A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.
When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do next?

• A.Document the procedures and walk through the incident training guide.
• B.Reverse engineer the malware to determine its purpose and risk to the organization.
• C.Sanitize the workstation and verify countermeasures are restored.
• D.Isolate the workstation and issue a new computer to the user.

Comment: *

Name: *

Email: *

Verification: *

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?

• A.PCI Security Standards Council
• B.Local law enforcement
• C.Federal law enforcement
• D.Card issuer

Comment: *

Name: *

Email: *

Verification: *

A security analyst is validating a particular finding that was reported in a web application vulnerability scan to make sure it is not a false positive. The security analyst uses the snippet below:

Which of the following vulnerability types is the security analyst validating?

• A.Directory traversal
• B.XSS
• C.XXE
• D.SSRF

Comment: *

Name: *

Email: *

Verification: *

A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network. Which of the following would best aid in decreasing the workload without increasing staff?

• A.SIEM
• B.XDR
• C.SOAR
• D.EDR

Comment: *

Name: *

Email: *

Verification: *