Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?

• A.Decrease the frequency of backups and pay the ransom to decrypt the data.
• B.Leave the current backup schedule intact and pay the ransom to decrypt the data.
• C.Leave the current backup schedule intact and make the human resources fileshare read-only.
• D.Increase the frequency of backups and create SIEM alerts for IOCs.

Comment: *

Name: *

Email: *

Verification: *

A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

• A.Implementing an IDS
• B.Deploying a honeypot
• C.Installing a network firewall
• D.Placing a WAF inline

Comment: *

Name: *

Email: *

Verification: *

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

• A.Continuously monitor code commits to repositories and generate summary logs.
• B.Perform static code analysis of committed code and generate summary reports.
• C.Install an IDS on the development subnet and passively monitor for vulnerable services.
• D.Implement an XML gateway and monitor for policy violations.
• E.Model user behavior and monitor for deviations from normal.
• F.Monitor dependency management tools and report on susceptible third-party libraries.

Comment: *

Name: *

Email: *

Verification: *

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

• A.The system administrator should evaluate dependencies and perform upgrade as necessary.
• B.The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.
• C.The product owner should perform a business impact assessment regarding the ability to implement a WAF.
• D.The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Comment: *

Name: *

Email: *

Verification: *

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

• A.IDSs, WAFs, and forward proxy IDS
• B.Reverse proxy, stateful firewalls, and VPNs at the local sites
• C.DoS protection at the hub site, mutual certificate authentication, and cloud proxy
• D.IPSs at the hub, Layer 4 firewalls, and DLP

Comment: *

Name: *

Email: *

Verification: *