The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?

• A.Review the flow data against each server's baseline communications profile.
• B.Configure the server logs to collect unusual activity including failed logins and restarted services.
• C.Correlate data loss prevention logs for anomalous communications from the server.
• D.Setup a packet capture on the firewall to collect all of the server communications.

Comment: *

Name: *

Email: *

Verification: *

A security consultant isconsidering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

Correct Answer:

Explanation

Comment: *

Name: *

Email: *

Verification: *

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

• A.Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.
• B.The company is using the wrong port. It should be using port 389 for secure LDAP.
• C.The clients may not trust Chicago by default.
• D.Secure LDAP should be running on UDP rather than TCP.
• E.The clients may not trust idapt by default.
• F.Secure LDAP does not support wildcard certificates.
• G.The secure LDAP service is not started, so no connections can be made.

Comment: *

Name: *

Email: *

Verification: *

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request?

• A.1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model
• B.1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3. Apply Big Data techniques4. Use antivirus control
• C.1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques
• D.1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms

Comment: *

Name: *

Email: *

Verification: *

Given the following code snippet:

Which of the following failure modes would the code exhibit?

• A.Halt
• B.Open
• C.Exception
• D.Secure

Comment: *

Name: *

Email: *

Verification: *