The incident response team is working with a third-party forensic specialist to investigate the root cause of a recent intrusion An analyst was asked to submit sensitive network design details for review The forensic specialist recommended electronic delivery for efficiency but email was not an approved communication channel to send network details Which of the following BEST explains the importance of using a secure method of communication during incident response?

1. A. To prevent adversaries from intercepting response and recovery details
2. B. To ensure intellectual property remains on company servers
3. C. To have a backup plan in case email access is disabled
4. D. To ensure the management team has access to all the details that are being exchanged

Correct Answer: A
To prevent adversaries from intercepting response and recovery details. Using a secure method of communication during incident response is important to prevent adversaries from intercepting response and recovery details that could reveal the incident response team’s actions, strategies, or findings. If the adversaries can intercept the communication, they could use it to evade detection, escalate their privileges, or launch further attacks. To ensure intellectual property remains on company servers, to have a backup plan in case email access is disabled, or to ensure the management team has access to all the details that are being exchanged are other possible reasons to use a secure method of communication, but they are not as important as preventing adversaries from intercepting response and recovery details. Reference: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

A security analyst works for a biotechnology lab that is planning to release details about a new cancer treatment. The analyst has been instructed to tune the SIEM softvare and IPS in preparation for the
announcement. For which of the following concerns will the analyst most likely be monitoring?

1. A. Intellectual property loss
2. B. PII loss
3. C. Financial information loss
4. D. PHI loss

Correct Answer: A
SIEM software is a tool that provides a single centralized platform for the collection, monitoring, and management of security-related events and log data from across the enterprise1. SIEM software can help security analysts detect, investigate, and respond to threats, as well as comply with regulations and standards.
IPS stands for Intrusion Prevention System. It is a device or software that monitors network traffic and blocks or modifies malicious packets before they reach their destination2. IPS can help security analysts prevent attacks, protect sensitive data, and reduce network downtime.
A security analyst working for a biotechnology lab that is planning to release details about a new cancer treatment would most likely be monitoring for A. Intellectual property loss. Intellectual property (IP) refers t the creations of the mind, such as inventions, designs, artistic works, or trade secrets3. IP loss occurs when someone steals, leaks, or misuses the IP of an organization without authorization.
The biotechnology lab’s new cancer treatment is an example of IP that has high value and potential impact on the market and society. Therefore, the security analyst would want to protect it from competitors, hackers, or other malicious actors who might try to access it illegally or sabotage it. The security analyst would use SIEM software and IPS to monitor for any signs of unauthorized access, data exfiltration, or tampering with the lab’s network or systems.

Which of the following solutions is the BEST method to prevent unauthorized use of an API?

1. A. HTTPS
2. B. Geofencing
3. C. Rate liming
4. D. Authentication

Correct Answer: D
Authentication is a method of verifying a user’s identity by requiring some piece of evidence, such as something the user knows (e.g., password), something the user has (e.g., token), or something the user is (e.g., fingerprint). Authentication is the best method to prevent unauthorized use of an API, because it ensures that only legitimate users can access or use the API functions or data. HTTPS, geofencing, or rate limiting are other methods that can enhance the security or performance of an API, but they do not prevent unauthorized use of an API. Reference: https://www.redhat.com/en/topics/api/what-is-api-security

A manager asks a security analyst lo provide the web-browsing history of an employee. Which of the following should the analyst do first?

1. A. Obtain permission to perform the search.
2. B. Obtain the web-browsing history from the proxy.
3. C. Obtain the employee's network ID to form the query.
4. D. Download the browsing history, encrypt i
5. E. and hash it

Correct Answer: A
The analyst should obtain permission to perform the search before accessing the web-browsing history of an employee, as this may involve privacy or legal issues. The analyst should follow the organization’s policies and procedures, and obtain authorization from the appropriate authority, such as the manager, the human resources department, or the legal department.

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?

1. A. Prepared statements
2. B. Server-side input validation
3. C. Client-side input encoding
4. D. Disabled JavaScript filtering

Correct Answer: B
Server-side input validation is a solution that can prevent cross-site scripting (XSS) vulnerabilities by checking and filtering any user input that is sent to the server before rendering it on a web page. Server-side input validation can help to ensure that the user input conforms to the expected format, length and type, and does not contain any malicious characters or syntax that may alter the logic or behavior of the web page. Server-side input validation can also reject or sanitize any input that does not meet the validation criteria .