A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company’s client-facing portal are running slowly today After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified Which of the following is the CISO performing?

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access tA.database used by manufacturing The development team did not plan to remediate

A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources However, the MDM enrollment process continually fails The administrator asks a security team member to look into the issue Which of the following is the MOST likely reason the MDM is not allowing enrollment?

A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place The network team must enable multicast traffic to restore access to the electronic medical record The ISM states that the network team must reduce the footpr

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises Which of the following should the consultant recommend be performed to evaluate potential risks?

A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following: High-impact controls implemented: 6 out of 10 Medium-impact controls implemented: 409 out of 472 Low-impact controls implemented: 97 out of 1000 The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information: Average high-impact control impleme

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes Which of the following controls would BEST mitigate the identified vulnerability?

A recent penetration test identified that a web server has a major vulnerability The web server hosts a critical shipping application for the company and requires 99.99% availability Attempts to fix the vulnerability would likely break the application The shipping application is due to be replaced in the next three months Which of the following would BEST secure the web server until the replacement web server is ready?

An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website The penetration tester discovers an issue that must be corrected before the page goes live The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website Which of the following types of attack vector did the penetration tester use?

An insurance company has two million customers and is researching the top transactions on its customer portal It identifies that the top transaction is currently password reset Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the sol

After investigating virus outbreaks that have cost the company $1,000 per incident the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements: Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

An SQL database is no longer accessible online due to a recent security breach An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two )

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two )

A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees Which of the following should the security administrator implement?

A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software The server was reimaged and patched offline Which of the following tools should be implemented to detect similar attacks?

An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?

Two new technical SMB security settings have been enforced and have also become policies that increase secure communications. Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares Which of the following mitigation strategies should an information security manager recommend to the data owner?

After investigating virus outbreaks that have cost the company $1,000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements: Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements Which of the following is the MOST likely reason for the need to sanitize the client data?

A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?

A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible tA.zero-day exploit utilized in the banking industry and whether attribution is possible The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future Which of the following are the MOST appropriate ordered steps to take to meet the CISO’s request?

After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The company’s IT department has seen a large number of the following incidents: •Duplicate IP addresses •Rogue network devices •Infected systems probing the company's network Which of the following should be implemented to remediate the above issues? (Choose two )

A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting Which of the following would be the BEST methods to prepare this report? (Choose two )