During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

Which Of the following best ensures minimal downtime for organizations v?h crit-ical computing equipment located in earthquake-prone areas?

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the MOST likely cause?

The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers. Which of the attacks has most likely occurred?

A security team is providing input on the design of a secondary data center that has Which of the following should the security team recommend? (Select two).

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Which of the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available. Perform the following steps: * 1. Configure the RADIUS server. * 2. Configure the WiFi controller. * 3. Preconfigure the client for an incoming guest. The guest AD credentials are: User: guest01 Password: guestpass

A security team will be outsourcing several key functions to a third party and will require that: ? Several of the functions will carry an audit burden. ? Attestations will be performed several times a year. ? Reports will be generated on a monthly basis. Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?