An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization. Which of the following can the security analyst use to justify the request?
Question 52
As part of an intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several domains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for intelligence gathering?
Question 53
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentiality protection. Which of the following is the BEST technical security control to mitigate this risk?
Question 54
Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?
Question 55
Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?
Question 56
Which of the following threat classifications would MOST likely use polymorphic code?
Question 57
A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to go offline. Which of the following solutions would work BEST prevent to this from happening again?
Question 58
An analyst must review a new cloud-based SIEM solution. Which of the following should the analyst do FIRST prior to discussing the company's needs?
Question 59
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment. Which of the following is the BEST solution?
Question 60
A SIEM analyst receives an alert containing the following URL: http:/companywebsite.com/displayPicture?filenamE=../../../../etc/passwd Which of the following BEST describes the attack?
