A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

• A.Database server was attacked, actions should be to capture network traffic and Chain of Custody.
  
  
  IDS Server Log:
  
  Web Server Log:
  
  
  Database Server Log:
  
  Users PC Log:
  
• B.Database server was attacked, actions should be to capture network traffic and Chain of Custody.
  
  
  IDS Server Log:
  Web Server Log:
  
  Database Server Log:
  
  Users PC Log:
  

Comment: *

Name: *

Email: *

Verification: *

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?

• A.Use certificates signed by the company CA
• B.Use a signing certificate as a wild card certificate
• C.Use certificates signed by a public ca
• D.Use a self-signed certificate on each internal server

Comment: *

Name: *

Email: *

Verification: *

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC addresses to be visible across the tunnel?

• A.SSL VPN
• B.Tunnel mode IPSec
• C.Transport mode VPN IPSec
• D.L2TP

Comment: *

Name: *

Email: *

Verification: *

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?

• A.True negative
• B.False positive
• C.False negative
• D.True positive

Comment: *

Name: *

Email: *

Verification: *

A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *