A security analyst is reviewing a report from the networking department that describes an increase in
network utilization, which is causing network performance issues on some systems. A top talkers report
over a five-minute sample is included.

Given the above output of the sample, which of the following should the security analyst accomplish FIRST
to help track down the performance issues?

• A.Put ACLs in place to restrict traffic destined for random or non-default application ports.
• B.Quarantine the top talker on the network and begin to investigate any potential threats caused by the
  excessive traffic.
• C.Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the
  congestion.
• D.Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.

Comment: *

Name: *

Email: *

Verification: *

A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents should include these details?

• A.Acceptable use policy
• B.Service level agreement
• C.Rules of engagement
• D.Memorandum of understanding
• E.Master service agreement

Comment: *

Name: *

Email: *

Verification: *

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

• A.Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and
  636 are identical.
• B.Change all devices and servers that support it to 636, as encrypted services run by default on 636.
• C.Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
• D.Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity professional typed in a URL and discovered the admin panel for the e-commerce application is accessible over the open web with the default password. Which of the following is the MOST secure solution to remediate this vulnerability?

• A.Rename the URL to a more obscure name, whitelist all corporate IP blocks, and require two-factor authentication.
• B.Change the default password, whitelist specific source IP addresses, and require two-factor authentication.
• C.Whitelist all corporate IP blocks, require an alphanumeric passphrase for the default password, and require two-factor authentication.
• D.Change the username and default password, whitelist specific source IP addresses, and require two- factor authentication.

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows:

Which of the following actions should be taken to remediate this security issue?

• A.Set "Allowlatescanning" to 1 in the URLScan.ini configuration file.
• B.Set "Removeserverheader" to 1 in the URLScan.ini configuration file.
• C.Set "Enablelogging" to 0 in the URLScan.ini configuration file.
• D.Set "Perprocesslogging" to 1 in the URLScan.ini configuration file.

Comment: *

Name: *

Email: *

Verification: *