NEW QUESTION 1
A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:
Antivirus is installed on the remote host:
Installation path: C:\Program Files\AVProduct\Win32\ Product Engine: 14.12.101
Engine Version: 3.5.71
Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.
The engine version is out of date. The oldest supported version from the vendor is 4.2.11. The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

• A. This is a false positive, and the scanning plugin needs to be updated by the vendor.
• B. This is a true negative, and the new computers have the correct version of the software.
• C. This is a true positive, and the new computers were imaged with an old version of the software.
• D. This is a false negative, and the new computers need to be updated by the desktop team.

Answer: C

NEW QUESTION 2
An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply.
Which of the following would BEST identify potential indicators of compromise?

• A. Use Burp Suite to capture packets to the SCADA device's IP.
• B. Use tcpdump to capture packets from the SCADA device IP.
• C. Use Wireshark to capture packets between SCADA devices and the management system.
• D. Use Nmap to capture packets from the management system to the SCADA devices.

Answer: C

NEW QUESTION 3
A web developer wants to create a new web part within the company website that aggregates sales from individual team sites. A cybersecurity analyst wants to ensure security measurements are implemented during this process. Which of the following remediation actions should the analyst take to implement a vulnerability management process?

• A. Personnel training
• B. Vulnerability scan
• C. Change management
• D. Sandboxing

Answer: C

NEW QUESTION 4
A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.
Which of the following solutions would meet this requirement?

• A. Establish a hosted SSO.
• B. Implement a CASB.
• C. Virtualize the server.
• D. Air gap the server.

Answer: D

NEW QUESTION 5
An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

Which of the following should be the focus of the investigation?

• A. webserver.org-dmz.org
• B. sftp.org-dmz.org
• C. 83hht23.org-int.org
• D. ftps.bluemed.net

Answer: A

NEW QUESTION 6
A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the
network is compromised Which of the following would provide the BEST results?

• A. Baseline configuration assessment
• B. Uncredentialed scan
• C. Network ping sweep
• D. External penetration test

Answer: D

NEW QUESTION 7
The inability to do remote updates of certificates. keys software and firmware is a security issue commonly associated with:

• A. web servers on private networks.
• B. HVAC control systems
• C. smartphones
• D. firewalls and UTM devices

Answer: B

NEW QUESTION 8
An analyst has been asked to provide feedback regarding the control required by a revised regulatory framework At this time, the analyst only needs to focus on the technical controls. Which of the following should the analyst provide an assessment of?

• A. Tokenization of sensitive data
• B. Establishment o' data classifications
• C. Reporting on data retention and purging activities
• D. Formal identification of data ownership
• E. Execution of NDAs

Answer: A

NEW QUESTION 9
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 10
Which of the following is the BEST way to share incident-related artifacts to provide non-repudiation?

• A. Secure email
• B. Encrypted USB drives
• C. Cloud containers
• D. Network folders

Answer: B

NEW QUESTION 11
Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

• A. Agile
• B. Waterfall
• C. SDLC
• D. Dynamic code analysis

Answer: A

NEW QUESTION 12
A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named Webserverlist. Xml. The host list is provided in a file named werbserverlist,text. Which of the fallowing Nmap commands would BEST accomplish this goal?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: A

NEW QUESTION 13
An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

• A. Root-cause analysis
• B. Active response
• C. Advanced antivirus
• D. Information-sharing community
• E. Threat hunting

Answer: E

NEW QUESTION 14
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability.
Which of the following would be the MOST appropriate to remediate the controller?

• A. Segment the network to constrain access to administrative interfaces.
• B. Replace the equipment that has third-party support.
• C. Remove the legacy hardware from the network.
• D. Install an IDS on the network between the switch and the legacy equipment.

Answer: A

NEW QUESTION 15
A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings. Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

• A. Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.
• B. Incorporate prioritization levels into the remediation process and address critical findings first.
• C. Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.
• D. Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.

Answer: B

NEW QUESTION 16
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?

• A. Decompile each binary to derive the source code.
• B. Perform a factory reset on the affected mobile device.
• C. Compute SHA-256 hashes for each binary.
• D. Encrypt the binaries using an authenticated AES-256 mode of operation.
• E. Inspect the permissions manifests within each application.

Answer: C

NEW QUESTION 17
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentially protection. Which of the following is the BEST technical security control to mitigate this risk?

• A. Switch to RADIUS technology
• B. Switch to TACACS+ technology.
• C. Switch to 802 IX technology
• D. Switch to the WPA2 protocol.

Answer: B

NEW QUESTION 18
A security analyst recently discovered two unauthorized hosts on the campus's wireless network segment from a man-m-the-middle attack .The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?

• A. Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,
• B. Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.
• C. Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
• D. Conduct a wireless survey to determine if the wireless strength needs to be reduced.

Answer: A

NEW QUESTION 19
The help desk provided a security analyst with a screenshot of a user's desktop:

For which of the following is aircrack-ng being used?

• A. Wireless access point discovery
• B. Rainbow attack
• C. Brute-force attack
• D. PCAP data collection

Answer: B

NEW QUESTION 20
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two
compromised devices.
Which of the following should be used to identify the traffic?

• A. Carving
• B. Disk imaging
• C. Packet analysis
• D. Memory dump
• E. Hashing

Answer: C

NEW QUESTION 21
......