Question 51
An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization. Which of the following can the security analyst use to justify the request?
A. GDPR
B. Data correlation procedure
C. Evidence retention
D. Data retention
Question 52
As part of an intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several domains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for intelligence gathering?
A. Update the whitelist.
B. Develop a malware signature.
C. Sinkhole the domains.
D. Update the blacklist.
Question 53
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentiality protection. Which of the following is the BEST technical security control to mitigate this risk?
A. Switch to RADIUS technology.
B. Switch to TACACS+ technology.
C. Switch to MAC filtering.
D. Switch to the WPA2 protocol.
Question 54
Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?
A. H-ISAC
B. Dental forums
C. Open threat exchange
D. Dark web chatter
Question 55
Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?
A. Red-team analysis
B. Escalation process and procedures
C. Triage and analysis
D. Communications plan
Question 56
Which of the following threat classifications would MOST likely use polymorphic code?
A. Known threat
B. Zero-day threat
C. Unknown threat
D. Advanced persistent threat
Question 57
A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to go offline. Which of the following solutions would work BEST prevent to this from happening again?
A. Change management
B. Application whitelisting
C. Asset management
D. Privilege management
Question 58
An analyst must review a new cloud-based SIEM solution. Which of the following should the analyst do FIRST prior to discussing the company's needs?
A. Check industry news feeds for product reviews.
B. Ensure a current non-disclosure agreement is on file.
C. Perform a vulnerability scan against a test instance.
D. Download the product security white paper.
Question 59
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment. Which of the following is the BEST solution?
A. Virtualize the system and decommission the physical machine.
B. Remove it from the network and require air gapping.
C. Implement privileged access management for identity access.
D. Implement MFA on the specific system.
Question 60
A SIEM analyst receives an alert containing the following URL: http:/companywebsite.com/displayPicture?filenamE=../../../../etc/passwd
Which of the following BEST describes the attack?
A. Password spraying
B. Buffer overflow
C. Insecure object access
D. Directory traversal
