1. An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems withoutimpacting the business operation. Which of the following should the analyst implement?

A) Jump box
B) Sandboxing
C) Honeypot
D) Virtualization



2. A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate networkwith a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were givencopies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware thatoriginated from one of the contractors laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

A) Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.
B) Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.
C) Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.
D) Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.
E) Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.


3. A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes onevery connecting client.Which of the following should the company implement?

A) Mandatory Access Control
B) Port security
C) Network Intrusion Prevention
D) WPA2



4. A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform wasdiscovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability,it was determined that the web services provided are being impacted by this new threat.Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)(Select 2answers)

A) Personal health information
B) Cardholder data
C) Intellectual property
D) Employee records
E) Corporate financial data


5. A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of theattempts are made with invalid credentials. Which of the following describes what is occurring?

A) The file server is attempting to transfer malware to the workstation via SM
B) Malware has infected the workstation and is beaconing out to the specific IP address of the file server.
C) An attacker has gained control of the workstation and is port scanning the network.
D) An attacker has gained control of the workstation and is attempting to pivot to the file server by creating an SMB session.