An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?

• A.Use the MITRE ATT&CK framework to develop threat models.
• B.Review the perimeter firewall rules to ensure rule-set accuracy.
• C.Use SCAP scans to monitor for configuration changes on the network.
• D.Conduct internal threat research and establish indicators of compromise.

Comment: *

Name: *

Email: *

Verification: *

The Chief Information Officer (CIO) of a large healthcare institution is concerned about all machines having direct access to sensitive patient information. Which of the following should the security analyst implement to BEST mitigate the risk of sensitive data exposure?

• A.Network segmentation
• B.MFA on all workstations
• C.NAC to ensure minimum standards are met
• D.A cloud access service broker system

Comment: *

Name: *

Email: *

Verification: *

The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network.
Which of the following would work BEST to prevent the issue?

• A.Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network.
• B.Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network.
• C.Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property.
• D.Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed.

Comment: *

Name: *

Email: *

Verification: *

A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?

• A.Social media accounts attributed to the threat actor
• B.Custom malware attributed to the threat actor from prior attacks
• C.Network assets used in previous attacks attributed to the threat actor
• D.Email addresses and phone numbers tied to the threat actor
• E.IP addresses used by the threat actor for command and control

Comment: *

Name: *

Email: *

Verification: *

During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.

• A.DST 138.10.2.5.
• B.DST 172.10.3.5.
• C.DST 175.35.20.5.
• D.DST 138.10.25.5.
• E.DST 172.10.45.5.

Comment: *

Name: *

Email: *

Verification: *