1. Given the following output from a Linux machine:file2cable i eth0 -f file.pcapWhich of the following BEST describes what a security analyst is trying to accomplish?

A) The analyst is attempting to capture traffic for a PCAP file.
B) The analyst is attempting to measure bandwidth utilization on interface eth0.
C) The analyst is attempting to use a protocol analyzer to monitor network traffic.
D) The analyst is attempting to replay captured data from a PCAP file.
E) The analyst is attempting to capture traffic on interface eth0.


2. An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users thatthe application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analystduring their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reportedproblems?

A) The security analyst should perform secure coding practices during each application development cycle.
B) The security analyst should perform end user acceptance security testing during each application development cycle.
C) The security analyst should perform security regression testing during each application development cycle.
D) The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle.



3. A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. Thesolution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console. Which ofthe following scanning topologies is BEST suited for this environment?

A) An active scanning engine installed on the enterprise console
B) A combination of server-based and agent-based scanning engines
C) A passive scanning engine located at the core of the network infrastructure
D) A combination of cloud-based and server-based scanning engines



4. Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?

A) Chain of custody documentation
B) Incident response plan
C) Lessons learned report
D) Reverse engineering process



5. A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford topurchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against dataloss? (Select THREE).(Select 3answers)

A) Prevent flash drives from connecting to USB ports using Group Policy
B) Prevent users from copying data from workstation to workstation
C) Prevent users from accessing personal email and file-sharing sites via web proxy
D) Prevent users from being able to use the copy and paste functions
E) Prevent users from using roaming profiles when changing workstations
F) Prevent Internet access on laptops unless connected to the network in the office or via VPN