During a review of security controls, an analyst was able to connect to an external, unsecured FTP server from a workstation. The analyst was troubleshooting and reviewed the ACLs of the segment firewall the workstation is connected to:

Based on the ACLs above, which of the following explains why the analyst was able to connect to the FTP server?

• A.FTP was explicitly allowed in Seq 8 of the ACL.
• B.FTP was allowed as being outbound from Seq 9 of the ACL.
• C.FTP was allowed as being included in Seq 3 and Seq 4 of the ACL.
• D.FTP was allowed in Seq 10 of the ACL.

Comment: *

Name: *

Email: *

Verification: *

A security analyst has determined the security team should take action based on the following log:
Which of the following should be used to improve the security posture of the system?

• A.Upgrade the firewalls
• B.Increase password complexity requirements
• C.Limit the number of unsuccessful login attempts
• D.Enable login account auditing.

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

• A.The remote host is redirecting port 80 to port 8080.
• B.The remote host is running a web server on port 80.
• C.The remote host's firewall is dropping packets for port 80.
• D.The remote host is running a service on port 8080.

Comment: *

Name: *

Email: *

Verification: *

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

• A.'HTTPS' entries indicate the web page is encrypted securely.
• B.The scan result version is different from the automated asset inventory.
• C.Any items labeled 'low' are considered informational only.
• D.Reports indicate that findings are informational.

Comment: *

Name: *

Email: *

Verification: *

An organization recently had its strategy posted to a social media website. The document posted to the website is an exact copy of a document stored on only one server in the organization. A security analyst sees the following output from a command-line entry on the server suspected of the problem:

Which of the following would be the BEST course of action?

• A.Monitor all the established TCP connections for data exfiltration
• B.Remove the malware associated with PID 773
• C.Block all TCP connections at the firewall
• D.Investigate the malware associated with PID 123
• E.Figure out which of the Firefox processes is the malware

Comment: *

Name: *

Email: *

Verification: *