Which of the following is the best reason why organizations need operational security controls?
Correct Answer:
A
Operational security controls are security measures that are implemented and executed by people rather than by systems. Operational security controls are needed to supplement areas that other controls, such as technical or physical controls, cannot address. For example, operational security controls can include policies, procedures, training, awareness, audits, reviews, testing, etc. These controls can help ensure that employees follow best practices, comply with regulations, detect and report incidents, and respond to emergencies. The other options are not specific to operational security controls or are too narrow in scope. References: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 14; https://www.isaca.org/resources/isaca-journal/issues/2016/volume-3/operational-security-controls
You are a penetration tester who is reviewing the system hardening guidelines for a company. Hardening guidelines indicate the following.
There must be one primary server or service per device. Only default port should be used
Non- secure protocols should be disabled. The corporate internet presence should be placed in a protected subnet Instructions : Using the available tools, discover devices on the corporate network and the services running on these devices.
You must determine ip address of each device The primary server or service each device The protocols that should be disabled based on the hardening guidelines
Solution:
Answer below images
Does this meet the goal?
Correct Answer:
A
Which of the following SCAP standards provides standardization tor measuring and describing the seventy of security-related software flaws?
Correct Answer:
B
CVSS stands for Common Vulnerability Scoring System, and it is a standard for measuring and describing the severity of security-related software flaws. CVSS provides a numerical score and a vector string that represent the characteristics and impact of a vulnerability. CVSS can help prioritize remediation efforts and communicate risk levels to stakeholders.
A security analyst is investigate an no client related to an alert from the threat detection platform on a host (10.0 1.25) in a staging environment that could be running a cryptomining tool because it in sending traffic to an IP address that are related to Bitcoin.
The network rules for the instance are the following:
Which of the following is the BEST way to isolate and triage the host?
Correct Answer:
C
The best way to isolate and triage the host is to remove rules 1, 2, 3, 4, and 5. These rules allow inbound and outbound traffic on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) from any source or destination. By removing these rules, the security analyst can block any network communication to or from the host, preventing any further data exfiltration or malware infection. This will also allow the security analyst to perform a forensic analysis on the host without any interference from external sources.
A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?
Correct Answer:
D
The IDS signature should be updated next after receiving a new IoC (Indicator of Compromise) from an ISAC (Information Sharing and Analysis Center) that follows a threat actor’s profile and activities. An IoC is a piece of evidence or artifact that suggests a system or network has been compromised or attacked by a threat actor4. An IoC can be an IP address, domain name, URL, file hash, email address, registry key, etc. An ISAC is a nonprofit organization that collects, analyzes, and shares threat intelligence and best practices among its members within a specific sector or industry5. An ISAC can help to improve the security awareness and preparedness of its members by providing timely and relevant information about emerging threats and incidents.