An attacker has breached multiple lines of information security defense. Which of the following BEST describes why delayed containment would be dangerous?

A recent regulatory audit discovers a large number of former employees with active accounts. Terminated users are removed from the HR system but not from
Active Directory. Which of the following processes would close the gap identified?

After responding to a virus detection notification, a security technician has been tasked with discovering how the virus was downloaded to the client computer.
Which of the following would BEST provide the technician with information related to the attack vector?

Company policy states that when a virus or malware alert is received, the suspected host is immediately removed from the company network. Which of the
following BEST describes this component of incident response?

An old 802.11b wireless bridge must be configured to provide confidentiality of data in transit to include the MAC addresses of communicating end users. Which of
the following can be implemented to meet this requirement?

An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website, but instead connects to an attacker
who is performing a man-in-the-middle attack. Which of the following should employees do to mitigate the vulnerability described in the scenario?

An administrator installs a system that sends an SMS message containing a password recovery token to a user’s mobile device. Which of the following should also
be deployed to prevent accounts from being compromised?

It was recently discovered that after a meeting in the datacenter, a malicious insider deleted several gigabytes of critical data and physically destroyed the
accompanying tape backups. However, an investigation revealed that the insider’s badge was never used to enter the server room. How could the insider BEST
have accomplished this?

An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing
the malware, the attacker is provided with access to the infected machine. Which of the following is being described?

A security analyst at a nuclear power plant needs to secure network traffic from the legacy SCADA systems. Which of the following methods could the analyst use
to secure network traffic in this static environment?