
  • Identify, implement, and document compensating controls (Correct)
  • Remove the POS terminals from the network until the vendor releases a patch

Answer : Identify, implement, and document compensating controls

Explanation The best option would be to implement compensating controls. If a vulnerability exists that cannot be patched yet, compensating controls will help mitigate some of the risks as well as provide documentation about the current situation in order to achieve compliance.

A cyber security analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW for an upcoming assessment of a client’s network. What information is traditionally found in the SOW?

Options are :

  • Timing of the scan
  • Contents of the executive summary report
  • Excluded hosts (Correct)
  • Maintenance windows

Answer : Excluded hosts

Explanation It is routine and normal that the Scope of Work (SOW) contains the list of excluded hosts. This ensures that the penetration tester does not affect hosts, workstations, or servers outside of their scope of the assessment.

SK0-004 CompTIA Server+ Certification Practice Exam Set 7

Timmy, a cyber security analyst, has just received some unusual alerts on his SIEM dashboard. He wants to collect the payloads that the hackers are sending toward the target systems without impacting his company’s business operation. What should he implement to most effectively collect these payloads?

Options are :

  • Honeypot (Correct)
  • Jump box
  • Sandboxing
  • Virtualization

Answer : Honeypot

Explanation A honeypot is system intentionally designed to appear vulnerable. It acts as a type of bait for hackers to go after and allows security analysts to observe the hacker’s methods, techniques, and payloads.

Which tool would allow you to conduct operating system fingerprinting, which typically relies on responses to TCP/IP stack fingerprinting techniques?

Options are :

  • nmap (Correct)
  • dd
  • scanf
  • msconfig

Answer : nmap

Explanation OS identification relies on differences in how operating systems and even operating system versions respond, what TCP options they support, what order they sent packets in, and other details that, when combined, can provide a reasonably unique fingerprint for a TCP stack.

What role does the offensive participants perform in a table top exercise (TTX)?

Options are :

  • Security analysts
  • System administrators
  • Blue team
  • Red Team (Correct)

Answer : Red Team

Explanation The red team performs the role of the attacker during a table top exercise (TTX) to help the security team become better at defending the network. This red team action can be done as part of a table top exercise or as part of a larger on-network penetration test.

SK0-004 CompTIA Server+ Certification Practice Exam Set 2

What is the lowest layer (bottom layer) of a bare-metal virtualization environment?

Options are :

  • Hypervisor
  • Host operating system
  • Guest operating system
  • Physical hardware (Correct)

Answer : Physical hardware

Explanation The bottom layer is physical hardware in this environment. It is what sits beneath the hypervisor and controls access to guest operating systems. The bare-metal approach doesn’t have a host operating system.

What control provides the best protection against both SQL injection and cross-site scripting attacks?

Options are :

  • Hypervisors
  • Network layer firewalls
  • CSRF
  • Input validation (Correct)

Answer : Input validation

Explanation Input validation prevents the attacker from sending invalid data to an application and is a strong control against both SQL injection and cross-site scripting attacks. Network layer firewalls may block attacks but are not the most effective defense because they are not designed for this purpose. Cross-site request forgery (CSRF) is another attack type. The hypervisor controls access between virtual machines.

You have just completed running a vulnerability scan and received the following output: 

CVE-2011-3389
QID 42366 - SSLv3.0 / TLSv1.0
Protocol weak CBC mode Server side vulnerability
Check with: openssl s_client -connect qualys.jive.mobile.com:443 - tls -cipher “AES:CAMELLISA:SEED:3DES:DES? 

What vulnerability was identified by the scan?

Options are :

  • PKI transfer vulnerability
  • Active Directory encryption vulnerability
  • Web application cryptography vulnerability (Correct)
  • VPN tunnel vulnerability

Answer : Web application cryptography vulnerability

Explanation The identified vulnerability is a web application cryptographic vulnerability, as evidenced by the weak TLSv1.0 protocol being used. Specifically, the use of the 3DES and DES algorithms during negotiation. A stronger protocol should be used, and AES should be forced for use.

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

A recent vulnerability scan found several vulnerabilities on an organization’s public internet- facing IP addresses. In order to reduce the risk of a breach, what vulnerability should be prioritized for remediation first?

Options are :

  • A cryptographically weak encryption cipher
  • A website utilizing a self-signed SSL certificate
  • A buffer overflow that is known to allow remote code execution (Correct)
  • An HTTP response that reveals an internal IP address

Answer : A buffer overflow that is known to allow remote code execution

Explanation The most serious vulnerability discovered is one that could allow remote code execution to occur. Since this buffer overflow is known to allow remote code execution, it must be mitigated first to most effectively prevent a security breach.

What method might a system administrator use to replicate the DNS information from one DNS server to another, but could also be used maliciously by an attacker?

Options are :

  • Zone transfers (Correct)
  • DNS registration
  • AXR
  • DNSSEC

Answer : Zone transfers

Explanation Zone transfers provide an easy way to send all the DNS information from one DNS server to another, but it could also be used by an attacker for reconnaissance against your organization. For this reason, most administrators disable zone transfers from untrusted servers. (AXR was a made up term to confuse you with AXFR, which is the command used to conduct a zone transfer.)

You have been tasked to create some baseline system images in order to remediate vulnerabilities found in different operating systems. Before any of the images can be deployed, they must be scanned for malware and vulnerabilities. You must ensure the configurations meet industry standard benchmarks and that the baselining creation process can be repeated frequently. What vulnerability option would BEST create the process requirements to meet the industry standard benchmarks?

Options are :

  • Utilizing an operating system SCAP plugin (Correct)
  • Utilizing an authorized credential scan
  • Utilizing a non-credential scan
  • Utilizing a known malware plugin

Answer : Utilizing an operating system SCAP plugin

Explanation The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable the automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization.

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 6

Vulnerability scans must be conducted on a continuous basis in order to meet regulatory compliance requirements for the storage of PHI. During the last vulnerability scan, a cyber security analyst received a report of 2,592 possible vulnerabilities and was asked by the Chief Information Security Officer (CISO) for a plan to remediate all the known issues. What should the analyst do next?

Options are :

  • The analyst should attempt to identify all the false positives and exceptions, then resolve all the remaining items.
  • The analyst should wait to perform any additional scanning until the current list of vulnerabilities have been remediated fully.
  • The analyst should place any assets that contain PHI in a sandbox environment and then remediate all the vulnerabilities.
  • The analyst should filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first. (Correct)

Answer : The analyst should filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first.

Explanation PHI is an abbreviation for Personal Health Information. When attempting to remediate a large number of vulnerabilities, it is crucial to prioritize the vulnerabilities to determine which ones should be remediated first. In this case, the regulatory requirement is to ensure the security of the PHI data, so those assets that are critical to that operation or machines that are of the highest risk should be prioritized to receive remediation first.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions