A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script:
Which of the following scripting languages was used in the script?
The script provided uses cmdlet names that follow a Verb-Noun format, such as 'Get-ADUser', 'Add-ADGroupMember', and 'Set-ADUser', which are distinctive features of PowerShell. Additionally, the use of the pipeline operator '|' to pass objects between commands is a common characteristic of PowerShell. The script also interacts with Active Directory, which is commonly administered using PowerShell cmdlets in Windows environments. Therefore, the scripting language used in the script is PowerShell.
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?
The observed activity where users sometimes access the company's internal portal via HTTP (port 80) and other times via HTTPS (port 443) suggests an on-path attack. This type of attack is typically performed by someone with internal access and involves intercepting and manipulating network traffic. By forcing users to use HTTP instead of HTTPS, the attacker can capture sensitive information transmitted over the network, which aligns with the user's accounts being compromised.
A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:
Security Policy 1006: Vulnerability Management
1. The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.
2. In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.
3. The Company shall prioritize patching of publicly available systems and services over patching of internally available system.
According to the security policy, which of the following vulnerabilities should be the highest priority to patch?
The security policies prioritize confidentiality over availability and external systems over internal ones. Both CAP.SHIELD and THANOS.GAUNTLET have the same CVSS scores with high confidentiality impact, but CAP.SHIELD is on an external system, making it the highest priority to patch according to the policies.
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?
A Business Continuity Plan (BCP) is essential to ensure that mission-critical services are available in the event of an incident. While disaster recovery focuses on restoring IT infrastructure and operations post-disaster, a business continuity plan encompasses a broader range of strategies aimed at maintaining essential functions during and after any unplanned incident, ensuring minimal disruption to operations.
The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?
To eliminate and reduce shadow IT in the enterprise and manage high-risk cloud applications, the most effective solution is to deploy a Cloud Access Security Broker (CASB) and enable policy enforcement. A CASB provides visibility and control over the use of cloud services, helping to identify and manage shadow IT. It enforces security policies to ensure compliance and protect against threats, thereby reducing the risk associated with unauthorized cloud application usage.