While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

• A.Isolate the servers to prevent the spread.
• B.Pay the ransom within 48 hours.
• C.Notify law enforcement.
• D.Request that the affected servers be restored immediately.

Comment: *

Name: *

Email: *

Verification: *

An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.
Which of the following designs would be BEST for the CISO to use?

• A.Adding a second redundant layer of alternate vendor VPN concentrators
• B.Using Base64 encoding within the existing site-to-site VPN connections
• C.Distributing security resources across VPN sites
• D.Implementing IDS services with each VPN concentrator
• E.Transitioning to a container-based architecture for site-based services

Comment: *

Name: *

Email: *

Verification: *

A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

• A.Implement strict three-factor authentication.
• B.Switch to one-time or all user authorizations.
• C.Strengthen identify-proofing procedures
• D.Implement least privilege policies

Comment: *

Name: *

Email: *

Verification: *

Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

• A.Impossible travel; disable the device's account and access while investigating.
• B.Malicious installation of an application; change the MDM configuration to remove application ID 1220.
• C.Resource leak; recover the device for analysis and clean up the local storage.
• D.Falsified status reporting; remotely wipe the device.

Comment: *

Name: *

Email: *

Verification: *

A development team created a mobile application that contacts a company's back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)

• A.CSRF protection
• B.OAuth 2.0
• C.Rate limiting
• D.Input validation
• E.Autoscaling endpoints
• F.Bot protection

Comment: *

Name: *

Email: *

Verification: *