While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

• A.Isolate the servers to prevent the spread.
• B.Pay the ransom within 48 hours.
• C.Notify law enforcement.
• D.Request that the affected servers be restored immediately.

Comment: *

Name: *

Email: *

Verification: *

A security administrator sees several hundred entries in a web server security log that are similar to the following:

The network source varies, but the URL, status, and user agent are the same. Which of the following would BEST protect the web server without blocking legitimate traffic?

• A.Replace the file xmlrpc.php with a honeypot form to collect further IOCs.
• B.Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL.
• C.Block every subnet that is identified as having a bot that is a source of the traffic.
• D.Automate the addition of bot IP addresses into a deny list for the web host.

Comment: *

Name: *

Email: *

Verification: *

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?

• A.Modifying the AllowUsers configuration directive
• B.Alerting the misconfigured service account password
• C.Restricting external port 22 access
• D.Implementing host-key preferences

Comment: *

Name: *

Email: *

Verification: *

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website.
Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

• A.Distribute the software via a third-party repository.
• B.Close the web repository and deliver the software via email.
• C.Email the software link to all customers.
• D.Display the SHA checksum on the website.

Comment: *

Name: *

Email: *

Verification: *

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:
* The highest form Of web identity validation
* Encryption of all web transactions
* The strongest encryption in-transit
* Logical separation based on data sensitivity
Other things that should be considered include:
* The company operates multiple other websites that use encryption.
* The company wants to minimize total expenditure.
* The company wants to minimize complexity
Which of the following should the company implement on its new website? (Select TWO).

• A.Wildcard certificate
• B.EV certificate
• C.Mutual authentication
• D.Certificate pinning
• E.SSO
• F.HSTS

Comment: *

Name: *

Email: *

Verification: *