Winter Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av54zq84

Exact2Pass Menu

Question # 4

A security engineer has received feedback from other security professionals about the effectiveness of hiding a wireless SSID as a security measure Opinions vary as to whether this practice is effective or hinders WiFi performance. The security engineer decides to get information from a definitive source. Which of the following should the security engineer do to BEST make an informed decision?

A.

Read the RFCs that pertain to the subject

B.

Read white papers posted on industry vendor websites

C.

Subscribe to threat feeds filtered for VV1F1

D.

Attend industry trade shows and discuss the matter with subject matter experts

E.

Read the configuration guides associated with the hardware in use

Full Access
Question # 5

A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

A.

Application fingerprinter

B.

Fuzzer

C.

HTTP interceptor

D.

Vulnerability scanner

Full Access
Question # 6

A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)

A.

Network engineer

B.

Service desk personnel

C.

Human resources administrator

D.

Incident response coordinator

E.

Facilities manager

F.

Compliance manager

Full Access
Question # 7

A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

A) Implement firewall ACLs as follows

B) Implement NAT as follows:

C) Implement DHCP options as follows:

D) Implement policy routing as follows:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 8

An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization’s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:

A.

a hybrid cloud.

B.

an on-premises private cloud.

C.

a hosted hybrid cloud.

D.

a private cloud.

Full Access
Question # 9

An organization designs and develops safety-critical embedded firmware (inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to exercise secure software development practices for the firmware Of paramount importance is the ability to defeat attacks aimed at replacing or corrupting running firmware once the vehicle leaves production and is in the field Integrating, which of the following host and OS controls would BEST protect against this threat?

A.

Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space.

B.

Implement out-of-band monitoring to analyze the state of running memory and persistent storage and, in a failure mode, signal a check-engine light condition for the operator.

C.

Perform reverse engineering of the hardware to assess for any implanted logic or other supply chain integrity violations

D.

Ensure the firmware includes anti-malware services that will monitor and respond to any introduction of malicious logic.

E.

Require software engineers to adhere to a coding standard, leverage static and dynamic analysis within the development environment, and perform exhaustive state space analysis before deployment

Full Access
Question # 10

A security analyst for a bank received an anonymous tip on the external banking website showing the following:

Protocols supported

TLS 1.0

SSL 3

SSL 2

Cipher suites supported

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1

TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit

TLS_RSA_WITH_RC4_128_SHA

TLS_FALLBACK_SCSV non supported

POODLE

Weak PFS

OCSP stapling supported

Which of the following should the analyst use to reproduce these findings comprehensively?

A.

Query the OCSP responder and review revocation information for the user certificates.

B.

Review CA-supported ciphers and inspect the connection through an HTTP proxy.

C.

Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.

D.

Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

Full Access
Question # 11

A security engineer wants to introduce key stretching techniques to the account database to make password guessing attacks more difficult Which of the following should be considered to achieve this? (Select TWO)

A.

Digital signature

B.

bcrypt

C.

Perfect forward secrecy

D.

SHA-256

E.

P-384

F.

PBKDF2

G.

Record-level encryption

Full Access
Question # 12

A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.

Which of the following would BEST address this concern?

A.

Configure file integrity monitoring of the guest OS.

B.

Enable the vTPM on a Type 2 hypervisor.

C.

Only deploy servers that are based on a hardened image.

D.

Protect the memory allocation of a Type 1 hypervisor.

Full Access
Question # 13

Ann, a retiring employee, cleaned out her desk. The next day, Ann’s manager notices company equipment that was supposed to remain at her desk is now missing.

Which of the following would reduce the risk of this occurring in the future?

A.

Regular auditing of the clean desk policy

B.

Employee awareness and training policies

C.

Proper employee separation procedures

D.

Implementation of an acceptable use policy

Full Access
Question # 14

Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:

From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:

Connectivity to the server from outside the firewall worked as expected prior to executing these commands.

Which of the following can be said about the new firewall?

A.

