A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:
With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).
Correct Answer:
BE
OS credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. System information discovery is the process of gathering information about the system, such as hostname, IP address, OS version, running processes, etc. Both of these techniques are commonly used by adversaries to gain access to sensitive data and resources on the target system. The command shown in the image is using Mimikatz, a tool that can dump credentials from memory, and also querying the system information using WMIC. Verified References:
https://attack.mitre.org/techniques/T1003/ 
https://attack.mitre.org/techniques/T1082/ https://github.com/gentilkiwi/mimikatz https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmic
A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:
As part of the image process, which of the following is the FIRST step the analyst should take?
Correct Answer:
C
A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.
Which of the following would BEST secure the company’s CI/CD pipeline?
Correct Answer:
A
Reference: https://about.gitlab.com/blog/2021/04/09/demystifying-ci-cd-variables/
A trusted secrets manager is a tool or service that securely stores and manages sensitive information, such as passwords, API keys, tokens, certificates, etc. A trusted secrets manager can help secure the company’s CI/CD (Continuous Integration/Continuous Delivery) pipeline by preventing hard-coding sensitive environment variables in the code, which can expose them to unauthorized access or leakage. A trusted secrets manager can also enable encryption, rotation, auditing, and access control for the secrets. References: https://www.hashicorp.com/resources/what-is-a-secret-manager https://dzone.com/articles/how-to-securely-manage-secrets-in-a-ci-cd-pipeline
A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?
Correct Answer:
B
A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?
Correct Answer:
B
The developer would most likely implement a Root CA in the autonomous vehicle’s software. A Root CA is the top-level authority in a PKI that issues and validates certificates for subordinate CAs or end entities. A Root CA can be self-signed and embedded in the vehicle’s software, which would reduce the need for external communication and verification. A Root CA would also enable the vehicle to use digital signatures and encryption for secure communication with other vehicles or infrastructure. Verified References: https://cse.iitkgp.ac.in/~abhij/publications/PKI++.pdf https://www.digicert.com/blog/connected-cars-need-security-use-pki https://ieeexplore.ieee.org/document/9822667/