An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

• A.Cookie stealing
• B.Zero-day attack
• C.Known malware attack
• D.Session hijack

Comment: *

Name: *

Email: *

Verification: *

A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain.
Which of the following countermeasures should be used to BEST protect the network in response to this alert? (Choose two.)

• A.Isolate the infected endpoint to prevent the potential spread of malicious activity.
• B.Implement an internal honeypot to catch the malicious traffic and trace it.
• C.Set up a sinkhole for that dynamic DNS domain to prevent communication.
• D.Perform a risk assessment and implement compensating controls.
• E.Ensure the IDS is active on the network segment where the endpoint resides.

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

• A.Develop a minimum security baseline while restricting the type of data that can be accessed.
• B.Implement a single computer configured with USB access and monitored by sensors.
• C.Deploy a kiosk for synchronizing while using an access list of approved users.
• D.Implement a wireless network configured for mobile device access and monitored by sensors.

Comment: *

Name: *

Email: *

Verification: *

A security analyst received a compromised workstation. The workstation's hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

• A.Make a copy of the hard drive.
• B.Use write blockers.
• C.Runrm -Rcommand to create a hash.
• D.Install it on a different machine and explore the content.

Comment: *

Name: *

Email: *

Verification: *

Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations alter returning to work awl logging in. The building security team informs the IT security team that the cleaning stall was caught using the systems after the accounting department users left for the day Which of the following steps should the IT security team take to help prevent this from happening again?
(Select TWO)

• A.Set up a camera to monitor the workstations for unauthorized use
• B.Install a web monitors application to track Internet usage after hours
• C.Configure mandatory access controls to allow only accounting department users lo access the workstations
• D.Configure a policy for workstation account timeout at three minutes
• E.Configure NAC lo set time-based restrictions on the accounting group to normal business hours

Comment: *

Name: *

Email: *

Verification: *