1. A logistics companys vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:SQL injection on an infrequently used web server that provides files to vendorsSSL/TLS not used for a website that contains promotional informationThe scan also shows the following vulnerabilities on internal resources:Microsoft Office Remote Code Execution on test server for a human resources systemTLS downgrade vulnerability on a server in a development networkIn order of risk, which of the following should be patched FIRST?

A) TLS downgrade
B) SSL/TLS not used
C) Microsoft Office Remote Code Execution
D) SQL injection



2. A threat intelligence analyst who works for a financial services firm received this report:There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware varianthas been called LockMaster by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operationregarding this attack vector.The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (SelectTWO).(Select 2answers)

A) Advise the security analysts to add an alert in the SIEM on the string LockMaster
B) Visit the domain and begin a threat assessment
C) Produce a threat intelligence message to be disseminated to the company
D) Advise the security architects to enable full-disk encryption to protect the MBR
E) Format the MBR as a precaution
F) Advise the firewall engineer to implement a block on the domain

3. A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it isdeployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of thefollowing vulnerability options would BEST create the process requirements?

A) Utilizing a known malware plugin
B) Utilizing an operating system SCAP plugin
C) Utilizing an authorized credential scan
D) Utilizing a non-credential scan



4. A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organizations internal andexternal network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statementof work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses inthe infrastructure.The scope of activity as described in the statement of work is an example of:

A) penetration testing
B) session hijacking
C) friendly DoS
D) social engineering
E) vulnerability scanning


5. A malicious user is reviewing the following output:root:~#ping 192.168.1.13764 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 msroot: ~#Based on the above output, which of the following is the device between the malicious user and the target?

A) Proxy
B) Access point
C) Hub
D) Switch