It is correctly dropping all packets destined for the server.

B.

It is not blocking or filtering any traffic to the server.

C.

Iptables needs to be restarted.

D.

The IDS functionality of the firewall is currently disabled.

Full Access
Question # 15

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

A.

Conducting tabletop exercises to evaluate system risk

B.

Contracting a third-party auditor after the project is finished

C.

Performing pre- and post-implementation penetration tests

D.

Running frequent vulnerability scans during the project

Full Access
Question # 16

Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:

A.

mandatory vacations.

B.

job rotations

C.

role-based access control

D.

discretionary access

E.

separation of duties

Full Access
Question # 17

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled legacy desktop connected to the network. The manufacturer of the fMRI will not support patching of the legacy system. The legacy desktop needs to be network accessible on TCP port 445 A security administrator is concerned the legacy system will be vulnerable to exploits Which of the following would be the BEST strategy to reduce the risk of an outage while still providing for security?

A.

Install HIDS and disable unused services.

B.

Enable application whitelisting and disable SMB.

C.

Segment the network and configure a controlled interface

D.

Apply only critical security patches for known vulnerabilities.

Full Access
Question # 18

A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS The technician cannot determine why performance degraded so dramatically A newer version of the SSL server does not suffer the same performance degradation. Performance rather than security is the main priority for the technician

The system specifications and configuration of each system are listed below:

Which of the following is MOST likely the cause of the degradation in performance and should be changed?

A.

Using ECC

B.

Using RSA

C.

Disk size

D.

Memory size

E.

Decryption chips

F.

Connection requests

Full Access
Question # 19

A laptop is recovered a few days after it was stolen.

Which of the following should be verified during incident response activities to determine the possible impact of the incident?

A.

Full disk encryption status

B.

TPM PCR values

C.

File system integrity

D.

Presence of UEFI vulnerabilities

Full Access
Question # 20

An organization is moving internal core data-processing functions related to customer data to a global public cloud provider that uses aggregated services from other partner organizations. Which of the following compliance issues will MOST likely be introduced as a result of the migration?

A.

Internal data integrity standards and outsourcing contracts and partnerships

B.

Data ownership, internal data classification, and risk profiling of outsourcers

C.

Company audit functions, cross-boarding jurisdictional challenges, and export controls

D.

Data privacy regulations, data sovereignty, and third-party providers

Full Access
Question # 21

A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login.

Which of the following is MOST likely the issue?

A.

The employees are using an old link that does not use the new SAML authentication.

B.

The XACML for the problematic application is not in the proper format or may be using an older schema.

C.

The web services methods and properties are missing the required WSDL to complete the request after displaying the login page.

D.

A threat actor is implementing an MITM attack to harvest credentials.

Full Access
Question # 22

A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?

A.

Mobile tokenization

B.

Export controls

C.

Device containerization

D.

Privacy policies

Full Access
Question # 23

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

Below is a snippet from the firewall related to that server (access is provided in a top-down model):

Which of the following lines should be configured to allow the proper access? (Choose two.)

A.

Move line 3 below line 4 and change port 80 to 443 on line 4.

B.

Move line 3 below line 4 and add port 443 to line.

C.

Move line 4 below line 5 and add port 80 to 8080 on line 2.

D.

Add port 22 to line 2.

E.

Add port 22 to line 5.

F.

Add port 443 to line 2.

G.

Add port 443 to line 5.

Full Access
Question # 24

A company contracts a security consultant to perform a remote white-box penetration test. The company wants the consultant to focus on Internet-facing services without negatively impacting production services Which of the following is the consultant MOST likely to use to identify the company's attack surface? (Select TWO)

A.

Web crawler

B.

WHOIS registry

C.

DNS records

D.

Company's firewall ACL

E.

Internal routing tables

F.

Directory service queries

Full Access
Question # 25

A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?

A.

Trains on normal behavior and identifies deviations therefrom

B.

Identifies and triggers upon known bad signatures and behaviors

C.

