
[Jul 13, 2025] Passing Key To Getting CPTIA Certified Exam Engine PDF
CPTIA Exam Dumps Pass with Updated Jul-2025 Tests Dumps
NEW QUESTION # 69
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. Heacquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?
- A. Proactive surveillance feeds
- B. CSV data feeds
- C. External intelligence feeds
- D. Internal intelligence feeds
Answer: D
Explanation:
Internal intelligence feeds are derived from data and information collected within an organization's own networks and systems. Jian's activities, such as real-time assessment of system activities and acquiring feeds from honeynets, P2P monitoring, infrastructure, and application logs, fall under the collection of internal intelligence feeds. These feeds are crucial for identifying potential threats and vulnerabilities within the organization and form a fundamental part of a comprehensive threat intelligence program. They contrast with external intelligence feeds, which are sourced from outside the organization and include information on broader cyber threats, trends, and TTPs of threat actors.References:
* "Building an Intelligence-Led Security Program" by Allan Liska
* "Threat Intelligence: Collecting, Analysing, Evaluating" by M-K. Lee, L. Healey, and P. A. Porras
NEW QUESTION # 70
In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized?
- A. Incident recording and assignment
- B. Incident triage
- C. Containment
- D. Notification
Answer: B
Explanation:
Incident triage is the phase in the incident handling and response process where identified security incidents are analyzed, validated, categorized, and prioritized. This step is critical for determining the severity of incidents and deciding on the allocation of resources for effective response. It involves initial analysis to understand the nature of the incident, its impact, and urgency, which guides the subsequent response actions.
References:The incident triage phase is a foundational concept in the CREST CPTIA curriculum, emphasizing the importance of a structured approach to responding to security incidents, ensuring that resources are focused where they are needed most.
NEW QUESTION # 71
QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?
- A. Active assessment
- B. Passive assessment
- C. Internal assessment
- D. External assessment
Answer: A
Explanation:
In the scenario described, Dickson is performing an active assessment. This type of vulnerability assessment involves using automated tools to actively scan and probe the network for identifying hosts, services, and vulnerabilities. Unlike passive assessments, which rely on monitoring network traffic without direct interaction with the targets, active assessments engage directly with the network infrastructure to discover vulnerabilities, misconfigurations, and other security issues by sending data to systems and analyzing the responses. This approach provides a more immediate and detailed view of the security posture but can also generate detectable traffic that might be noticed by defensive systems or affect the performance of live systems.
References:The CREST CPTIA curriculum by EC-Council includes discussions on various methods of conducting vulnerability assessments, highlighting the differences between active and passive techniques, as well as the contexts in which each is most appropriately used.
NEW QUESTION # 72
Sam. an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization. How can you categorize this type of incident?
- A. Network intrusion incident
- B. Unauthorized access incident.
- C. Denial-of-service incicent
- D. Inappropriate usage incident
Answer: D
Explanation:
An inappropriate usage incident involves misuse of the organization's resources or violations of its acceptable use policies. Sam's actions, where he sends emails to third-party organizations with a spoofed email address of his employer, constitute misuse of the organization's email system and misrepresentation of the organization. This behavior can harm the organization's reputation, violate policy, and potentially lead to legal consequences. Inappropriate usage incidents can range from unauthorized use of systems for personal gain to the dissemination of unapproved content.
References:The Incident Handler (CREST CPTIA) by EC-Council includes discussions on various types of security incidents, emphasizing the importance of addressing and mitigating not just external threats but also internal misuse and policy violations.
NEW QUESTION # 73
A threat analyst wants to incorporate a requirement in the threat knowledge repository that provides an ability to modify or delete past or irrelevant threat data.
Which of the following requirement must he include in the threat knowledge repository to fulfil his needs?
- A. Protection ranking
- B. Evaluating performance
- C. Data management
- D. Searchable functionality
Answer: C
Explanation:
Incorporating a data management requirement in the threat knowledge repository is essential to provide the ability to modify or delete past or irrelevant threat data. Effective data management practices ensure that the repository remains accurate, relevant, and up-to-date by allowing for the adjustment and curation of stored information. This includes removing outdated intelligence, correcting inaccuracies, and updating information as new insights become available. A well-managed repository supports the ongoing relevance and utility of the threat intelligence, aiding in informed decision-making and threat mitigation strategies.References:
* "Building and Maintaining a Threat Intelligence Library," by Recorded Future
* "Best Practices for Creating a Threat Intelligence Policy, and How to Use It," by SANS Institute
NEW QUESTION # 74
Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email. Which of the following tools should he use?
