An organization has recently recovered from an incident where a managed switch had been accessed and
reconfigured without authorization by an insider. The incident response team is working on developing a
lessons learned report with recommendations. Which of the following recommendations will BEST prevent
the same attack from occurring in the future?

• A.Remove and replace the managed switch with an unmanaged one.
• B.Implement a separate logical network segment for management interfaces.
• C.Install and configure NAC services to allow only authorized devices to connect to the network.
• D.Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.

Comment: *

Name: *

Email: *

Verification: *

A security analyst performed a review of an organization's software development life cycle. The analyst reports that the life cycle does not contain a phase m which team members evaluate and provide critical feedback on another developer's code. Which of the following assessment techniques is BEST for describing the analyst's report?

• A.Whitebox testing
• B.Peer review
• C.Architectural evaluation
• D.Waterfall

Comment: *

Name: *

Email: *

Verification: *

Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".
The administrator observed the following about the three servers:
The servers are not accessible by the Internet
AV programs indicate the servers have had malware as recently as two weeks ago The SIEM shows unusual traffic in the last 20 days Integrity validation of system files indicates unauthorized modifications Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).

• A.Servers may have been tampered with
• B.Immediately rebuild servers from known good configurations
• C.Schedule recurring vulnerability scans on the servers
• D.Servers may have been built inconsistently
• E.Activate the incident response plan
• F.Servers may be generating false positives via the SIEM

Comment: *

Name: *

Email: *

Verification: *

A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?

• A.The analyst is red team.
  The employee is blue team.
  The manager is white team.
• B.The analyst is white team.
  The employee is red team.
  The manager is blue team.
• C.The analyst is red team.
  The employee is white team.
  The manager is blue team.
• D.The analyst is blue team.
  The employee is red team.
  The manager is white team.

Comment: *

Name: *

Email: *

Verification: *

A technician receives the following security alert from the firewall's automated system:

After reviewing the alert, which of the following is the BEST analysis?

• A.This alert is a false positive because DNS is a normal network function.
• B.This alert was generated by the SIEM because the user attempted too many invalid login attempts.
• C.This alert indicates an endpoint may be infected and is potentially contacting a suspect host.
• D.This alert indicates a user was attempting to bypass security measures using dynamic DNS.

Comment: *

Name: *

Email: *

Verification: *