Classifies traffic based on logical protocols and messaging formats

D.

Automatically reconfigures ICS devices based on observed behavior

Full Access
Question # 26

A security administrator is reviewing the following output from an offline password audit:

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)

A.

Cryptoprocessor

B.

Bcrypt

C.

SHA-256

D.

PBKDF2

E.

Message authentication

Full Access
Question # 27

An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

Which of the following would BEST mitigate this risk?

A.

Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.

B.

Require sensors to sign all transmitted unlock control messages digitally.

C.

Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.

D.

Implement an out-of-band monitoring solution to detect message injections and attempts.

Full Access
Question # 28

A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.

Which of the following BEST addresses these concerns?

A.

The company should plan future maintenance windows such legacy application can be updated as needed.

B.

The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.

C.

The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.

D.

The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.

Full Access
Question # 29

A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network:

• Scan of specific subsets for vulnerabilities

• Categorizing and logging of website traffic

• Enabling specific ACLs based on application traffic

• Sending suspicious files to a third-party site for validation

A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware

Which of the following services MOST likely identified the behavior and sent the report?

A.

Content filter

B.

User behavioral analytics

C.

Application sandbox

D.

Web application firewall

E.

Endpoint protection

F.

Cloud security broker

Full Access
Question # 30

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:

Untrusted zone: 0.0.0.0/0

User zone: USR 10.1.1.0/24

User zone: USR2 10.1.2.0/24

DB zone: 10.1.4.0/24

Web application zone: 10.1.5.0/24

Management zone: 10.1.10.0/24

Web server: 10.1.5.50

MS-SQL server: 10.1.4.70

MGMT platform: 10.1.10.250

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.

Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

Task 4) Ensure the final rule is an explicit deny.

Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Full Access
Question # 31

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization’s incident response capabilities. Which of the following activities has the incident team lead executed?

A.

Lessons learned review

B.

Root cause analysis

C.

Incident audit

D.

Corrective action exercise

Full Access
Question # 32

The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:

  • End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.
  • Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications
  • A host-based whitelist of approved websites and applications that only allow mission-related tools and sites
  • The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

A.

Malicious actors intercepting inbound and outbound communication to determine the scope of the mission

B.

Family members posting geotagged images on social media that were received via email from soldiers

C.

The effect of communication latency that may negatively impact real-time communication with mission control

D.

The use of centrally managed military network and computers by soldiers when communicating with external parties

Full Access
Question # 33

Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?

A.

Perform a black box assessment

B.

Hire an external red team audit

C.

Conduct a tabletop exercise.

D.

Recreate the previous breach.

E.

Conduct an external vulnerability assessment.

Full Access
Question # 34

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company’s client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses.

Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

A.

Install a HIPS on the web servers

B.

Disable inbound traffic from offending sources

C.

Disable SNMP on the web servers

D.

Install anti-DDoS protection in the DMZ

Full Access
Question # 35

A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.

Based on the information available to the researcher, which of the following is the MOST likely threat profile?

A.

Nation-state-sponsored attackers conducting espionage for strategic gain.

B.

Insiders seeking to gain access to funds for illicit purposes.

C.

Opportunists seeking notoriety and fame for personal gain.

D.

Hacktivists seeking to make a political statement because of socio-economic factors.

Full Access
Question # 36

A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

  • Detect administrative actions
  • Block unwanted MD5 hashes
  • Provide alerts
  • Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

A.

AV

B.

EDR

C.

HIDS

D.

DLP

E.

HIPS

F.

EFS

Full Access
Question # 37

A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command:

dd if=/dev/ram of=/tmp/mem/dmp

The analyst then reviews the associated output:

^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45

However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

A.

The NX bit is enabled

B.

The system uses ASLR

C.

The shell is obfuscated

D.

The code uses dynamic libraries

Full Access
Question # 38

A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations.

Which of the following is required in this scenario?

A.

ISA

B.

BIA

C.

SLA

D.

RA

Full Access
Question # 39

In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.