- A. Email Dossier
- B. Zendio
- C. G Suite Toolbox
- D. Yesware
Answer: A
Explanation:
Email Dossier is a tool designed to assist in the investigation of email incidents by analyzing and validating email headers and providing detailed information about the origin, routing, and authenticity of an email.
When Michael is tasked with handling an email incident and needs to check the validity of an email received from an unknown source, Email Dossier can be utilized to trace the email's path, assess its credibility, and identify potential red flags associated with phishing or other malicious email-based attacks.
References:The CREST CPTIA curriculum emphasizes the importance of tools and techniques for email incident handling, including the use of Email Dossier for investigating suspicious emails and aiding in the response to email-based threats.
NEW QUESTION # 75
Darwin is an attacker residing within the organization and is performing network sniffing by running his system in promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization.
In the above situation, which of the following Nmap commands Edwin must use to detect Darwin's system that is running in promiscuous mode?
- A. nmap -sV -T4 -O -F -version-light
- B. nmap -sU -p 500
- C. nmap --script hostmap
- D. nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]
Answer: D
Explanation:
The GPG18 and Forensic readiness planning (SPF) principles outline various guidelines to enhance an organization's readiness for forensic investigation and response. Principle 5, which suggests that organizations should adopt a scenario-based Forensic ReadinessPlanning approach that learns from experience gained within the business, emphasizes the importance of being prepared for a wide range of potential incidents by leveraging lessons learned from past experiences. This approach helps in continuously improving forensic readiness and response capabilities by adapting to the evolving threat landscape and organizational changes.
References:While specific documentation from GPG18 and SPF might detail these principles, the CREST CPTIA program by EC-Council covers the concept of forensic readiness planning, including adopting scenario-based approaches and learning from past incidents as a fundamental aspect of enhancing an organization's incident response and forensic capabilities.
NEW QUESTION # 76
An incident handler is analyzing email headers to find out suspicious emails.
Which of the following tools he/she must use in order to accomplish the task?
- A. SPAMfighter
- B. Barracuda Email Security Gateway
- C. Gophish
Answer: B
Explanation:
The Barracuda Email Security Gateway is designed to manage and filter inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. As an incident handler analyzing email headers to find out suspicious emails, using a tool like the Barracuda Email Security Gateway would be appropriate. This tool can help identify and block spam, phishing, malware, and other malicious email threats, making it easier to focus on analyzing potentially harmful emails more closely.
NEW QUESTION # 77
The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption Identify the correct sequence of steps involved in forensic readiness planning.
- A. 1-->2-->3-->4-->5-->6-->7-->8
- B. 3-->4-->8-->7-->6-->1-->2-->5
- C. 2-->3-->1-->4-->6-->5-->7-->8
- D. 3-->1-->4-->5-->8-->2-->6-->7
Answer: B
Explanation:
The correct sequence of steps involved in forensic readiness planning, based on the activities described, is as follows:
* Identify the potential evidence required for an incident.
* Determine the source of the evidence.
* Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption.
* Establish a policy for securely handling and storing the collected evidence.
* Identify if the incident requires full or formal investigation.
* Train the staff to handle the incident and preserve the evidence.
* Create a special process for documenting the procedure.
* Establish a legal advisory board to guide the investigation process.This sequence ensures that an organization is prepared to handle incidents efficiently, with a focus on identifying relevant evidence and the legal context of its collection, followed by staff training and the establishment of guiding policies and advisory boards.References:Incident Handler (CREST CPTIA) courses and study guides include discussions on forensic readiness planning, highlighting the importance of preparing organizations for effective legal and technical handling of incidents.
NEW QUESTION # 78
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?
- A. Refinement
- B. Diagnostics
- C. Evidence
- D. Inconsistency
Answer: A
Explanation:
In the Analysis of Competing Hypotheses (ACH) process, the stage where Mr. Bob is applying analysis to reject hypotheses and select the most likely one based on listed evidence, followed by preparing a matrix with screened hypotheses and evidence, is known as the 'Refinement' stage. This stage involves refining the list of hypotheses by systematically evaluating the evidence against each hypothesis, leading to the rejection of inconsistent hypotheses and the strengthening of the most plausible ones. The preparation of a matrix helps visualize the relationship between each hypothesis and the available evidence, facilitating a more objective and structured analysis.References:
* "Psychology of Intelligence Analysis" by Richards J. Heuer, Jr., for the CIA's Center for the Study of Intelligence
* "A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis" by the CIA
NEW QUESTION # 79
Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?
