Which of the following could be directly impacted by an unpatched vulnerability m vSphre ESXi?

• A.The organization's VPN
• B.The organization's mobile devices
• C.The organization's physical routers
• D.The organization's virtual infrastructure

Comment: *

Name: *

Email: *

Verification: *

A list of vulnerabilities has been reported in a company's most recent scan of a server. The security analyst must review the vulnerabilities and decide which ones should be remediated in the next change window and which ones can wait or may not need patching. Pending further investigation. Which of the following vulnerabilities should the analyst remediate FIRST?

• A.The analyst should remediate ftp (21/tcp)first. An outdated version of FTP is running on this port.
  If it is not in use, it should be disabled.
• B.The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain a shell on this host or disable this server.
• C.The analyst should remediate https (443/tcp)first. This web server is susceptible to banner grabbing and was fingerprinted as Apache/1.3.27-9 on Linux w/ mod_fastcgi.
• D.The analyst should remediate imaps (993/tcp)first. The SSLv2 suite offers five strong ciphers and two weak "export class" ciphers.

Comment: *

Name: *

Email: *

Verification: *

A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port.
Which of the following should be completed?

• A.Vulnerability report
• B.Reverse-engineering incident report
• C.Memorandum of agreement
• D.Lessons learned report

Comment: *

Name: *

Email: *

Verification: *

A security analyst is conducting traffic analysis and observes an HTTP POST to the company's main web
server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered
every ten seconds. Which of the following attacks is the traffic indicative of?

• A.Buffer overflow
• B.SQL injection
• C.DoS
• D.Exfiltration

Comment: *

Name: *

Email: *

Verification: *

A company's computer was recently infected with ransomware. After encrypting all documents, the
malware logs a random AES-128 encryption key and associated unique identifier onto a compromised
remote website. A ransomware code snippet is shown below:

Based on the information from the code snippet, which of the following is the BEST way for a cybersecurity
professional to monitor for the same malware in the future?

• A.Reconfigure the enterprise antivirus to push more frequent to the clients.
• B.Use an IDS custom signature to create an alert for connections to www.malwaresite.com.
• C.Configure the company proxy server to deny connections to www.malwaresite.com.
• D.Write an ACL to block the IP address of www.malwaresite.com at the gateway firewall.

Comment: *

Name: *

Email: *

Verification: *