Which of the following strategies should the engineer recommended be approved FIRST?

A.

Avoid

B.

Mitigate

C.

Transfer

D.

Accept

Full Access
Question # 40

A systems security engineer is assisting an organization’s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?

A.

These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines

B.

The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies

C.

The associated firmware is more likely to remain out of date and potentially vulnerable

D.

The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

Full Access
Question # 41

An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?

A.

SQL injection

B.

CSRF

C.

Brute force

D.

XSS

E.

TOC/TOU

Full Access
Question # 42

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?

A.

Distribute a NAC client and use the client to push the company’s private key to all the new devices.

B.

Distribute the device connection policy and a unique public/private key pair to each new employee’s device.

C.

Install a self-signed SSL certificate on the company’s RADIUS server and distribute the certificate’s public key to all new client devices.

D.

Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

Full Access
Question # 43

After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

A.

Product A

B.

Product B

C.

Product C

D.

Product D

E.

Product E

Full Access
Question # 44

The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

A.

Ensure the cloud provider supports a secure virtual desktop infrastructure

B.

Ensure the colocation facility implements a robust DRP to help with business continuity planning.

C.

Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities.

D.

Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages

Full Access
Question # 45

As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

A.

the collection of data as part of the continuous monitoring program.

B.

adherence to policies associated with incident response.

C.

the organization’s software development life cycle.

D.

changes in operating systems or industry trends.

Full Access
Question # 46

An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

A.

Place it in a malware sandbox.

B.

Perform a code review of the attachment.

C.

Conduct a memory dump of the CFO’s PC.

D.

Run a vulnerability scan on the email server.

Full Access
Question # 47

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)

A.

Use an internal firewall to block UDP port 3544.

B.

Disable network discovery protocol on all company routers.

C.

Block IP protocol 41 using Layer 3 switches.

D.

Disable the DHCPv6 service from all routers.

E.

Drop traffic for ::/0 at the edge firewall.

F.

Implement a 6in4 proxy server.

Full Access
Question # 48

The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator’s advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator’s activity?

A.

Separation of duties

B.

Job rotation

C.

Continuous monitoring

D.

Mandatory vacation

Full Access
Question # 49

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests:

GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ%091DF

Which of the following tools did the penetration tester use?

A.

Protocol analyzer

B.

Port scanner

C.

Fuzzer

D.

Brute forcer

E.

Log analyzer

F.

HTTP interceptor

Full Access
Question # 50

A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.

Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

A.

Install and configure an IPS.

B.

Enforce routine GPO reviews.

C.

Form and deploy a hunt team.

D.

Institute heuristic anomaly detection.

E.

Use a protocol analyzer with appropriate connectors.

Full Access
Question # 51

Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

The tables below provide information on a subset of remote sites and the firewall options:

Which of the following would be the BEST option to recommend to the CIO?

A.

Vendor C for small remote sites, and Vendor B for large sites.

B.

Vendor B for all remote sites

C.

Vendor C for all remote sites

D.

Vendor A for all remote sites

E.

Vendor D for all remote sites

Full Access
Question # 52

Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?

A.

The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems

B.

Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises

C.

Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully

D.

Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review

Full Access
Question # 53

An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:

1. Indemnity clauses have identified the maximum liability

2. The data will be hosted and managed outside of the company’s geographical location

The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?

A.

Develop a security exemption, as it does not meet the security policies

B.

Mitigate the risk by asking the vendor to accept the in-country privacy principles

C.

Require the solution owner to accept the identified risks and consequences

D.

Review the entire procurement process to determine the lessons learned

Full Access
Question # 54

A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address?

A.

Sovereignty

B.

E-waste

C.

Remanence

D.

Deduplication

Full Access
Question # 55

A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following

• The URLs are accessible only from internal IP addresses

• Certain countries are restricted

• TLS is implemented.

• System users transparently access internal application services in a round robin to maximize performance

Which of the following should the security engineer deploy7

A.

