1. A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker fromlearning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

A) TCP
B) SMTP
C) ARP
D) ICMP



2. Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potentialimpacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is thisconsidered to be?

A) Threat information
B) Threat intelligence
C) Threat data
D) Advanced persistent threats



3. A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the companys asset inventory is not current. Whichof the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?

A) A service discovery scan on the network
B) An OS fingerprinting scan across all hosts
C) A packet capture of data traversing the server network
D) A manual log review from data sent to syslog



4. A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?

A) Put an ACL on the gateway router
B) Activate the incident response plan
C) Contact the Office of Civil Rights (OCR) to report the breach
D) Notify the Chief Privacy Officer (CPO)



5. While reviewing proxy logs, the security analyst noticed a suspicious traffic pattern. Several internal hosts were observed communicating with an external IPaddress over port 80 constantly. An incident was declared, and an investigation was launched. After interviewing the affected users, the analyst determined theactivity started right after deploying a new graphic design suite. Based on this information, which of the following actions would be the appropriate NEXT step in theinvestigation?

A) Update all antivirus and anti-malware products, as well as all other host-based security software on the servers the affected users authenticate to.
B) Ask desktop support personnel to reimage all affected workstations and reinstall the graphic design suite. Run a virus scan to identify if any viruses are present.
C) Identify what the destination IP address is and who owns it, and look at running processes on the affected hosts to determine if the activity is malicious or not.
D) Perform a network scan and identify rogue devices that may be generating the observed traffic. Remove those devices from the network.