1. A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering thevulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerableapplication is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code executionto gain privileged access to the system. Which of the following is the BEST course of actions to mitigate this threat?

A) Remove the application and replace it with a similar non-vulnerable application.
B) Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability.
C) Block the vulnerable application traffic at the firewall and disable the application services on each computer.
D) Work with the manufacturer to determine the time frame for the fix.



2. A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain. Which of the following countermeasures should be used toBEST protect the network in response to this alert? (Choose two.)(Select 2answers)

A) Perform a risk assessment and implement compensating controls.
B) Ensure the IDS is active on the network segment where the endpoint resides.
C) Implement an internal honeypot to catch the malicious traffic and trace it.
D) Isolate the infected endpoint to prevent the potential spread of malicious activity.
E) Set up a sinkhole for that dynamic DNS domain to prevent communication.


3. While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the companys manufacturinglocation. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity.Which of the following should the analyst recommend to keep this activity from originating from company laptops?

A) Install security software and a host-based firewall on the SCADA equipment.
B) Require connections to the SCADA network to go through a forwarding proxy.
C) Implement a group policy on company systems to block access to SCADA networks.
D) Update the firewall rules to block SCADA network access from those laptop IP addresses.



4. An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

A) Log review
B) DNS harvesting
C) Service discovery
D) Packet capture



5. Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As conference rooms. This access is provided toallow partners the ability to establish VPNs back to Company Bs network. The security architect for Company A wants to ensure partners from Company B are ableto gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports.Which of the following can be employed to allow this?

A) MAC
B) NAC
C) SIEM
D) ACL
E) SAML