DNS to direct traffic and a WAF with only the specific external URLs configured

B.

A load balancer with GeolP restrictions and least-load-sensing traffic distribution

C.

An application-aware firewall with geofencing and certificate services using DNS for traffic direction

D.

A load balancer with IP ACL restrictions and a commercially available PKI certificate

Full Access
Question # 56

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:

  • Stop malicious software that does not match a signature
  • Report on instances of suspicious behavior
  • Protect from previously unknown threats
  • Augment existing security capabilities

Which of the following tools would BEST meet these requirements?

A.

Host-based firewall

B.

EDR

C.

HIPS

D.

Patch management

Full Access
Question # 57

A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators' smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are:

• It cannot be invasive to the end user

• It must be utilized as a second factor.

• Information sharing must be avoided

• It must have a low false acceptance rate

Which of the following BEST meets the criteria?

A.

Facial recognition

B.

Swipe pattern

C.

Fingerprint scanning

D.

Complex passcode

E.

Token card

Full Access
Question # 58

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on

the network. The security engineer is concerned the investigation may need to continue after the employee

returns to work. Given this concern, which of the following should the security engineer recommend to maintain

the integrity of the investigation?

A.

Create archival copies of all documents and communications related to the employee

B.

Create a forensic image of network infrastructure devices

C.

Create an image file of the employee’s network drives and store it with hashes

D.

Install a keylogger to capture the employee’s communications and contacts

Full Access
Question # 59

A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source fe80::21ae;4571:42ab:1fdd and for the destination ff02::1. Which of the following should the security administrator integrate into the network to help prevent this from occurring?

A.

Raise the dead peer detection interval to prevent the additional network chatter

B.

Deploy honeypots on the network segment to identify the sending machine.

C.

Ensure routers will use route advertisement guards.

D.

Deploy ARP spoofing prevention on routers and switches.

Full Access
Question # 60

A legal services company wants to ensure emails to clients maintain integrity in transit Which of the following would BEST meet this requirement? (Select TWO)

A.

Signing emails to clients with the organization's public key

B.

Using the organization's private key to encrypt all communication

C.

Implementing a public key infrastructure

D.

Signing emails to clients with the organization's private key

E.

Using shared secret keys

F.

Hashing all outgoing emails

Full Access
Question # 61

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Full Access
Question # 62

A government entity is developing requirements for an RFP to acquire a biometric authentication system When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?

A.

Local and national laws and regulations

B.

Secure software development requirements

C.

Environmental constraint requirements

D.

Testability of requirements

Full Access
Question # 63

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

A.

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

B.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

C.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

D.

The DHCP server is unavailable, so no IP address is being sent back to the PC.

Full Access
Question # 64

The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of:

A.

data confidentiality.

B.

data security.

C.

PCI compliance

D.

business availability.

Full Access
Question # 65

A government contracting company issues smartphones to employees to enable access to corporate

resources. Several employees will need to travel to a foreign country for business purposes and will require access to their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country’s government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

A.

Disable firmware OTA updates.

B.

Disable location services.

C.

Disable push notification services.

D.

Disable wipe

Full Access
Question # 66

A security analyst has received the following requirements for the implementation of enterprise credential management software.

• The software must have traceability back to an individual

• Credentials must remain unknown to the vendor at all times

• There must be forced credential changes upon ID checkout

• Complexity requirements must be enforced.

• The software must be quickly and easily scalable with max mum availability

Which of the following vendor configurations would BEST meet these requirements?

A.

Credentials encrypted in transit and then stored, hashed and salted in a vendor's cloud, where the vendor handles key management

B.

Credentials stored, hashed, and salted on each local machine

C.

Credentials encrypted in transit and stored in a vendor's cloud, where the enterprise retains the keys

D.

Credentials encrypted in transit and stored on an internal network server with backups that are taken on a weekly basis

Full Access
Question # 67

An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?

A.

NIDS

B.

HIPS

C.

CASB

D.

