38 After merging with a newly acquired company, Gavin comes to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm using a network traffic access point (TAP) mirroring all the new network traffic and found it spreading on TCP port 445. What does Gavin advise the administrator to do to immediately to minimize the attack?Run Wireshark to watch for traffic on TCP port 445.Update antivirus software and scan the entire enterprise.Check the SIEM for alerts for any asset with TCP port 445 open.Deploy an ACL to all HIPS: DENY-TCP-ANY-ANY-445.
39 Jonathan is a senior architect who has submitted budget requests to the CISO to upgrade their security landscape. One item to purchase in the new year is a security information and event management (SIEM) system. What is the primary function of a SIEM tool?Blocking malicious users and trafficMonitoring the networkAutomating DNS serversMonitoring servers
40 Janet has critical files and intellectual property on several filesystems and needs to be alerted if these files are altered by either trusted insiders abusing their privilege or malware. What should she implement?FIMPCIDNSTCP
41 You are configuring SNMP on a Windows server. You have found that you are currently running SNMPv2c. Why would you want to upgrade to SNMPv3?Cryptographic security systemParty-based security systemEasier to set upSupports UDP
42 Victor is employed in a high-risk geographically diverse environment heavily using Cisco IOS. Which of these are not key service advantages of NetFlow?Peer-to-peer tunneling encryptionNetwork traffic accounting and usage-based billingNetwork planning and securityDoS monitoring capabilities
43 One of your managers asked you to research data loss prevention techniques to protect data so that cyber attackers cannot monetize the stolen data. What DLP do you recommend?Encryption and tokenizationHIPAA and PCII&AM managementNIST frameworks
44 Eddie is looking for an antivirus detection tool that uses a rule or weight-based system to determine how much danger a program function could be. What type of antivirus does he need?BehavioralSignature basedHeuristicAutomated
45 Simon's organization has endpoints that are considered low-priority systems. Even though they are considered low priority, they still must be protected from malicious code capable of destroying data and corrupting systems. Malicious code is capable of infecting files but generally needs help moving from one system to another. What type of security product protects systems from this type of malicious code only?AntimalwareAntispywareAntivirusAnti-adware
46 An employee downloads a video of someone stealing a package off their porch from their smart doorbell. How do you mitigate the risk of storing that type of data on your business network?Implementing a security policy and awarenessPerforming auditsMonitoring networks for certain file typesUsing third-party threat intelligence reports
47 You conduct a security assessment and find legacy systems with vital business processes using standard Telnet protocols. What should you do to mitigate the risk?Migrate from IPv4 to IPv6.Install PuTTY.Move the system to a secure VLAN.Unplug the system until a replacement can be ordered.
48 Your hospital just merged with another hospital in another state that falls under a different legal jurisdiction. You are tasked with improving network security. Your CISO suggests data isolation by blocking communication between the two hospitals. How do you accomplish this?Implementing HIDSBuilding gateway firewallsConfiguring ERPCreating network microsegmentation
49 Your company grew to a point where a screened host firewall solution is no longer viable. IT wants to move to a screened subnet solution. Which of the following is considered a type of screened subnet?LANDMZEgressWAN
50 Your CISO asked you to implement a solution on the jump servers in your DMZ that can detect and stop malicious activity. Which solution accomplishes this task?HIDSNIDSHIPSNIPS
51 Matthew's company just learned that an attacker obtained highly classified information by querying the external DNS server. He is told to never let this happen again. Which of the following is the best option?Implement a split DNS. Create an internal and external zone to resolve all domain queries.Implement a split DNS. Create an internal zone for an internal DNS for resolution and an external zone to be used by the Internet.Create DNS parking for round-robin DNSBL.Create DNS parking for cloud users.
52 Peyton is an IT administrator needing visibility into his staging network. He believes he has all the tools and controls in place, but he has no way to look for attackers who are currently exploiting the network. What tool can Peyton choose to help with seeing the dark spots in his environment?FuzzerHTTP interceptorPort scannerSIEM
53 You want to replace an access point's removable antenna with a better one based on the results gathered by a wireless site survey. You want to be able to focus more energy in one direction and less in another to better distinguish between networks. What type of antenna should you purchase?DirectionalOmnidirectionalParabolic dishRadio
54 Which of the following is a protocol that provides a graphical interface to a Windows system over a network?RDPVNCVDIDLP
55 An attacker scanned your network and discovered a host system running a vulnerable version of VNC. Which of the following can an attacker perform if they can access VNC on the host?Remotely access the BIOS of the host system.Remotely view and control the desktop of the host system.Remotely view critical failures, causing a stop error or the blue screen of death on the host system.All of the above.
56 Levi's corporate public cloud network is configured such that all network devices reach each other without going through a routing device. The CISO wants the network reconfigured so that the network is segmented based on geography. In addition, the servers must be on their own subnetwork. What is a benefit of subdividing the network in this way?No benefit at all.By subdividing the network, the port numbers can be better distributed among assets.By subdividing the network, rules can be placed to control the flow of traffic from one subnetwork to another.Ease of deployment.
57 Your security team implemented NAC lists for authentication as well as corporate policy enforcement. Originally, the team installed software on the devices to perform these tasks. However, the security team decided this method is no longer desirable. They want to implement a solution that performs the same function but doesn't require software be installed on the devices. In the context of NAC, what is this configuration called?AgentAgentlessVolatilePersistent
58 Jason's organization recently deployed some standard Linux systems in its network. The system admin for these Linux systems wants to secure these systems by using SELinux, which is required by their security policy. Which of the following is a benefit of using SELinux?Moves from a discretionary access control system to a system where the file creator controls the permissions of the fileMoves from a discretionary access control system to a mandatory access control systemMoves from a mandatory access control system to a system where the file creator controls the permissions of the fileMoves from a mandatory access control system to a discretionary access control system
59 Bobby is a security risk manager with a global organization. The organization recently evaluated the risk of flash floods on its operations in several regions and determined that the cost of responding is expensive. The organization chooses to take no action currently. What was the risk management strategy deployed?Risk mitigationRisk acceptanceRisk avoidanceRisk transference
60 Randolf is a newly hired CISO, and he is evaluating controls for the confidentiality portion of the CIA triad. Which set of controls should he choose to concentrate