1. A server contains baseline images that are deployed to sensitive workstations on a regular basis. The images are evaluated once per month for patching and otherfixes, but do not change otherwise. Which of the following controls should be put in place to secure the file server and ensure the images are not changed?

A) Require the use of two-factor authentication for any administrator or user who needs to connect to the server.
B) Schedule vulnerability scans of the server at least once per month before the images are updated.
C) Install and configure a file integrity monitoring tool on the server and allow updates to the images each month.
D) Install a honeypot to identify any attacks before the baseline images can be compromised.



2. During a routine review of firewall logs, an analyst identified that an IP address from the organizations server subnet had been connecting during nighttime hours toa foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and theaffected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incidents impact assessment?

A) PII of company employees and customers was exfiltrated.
B) The local root password for the affected server was compromised.
C) IP addresses and other network-related configurations were exfiltrated.
D) Raw financial information about the company was accessed.
E) Forensic review of the server required fall-back on a less efficient service.


3. The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the headof the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

A) Peer code reviews
B) Regression testing
C) User acceptance testing
D) Static code analysis
E) Fuzzing


4. Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potentialimpacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is thisconsidered to be?

A) Advanced persistent threats
B) Threat information
C) Threat intelligence
D) Threat data



5. A list of vulnerabilities has been reported in a companys most recent scan of a server. The security analyst must review the vulnerabilities and decide which onesshould be remediated in the next change window and which ones can wait or may not need patching. Pending further investigation. Which of the followingvulnerabilities should the analyst remediate FIRST?

A) The analyst should remediate https (443/tcp) first. This web server is susceptible to banner grabbing and was fingerprinted as Apache/1.3.27-9 on Linuxw/ mod_fastcgi.
B) The analyst should remediate ftp (21/tcp) first. An outdated version of FTP is running on this port. If it is not in use, it should be disabled.
C) The analyst should remediate imaps (993/tcp) first. The SSLv2 suite offers five strong ciphers and two weak export class ciphers.
D) The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain ashell on this host or disable this server.