SFTP

Full Access
Question # 68

A company’s IT department currently performs traditional patching, and the servers have a significant longevity that may span over five years. A security architect is moving the company toward an immune server architecture in which servers are replaced rather than patched. Instead of having static servers for development, test, and production, the severs will move from environment to environment dynamically. Which of the following are required to move to this type of architecture? (Select Two.)

A.

Network segmentation

B.

Forward proxy

C.

Netflow

D.

Load balancers

E.

Automated deployments

Full Access
Question # 69

A product owner is reviewing the output of a web-application penetration test and has identified an application

that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be

BEST to use to remediate the vulnerability?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 70

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found Which of the following is the MOST likely cause of the unauthorized photos?

A.

The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website

B.

One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers

C.

The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos

D.

Pre-release marketing materials for a single device were accidentally left in a public location

Full Access
Question # 71

Within change management, winch of the following ensures functions are earned out by multiple employees?

A.

Least privilege

B.

Mandatory vacation

C.

Separator of duties

D.

Job rotation

Full Access
Question # 72

A company's Internet connection is commonly saturated during business hours, affecting Internet availability. The company requires all Internet traffic to be business related After analyzing the traffic over a period of a few hours, the security administrator observes the following:

The majority of the IP addresses associated with the TCP/SSL traffic resolve to CDNs Which of the following should the administrator recommend for the CDN traffic to meet the corporate security requirements?

A.

Block outbound SSL traffic to prevent data exfiltration.

B.

Confirm the use of the CDN by monitoring NetFlow data

C.

Further investigate the traffic using a sanctioned MITM proxy.

D.

Implement an IPS to drop packets associated with the CDN.

Full Access
Question # 73

A new corporate policy requires that all employees have access to corporate resources on personal mobile devices The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach. Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?

A.

Place corporate applications in a container

B.

Enable geolocation on all devices

C.

install remote wiping capabilities

D.

Ensure all company communications use a VPN

Full Access
Question # 74

A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following:

• USB ports

• FTP connections

• Access to cloud-based storage sites

• Outgoing email attachments

• Saving data on the local C: drive

Despite these restrictions, highly confidential data was from a secure fileshare in the research department. Which of the following should the security team implement FIRST?

A.

Application whitelisting for all company-owned devices

B.

A secure VDI environment for research department employees

C.

NIDS/NIPS on the network segment used by the research department

D.

Bluetooth restriction on all laptops

Full Access
Question # 75

While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system. Which of the following is the MOST likely of the security breach?

A.

The security manager did not enforce automate VPN connection.

B.

The company’s server did not have endpoint security enabled.

C.

The hotel and did require a wireless password to authenticate.

D.

The laptop did not have the host-based firewall properly configured.

Full Access
Question # 76

You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

The company's hardening guidelines indicate the following:

• There should be one primary server or service per device.

• Only default ports should be used.

• Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:

• The IP address of the device

• The primary server or service of the device

• The protocol(s) that should be disabled based on the hardening guidelines

Full Access
Question # 77

A company has a DLP system with the following capabilities:

• Text examination

• Optical character recognition

• File type validation

• Multilingual translation of key words and phrases

• Blocking of content encrypted with a known cipher

• Examination of all egress points

Despite the existing protections a malicious insider was able to exfilltrated confidential information DLP logs show the malicious insider transferred a number of JPEG files to an external host but each of those files appears as negative for the presence of confidential information. Which of the following are the MOST likely explanations for this issue? (Select TWO)

A.

Translating the confidential information horn English into Farsi and then into French to avoid detection

B.

Scrambling the confidential information using a proprietary obfuscation scheme before sending the files via email

C.

Changing the extension of Word files containing confidential information to jpg and uploading them to a file sharing site

D.

Printing the documents to TIFF images and attaching the files to outbound email messages

E.

Leveraging stenography to hide the information within the JPEG files

F.