- A. RFC 219G
- B. PCI DSS
- C. ISO/IEC 27035
- D. ISO/IEC 27002
Answer: D
Explanation:
ISO/IEC 27002 is a standard that provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining information security management systems (ISMSs). It covers areas such as risk assessment, human resource security, operational security, and communications security, among others, providing a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS. ISO/IEC 27035 pertains to information security incident management, PCI DSS (Payment Card Industry Data Security Standard) deals with the security of cardholder data, and RFC 2196 is a guide for computer security incident response teams (CSIRTs), not a standard for implementing ISMSs.References:The CREST CPTIA curriculum includes the study of various standards and frameworks that support information security management and governance, including ISO/IEC
27002, highlighting its role in guiding organizations in implementing effective security controls.
NEW QUESTION # 80
Clark, a professional hacker, exploited the web application of a target organization by tampering the form and parameter values. He successfully exploited the web application and gained access to the information assets of the organization.
Identify the vulnerability in the web application exploited by the attacker.
- A. Security misconfiguration
- B. Sensitive data exposure
- C. SQL injection
- D. Broken access control
Answer: D
Explanation:
The vulnerability exploited by Clark through tampering with form and parameter values to gain unauthorized access to information assets is indicative of Broken Access Control. Broken Access Control vulnerabilities occur when a web application does not properly enforce restrictions on what authenticated users are allowed to do. Attackers can exploit these vulnerabilities to access unauthorized functionality or data, such as accessing other users' accounts, viewing sensitive files, and modifying other users' data.
NEW QUESTION # 81
ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach.
Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the organization stands with its security and vulnerabilities.
- A. Level 0: vague where to start
- B. Level 2: increasing CTI capabilities
- C. Level 3: CTI program in place
- D. Level 1: preparing for CTI
Answer: C
Explanation:
ABC cyber-security company, which has implemented automation for tasks such as data enrichment and indicator aggregation and has joined various communities to increase knowledge about emerging threats, is demonstrating characteristics of a Level 3 maturity in the threat intelligence maturity model. At this level, organizations have a formal Cyber Threat Intelligence (CTI) program in place, with processes and tools implemented to collect, analyze, and integrate threat intelligence into their security operations. Although they may still be reactive in detecting and preventing threats, the existence of structured CTI capabilities indicates a more developed stage of threat intelligence maturity.References:
* "Building a Threat Intelligence Program," by Recorded Future
* "The Threat Intelligence Handbook," by Chris Pace, Cybersecurity Evangelist at Recorded Future
NEW QUESTION # 82
Which of the following best describes an email issued as an attack medium, in which several messages are sent to a mailbox to cause overflow?
- A. Spoofing
- B. Smurf attack
- C. Email-bombing
- D. Masquerading
Answer: C
Explanation:
Email-bombing refers to the attack where the attacker sends a massive volume of emails to a specific email address or mail server in order to overflow the mailbox or overwhelm the server, potentially causing it to fail or deny service to legitimate users. This attack can disrupt communications and, in some cases, lead to the targeted email account being disabled. Masquerading involves pretending to be another legitimate user, spoofing is the creation of emails (or other communications) with a forged sender address, and a smurf attack is a specific type of Distributed Denial of Service (DDoS) attack that exploits Internet Protocol (IP) and Internet Control Message Protocol (ICMP) to flood a target with traffic. Email-bombing specifically targets email services with the goal of causing disruption by overflowing inboxes.References:CREST CPTIA courses and study guides often include discussions on various attack vectors used by cybercriminals, including email- based threats and their impact on organizational security.
NEW QUESTION # 83
Mr. Smith is a lead incident responder of a small financial enterprise having few branches in Australia. Recently, the company suffered a massive attack losing USD 5 million through an inter-banking system. After in-depth investigation on the case, it was found out that the incident occurred because 6 months ago the attackers penetrated the network through a minor vulnerability and maintained the access without any user being aware of it. Then, he tried to delete users' fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system.
Finally, the attacker gained access and did fraudulent transactions.
Based on the above scenario, identify the most accurate kind of attack.
