When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

Further analysis shows these users never logged in to the server. Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

• A.A rogue LDAP server is installed on the system and is connecting passwords. The analyst should recommend wiping and reinstalling the server.
• B.A rainbow tables attack was used to compromise the accounts. The analyst should recommend that future password hashes contains a salt.
• C.A password spraying attack was used to compromise the passwords. The analyst should recommend that all users receive a unique password.
• D.A phishing attack was used to compromise the account. The analyst should recommend users install endpoint protection to disable phishing links.

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company's internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems:
* Existence of a new and unexpected svchost exe process
* Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred
* DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain If this situation remains unresolved, which of the following will MOST likely occur?

• A.An adversary may leverage the affected hosts to reconfigure the company's router ACLs.
• B.The affected hosts may participate in a coordinated DDoS attack upon command
• C.Key files on the affected hosts may become encrypted and require ransom payment for unlock.
• D.The adversary may attempt to perform a man-in-the-middle attack.

Comment: *

Name: *

Email: *

Verification: *

An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?

• A.Minutes from meetings in which risk assessment activities addressing the servers were discussed
• B.Copies of prior audits that did not identify the servers as an issue
• C.Copies of change orders relating to the vulnerable servers
• D.Project plans relating to the replacement of the servers that were approved by management
• E.ACLs from perimeter firewalls showing blocked access to the servers

Comment: *

Name: *

Email: *

Verification: *

A company's Chief Information Security Officer (CISO) published an Internet usage policy that prohibits employees from accessing unauthorized websites. The IT department whitelisted websites used for business needs. The CISO wants the security analyst to recommend a solution that would improve security and support employee morale. Which of the following security recommendations would allow employees to browse non-business-related websites?

• A.Implement a virtual machine alternative.
• B.Develop a new secured browser.
• C.Configure a personal business VLAN.
• D.Install kiosks throughout the building.

Comment: *

Name: *

Email: *

Verification: *

Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The PII in question includes the following:

Which of the following would BEST accomplish the task assigned to the analyst?

• A.3 [0-9]\d-2[0-9]\d-4[0-9]\d
• B.\d[9] `XXX-XX-XX'
• C.\d(3)-d(2)-\d(4)
• D.?[3]-?[2]-?[3]

Comment: *

Name: *

Email: *

Verification: *