1. Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As conference rooms. This access is provided toallow partners the ability to establish VPNs back to Company Bs network. The security architect for Company A wants to ensure partners from Company B are ableto gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports.Which of the following can be employed to allow this?

A) NAC
B) MAC
C) SIEM
D) ACL
E) SAML


2. A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment,the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users aresharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?

A) Send an email asking users not to share their credentials
B) Run a report on all users sharing their credentials and alert their managers of further actions
C) Force a daily password change
D) Invest in and implement a solution to ensure non-repudiation



3. A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?

A) APT and behavioral analysis
B) Ransomware and encryption
C) Polymorphic malware and secure code analysis
D) Insider threat and indicator analysis



4. An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A fullantivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

A) Session hijack
B) Known malware attack
C) Cookie stealing
D) Zero-day attack



5. The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analystnotices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adversereactions, server functionality does not seem to be affected, and no malware was found after a scan.Which of the following actions should the analyst take?

A) Monitor the web application for service interruptions caused from the patching.
B) Create an incident ticket for anomalous activity.
C) Reschedule the automated patching to occur during business hours.
D) Monitor the web application service for abnormal bandwidth consumption.