There have been several exploits to critical devices within the network. However, there is currently no
process to perform vulnerability analysis.
Which of the following should the security analyst implement during production hours to identify critical
threats and vulnerabilities?

• A.Scanning of all types of data regardless of sensitivity levels
• B.Vulnerability scanning frequency that does not interrupt workflow
• C.Daily automated reports of exploited devices
• D.Asset inventory of all critical devices

Comment: *

Name: *

Email: *

Verification: *

The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:

Which of the following describes the reason why the discovery is failing?

• A.The scanning tool lacks valid LDAP credentials.
• B.The server running LDAP has antivirus deployed.
• C.The LDAP server is configured on the wrong port.
• D.The scan is returning LDAP error code 52255a.
• E.The connection to the LDAP server is timing out.

Comment: *

Name: *

Email: *

Verification: *

After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company's computer.

Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?

• A.DENY TCP ANY HOST 10.38.219.20 EQ 3389
• B.DENY IP HOST 10.38.219.20 ANY EQ 25
• C.DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389
• D.DENY TCP ANY HOST 192.168.1.10 EQ 25

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:

Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

• A.The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
• B.The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.
• C.The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
• D.The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.

Comment: *

Name: *

Email: *

Verification: *

You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.
Instructions:
The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

• A.IDS-WAF
  Development PC-NIPS
  Accounting PC-HIPS
  Database- secure coding
• B.IDS-WAF
  Development PC-NIPS
  Accounting PC-HIPS
  Marketing PC- Application whitelisting
  Web Server - Server side validation
  Database- secure coding

Comment: *

Name: *

Email: *

Verification: *