A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.
Which of the following solutions would meet this requirement?

• A.Implement a CASB.
• B.Establish a hosted SSO.
• C.Air gap the server.
• D.Virtualize the server.

Comment: *

Name: *

Email: *

Verification: *

A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

• A.Examine the server logs for further indicators of compromise of a web application.
• B.Run crontab -r; rm -rf /tmp/.tto remove and disable the malware on the system.
• C.Run kill -9 1325to bring the load average down so the server is usable again.
• D.Perform a binary analysis on the /tmp/.t/tfile, as it is likely to be a rogue SSHD server.

Comment: *

Name: *

Email: *

Verification: *

A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS.
Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

• A.Reimage the machine to remove the threat completely and get back to a normal running state.
• B.Run an anti-malware scan on the system to detect and eradicate the current threat
• C.Start a network capture on the system to look into the DNS requests to validate command and control traffic.
• D.Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.
• E.Shut down the system to prevent further degradation of the company network

Comment: *

Name: *

Email: *

Verification: *

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users.
The remediation recommended by the audit was to switch the port to 636 wherever technically possible.
Which of the following is the BEST response?

• A.Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.
• B.Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
• C.Change all devices and servers that support it to 636, as encrypted services run by default on
  636.
• D.Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

Comment: *

Name: *

Email: *

Verification: *

A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops.
The solution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console.
Which of the following scanning topologies is BEST suited for this environment?

• A.A combination of cloud-based and server-based scanning engines
• B.An active scanning engine installed on the enterprise console
• C.A combination of server-based and agent-based scanning engines
• D.A passive scanning engine located at the core of the network infrastructure

Comment: *

Name: *

Email: *

Verification: *