A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.
Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)

• A.Change the user's access privileges.
• B.Configure VM isolation.
• C.Update virus definitions on all endpoints.
• D.Deprovision database VM.
• E.Install perimeter NGFW.
• F.Install the appropriate patches.

Comment: *

Name: *

Email: *

Verification: *

A security analyst who is concerned about sensitive data exfiltration reviews the following:

Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

• A.Port scanner
• B.SCAP tool
• C.File integrity monitor
• D.Protocol analyzer

Comment: *

Name: *

Email: *

Verification: *

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.
Which of the following would be the MOST efficient control to prevent this from occurring in the future?

• A.Install application whitelist on mobile devices.
• B.Disallow side loading of applications on mobile devices.
• C.Restrict access to company systems to expected times of day and geographic locations.
• D.Prevent backup of mobile devices to personally owned computers.
• E.Perform unannounced insider threat testing on high-risk employees.

Comment: *

Name: *

Email: *

Verification: *

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.
Which of the following solutions BEST meets all of the architect's objectives?

• A.An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
• B.A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
• C.An open distributed transaction ledger that requires proof of work to append entries.
• D.An internal key infrastructure that allows users to digitally sign transaction logs

Comment: *

Name: *

Email: *

Verification: *

During a security event investigation, a junior analyst fails to create an image of a server's hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering.
Which of the following should the junior analyst have followed?

• A.Order of volatility
• B.Data recovery
• C.Chain of custody
• D.Continuity of operations

Comment: *

Name: *

Email: *

Verification: *