Following a data compromise, a cybersecurity analyst noticed the following executed query:
SELECT * from Users WHERE name = rick OR 1=1
Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

• A.Character blacklist
• B.SQL injection
• C.Parameter validation
• D.XSS attack
• E.Malicious code execution
• F.Cookie encryption

Comment: *

Name: *

Email: *

Verification: *

A recent audit included a vulnerability scan that found critical patches released GO days prior were not applied to servers in the environment The infrastructure team was able to isolate the issue and determined it was due to a service disabled on the server running the automated patch management application Which of the following would Be the MOST efficient way to avoid similar audit findings in the future?

• A.Create a patch management policy that requires all servers to be patched within 30 days of patch release.
• B.Implement service monitoring to validate that tools are functioning properly.
• C.Set service on the patch management server to automatically run on start-up.
• D.Implement a manual patch management application package to regain greater control over the process

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst is reviewing log data and sees the output below:

Which of the following technologies MOST likely generated this log?

• A.Stateful inspection firewall
• B.Web application firewall
• C.Network-based intrusion detection system
• D.Host-based intrusion detection system

Comment: *

Name: *

Email: *

Verification: *

A security analyst's company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to have IPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many sales users reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?

• A.RFC 3162 is known to cause significant performance problems.
• B.The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.
• C.The implementation should have used AES instead of 3DES.
• D.The IPSec implementation has significantly increased the amount of bandwidth needed.

Comment: *

Name: *

Email: *

Verification: *

As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)

• A.Incident response policies
• B.IPS configuration
• C.Excluded hosts
• D.Timing of the scan
• E.Contents of the executive summary report
• F.Maintenance windows

Comment: *

Name: *

Email: *

Verification: *