- A. Ransomware attack
- B. Denial-of-service attack
- C. Phishing
- D. APT attack
Answer: D
Explanation:
The scenario described fits the characteristics of an Advanced Persistent Threat (APT) attack. APTs are sophisticated, stealthy, and continuous computer hacking processes often orchestratedby groups targeting a specific entity. These attackers penetrate the network through vulnerabilities, maintain access without detection, and achieve their objectives, such as data exfiltration or financial theft, over an extended period.
The fact that attackers exploited a minor vulnerability, maintained access for six months, and performed lateral movements to access critical systems for fraudulent transactions highlights the strategic planning and persistence typical of APT attacks.References:Incident Handler (CREST CPTIA) certification materials discuss APTs in detail, including their methodologies, objectives, and the importance of comprehensive security strategies to detect and mitigate such threats.
NEW QUESTION # 84
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?
- A. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
- B. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
- C. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
- D. Intelligence that reveals risks related to various strategic business decisions
Answer: A
Explanation:
Red Teams are tasked with emulating potential adversaries to test and improve the security posture of an organization. They require intelligence on the latest vulnerabilities, threat actors, and their TTPs to simulate realistic attack scenarios and identify potential weaknesses in the organization's defenses. This information helps Red Teams in crafting their attack strategies to be as realistic and relevant as possible, thereby providing valuable insights into how actual attackers might exploit the organization's systems. This need contrasts with the requirements of other teams or roles within an organization, such as strategic decision-makers, who might be more interested in intelligence relatedto strategic risks or Blue Teams, which focus on defending against and responding to attacks.References:
* Red Team Field Manual (RTFM)
* MITRE ATT&CK Framework for understanding threat actor TTPs
NEW QUESTION # 85
Which of the following GPG18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"?
- A. Principle 7
- B. Principle 3
- C. Principle 5
- D. Principle 2
Answer: C
Explanation:
The GPG18 and Forensic readiness planning (SPF) principles outline various guidelines to enhance an organization's readiness for forensic investigation and response. Principle 5, which suggests that organizations should adopt a scenario-based Forensic Readiness Planning approach that learns from experience gained within the business, emphasizes the importance of being prepared for a wide range of potential incidents by leveraging lessons learned from past experiences. This approach helps in continuously improving forensic readiness and response capabilities by adapting to the evolving threat landscape and organizational changes.
References:While specific documentation from GPG18 and SPF might detail these principles, the CREST CPTIA program by EC-Council covers the concept of forensic readiness planning, including adopting scenario-based approaches and learning from past incidents as a fundamental aspect of enhancing an organization's incident response and forensic capabilities.
NEW QUESTION # 86
Allan performed a reconnaissance attack on his corporate network as part of a red-team activity. He scanned the IP range to find live host IP addresses. What type of technique did he use to exploit the network?
- A. Port scanning
- B. Social engineering
- C. Ping sweeping
- D. DNS foot printing
Answer: C
Explanation:
Ping sweeping is a technique used in network reconnaissance to identify which IP addresses in a range are active or live. By sending ICMP echo requests ("ping") to multiple hosts and observing which ones respond, an attacker or, in this case, a red team member like Allan, can determine which systems are up and potentially vulnerable to further exploration or attack. This method is foundational for mapping the network before deploying more targeted exploits or scans.
References:EC-Council's Certified Incident Handler (CREST CPTIA) program discusses various reconnaissance techniques, including ping sweeping, as a preliminary step in network analysis and vulnerability assessment.
NEW QUESTION # 87
Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?
- A. Gateway
- B. Repeater
- C. Hub
- D. Network interface card (NIC)
Answer: A
Explanation:
A gateway in a network functions as a node that routes traffic between different networks, such as from a local network to the internet. In the context of cyber threats, a gateway can be utilized to monitor and control the data flow to and from the network, helping in the identification and analysis of malware communications, including traffic to external command and control (C2) servers. This makes it an essential component in detecting installed malware within a network by observing anomalies or unauthorized communications at the network's boundary. Unlike repeaters, hubs, or network interface cards (NICs) that primarily facilitate network connectivity without analyzing the traffic, gateways can enforce security policies and detect suspicious activities.References:
* "Network Security Basics," Security+ Guide to Network Security Fundamentals
* "Malware Command and Control Channels: A Journey," SANS Institute InfoSec Reading Room
NEW QUESTION # 88
......
CPTIA exam questions for practice in 2025 Updated 137 Questions: https://www.exams4sures.com/CREST/CPTIA-practice-exam-dumps.html