Placing the documents containing sensitive information into an AES-256 encrypted compressed archive file and using FTP to send them to an outside host

Full Access
Question # 78

A company has decided to move an ERP application to a public cloud vendor. The company wants to replicate some of its global policies from on premises to cloud. The policies include data encryption, token management, and limited user access to the ERP application. The Chief Information Officer (CIO) is mainly concerned about privileged accounts that might be compromised and used to alter data in the ERP application. Which of the following is the BEST option to meet the requirements?

A.

Sandboxing

B.

CASB

C.

MFA

D.

Security as a service

Full Access
Question # 79

A company's Chief Information Security Officer (CISO) is working with the product owners to perform a business impact assessment. The product owners provide feedback related to the critically of various business processes, personal, and technologies. Transitioning into risk assessment activities, which of the following types of information should the CISO require to determine the proper risk ranking? (Select TWO).

A.

Trend analysis

B.

Likelihood

C.

TCO

D.

Compensating controls

E.

Magnitude

F.

ROI

Full Access
Question # 80

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

A.

PCI DSS

B.

GDPR

C.

NIST

D.

ISO 31000

Full Access
Question # 81

A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network. The analyst runs the same command and obtains the following output from Server A and Server B. respectively:

Which of the following will the analyst most likely use NEXT?

A.

Exploitation tools

B.

Hash cracking tools

C.

Malware analysis tools

D.

Log analysis tools

Full Access
Question # 82

As part of a systems modernization program, the use of a weak encryption algorithm is identified m a wet se-vices API The client using the API is unable to upgrade the system on its end which would support the use of a secure algorithm set As a temporary workaround the client provides its IP space and the network administrator Limits access to the API via an ACL to only the IP space held by the client. Which of the following is the use of the ACL in this situation an example of?

A.

Avoidance

B.

Transference

C.

Mitigation

D.

Acceptance

E.

Assessment

Full Access
Question # 83

A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

A.

SQL inject

B.

Buffer overflow

C.

Missing session limit

D.

Information leakage

Full Access
Question # 84

A corporation with a BYOO policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MOM solution and has gathered the following requirements as part of the requirements-gathering phase

• Each device must be issued a secure token of trust from the corporate PKl

• Al corporate applications and local data must be able to be deleted from a central console.

• Access to corporate data must be restricted on international travel

• Devices must be on the latest OS version within three weeks of an OS release

Which of the following should be features in the new MDM solution to meet these requirements? (Select TWO)

A.

Application-based containerization

B.

Enforced full-device encryption

C.

Geofencing

D.

Application allow listing

E.

Biometric requirement to unlock device

F.

Over-the-air update restriction

Full Access
Question # 85

A company protects privileged accounts by using hardware keys as a second factor. A security engineer receives an error while attempting to authenticate with a hardware key for the first time. The engineer confirms the credentials are valid by logging Into a system while MFA is disabled. Which of the following is the MOST likely reason the login is failing?

A.

The code is not being entered in a timely manner.

B.

The one-time password must be entered in the password field.

C.

The security engineer entered the wrong password.

D.

The hardware key must be registered with the application.

Full Access
Question # 86

Several corporate users returned from an international trip with compromised operating systems on their cellular devices Additionally. intelligence reports confirm some international carriers are able to modify firmware unexpectedly even when the WDM policy is set to disable FOTA updates Which of the following mitigations is operationally feasible and MOST likely to reduce the risk of firmware compromise by a carrier white traveling internationally?

A.

Disable the ability to connect to third-party application stores

B.

Disable the smartphone's cellular radio and require the use of Wifi.

C.

Enforce the use of an always-on SSL VPN with FlPS-validated encryption

D.

issue device PKI certificates to ensure mutual authentication

Full Access
Question # 87

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Full Access
Question # 88

A line-of-business manager has deeded in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of action for the business to increase efficiency and profit Which of the following should the Chief Security Officer (CSO) perform before signing off on the third-party vendor?

A.

Supply chain audit

B.

Vulnerability assessment

C.

Penetration test

D.

Application code review

E.

