A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine The up-to-date antivirus cannot detect the malicious executable Which of the following is the MOST likely cause of this issue?

• A.The malware is being executed with administrative privileges.
• B.The malware is fileless and exists only in physical memory.
• C.The antivirus does not have the mltware's signature.
• D.The malware detects and prevents its own execution in a virtual environment.

Comment: *

Name: *

Email: *

Verification: *

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.
The company decides that is wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client.
Which of the following should the company implement?

• A.Port security
• B.Network Intrusion Prevention
• C.WPA2
• D.Mandatory Access Control

Comment: *

Name: *

Email: *

Verification: *

A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

• A.The routing tables for ping and hping3 were different.
• B.The original ping command needed root permission to execute.
• C.hping3 is returning a false positive.
• D.ICMP is being blocked by a firewall.

Comment: *

Name: *

Email: *

Verification: *

A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

• A.Resolve the monthly job issues and test them before applying them to the production network.
• B.Manually patch the computers on the network, as recommended on the CVE website.
• C.Harden the hosts on the network, as recommended by the NIST framework.
• D.Tag the computers with critical findings as a business risk acceptance.
• E.Remove the servers reported to have high and medium vulnerabilities.
• F.Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

The help desk has reported that users are reusing previous passwords when prompted to change them.
Which of the following would be the MOST appropriate control for the security analyst to configure to prevent password reuse? (Choose two.)

• A.Deploy Group Policy Objects to domain resources.
• B.Implement role-based access control within directory services.
• C.Implement mandatory access control on all workstations.
• D.Deploy a single-sing-on solution for both Windows and Linux hosts.
• E.Implement scripts to automate the configuration of PAM on Linux hosts.

Comment: *

Name: *

Email: *

Verification: *