Risk assessment

Full Access
Question # 89

A company is implementing a new MFA initiative. The requirements for the second factor ate as folio.*.s

• It cannot be phished

• it must work as a second factor for laptop logins

• It must be something the user has

Which of the following solutions should the company choose?

A.

User biometrics

B.

U2F hardware keys

C.

TOTP hardware keys

D.

Push ratification to a mobile device

E.

SMS notification to a managed device

Full Access
Question # 90

A security analyst must carry out the incident response plan for a specific targeted attack that was detected by the security operations center. The director of network security wants to ensure this type of attack cannot be executed again in the environment. Which of the following should the analyst present to the director to BEST meet the director's goal?

A.

Incident downtime statistics

B.

Root cause analysis

C.

After-action report

D.

Incident scope and cost metrics

Full Access
Question # 91

A forensic analyst must image the hard drive of a computer and store the image on a remote server. The analyst boots the computer with a live Linux distribution. Which of the following will allow the analyst to copy and transfer the file securely to the remote server?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 92

The credentials of a hospital's HVAC vendor were obtained using credential-harvesting malware through a phishing email. The HVAC vendor has administrative privileges m the SCADA network. Which of the following would prevent this from happening again in the future?

A.

Network segmentation

B.

Vulnerability scanning

C.

Password complexity rules

D.

Security patching

Full Access
Question # 93

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Full Access
Question # 94

The HVAC and fire suppression systems that were recently deployed at multiple locations are susceptible to a new vulnerability A security engineer needs to ensure the vulnerability is not exploited The devices are directly managed by a smart controller and do not need access to other pans of the network Signatures are available to detect this vulnerability Which of the following should be the FIRST step mi completing the request?

A.

Deploy a NAC solution that disables devices with unknown MACs

B.

Create a firewall policy with access to the smart controller from the internal network only.

C.

Create a segmented subnet for all HVAC devices and the smart controller

D.

Create an IPS profile for the HVAC devices that includes the signatures

Full Access
Question # 95

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

A.

Active Directory GPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Full Access
Question # 96

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Full Access
Question # 97

Following a recent disaster a business activates its DRP. The business is operational again within 60 minutes. The business has multiple geographically dispersed locations that have similar equipment and operational capabilities. Which of the following strategies has the business implemented?

A.

Cold site

B.

Reciprocal agreement

C.

Recovery point objective

D.

Internal redundancy

Full Access
Question # 98

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Full Access
Question # 99

A security engineer has just been embedded in an agile development team to ensure security practices are maintained during frequent release cycles. A new web application includes an input form. Which of the following would work BEST to allow the security engineer to test how the application handles error conditions?

A.

Running a dynamic analysis at form submission

B.

Performing a static code analysis

C.

Fuzzing possible input of the form

D.

Conducing a runtime analysis of the code

Full Access
Question # 100

A security analyst is reviewing the security of a company's public-facing servers After some research the analyst discovers the following on a public pastebin website.

Which of the following should the analyst do NEXT?

A.

Review the system logs

B.

Scan *.company com for vulnerabilities.

C.

Begin a root cause analysis.

D.

Change the password to the MySQL database

Full Access
Question # 101

An organization's email filler is an ineffective control and as a result employees have been constantly receiving phishing emails. As part of a security incident investigation a security analyst identifies the following:

1 An employee was working remotely when the security alert was triggered

2 An employee visited a number of uncategorized internet sites

3 A doc file was downloaded

4 A number of files were uploaded to an unknown collaboration site

Which of the following controls would provide the security analyst with more data to identify the root cause of the issue and protect the organization's information during future incidents?

A.

EDR and DLP

B.

DAM and MFA

C.

HIPS and application whitelisting

D.

FIM and antivirus

Full Access
Question # 102

An analyst discovers the following while reviewing some recent activity logs:

Which of the following tools would MOST likely identify a future incident in a timely manner?

A.

DDoS protection

B.

File integrity monitoring

C.

SCAP scanner

D.

Protocol analyzer

Full Access