A security administrator receives reports from various organizations that a system on the company network is port scanning hosts on various networks across the
Internet. The administrator determines that the compromised system is a Linux host and notifies the owner that the system will be quarantined and isolated from the
network. The system does not contain confidential data, and the root user was not compromised. The administrator would like to know how the system was
compromised, what the attackers did, and what remnants the attackers may have left behind. Which of the following are the administrator’s NEXT steps in the
investigation? (Select TWO).

A security manager has noticed several unrecognized devices connecting to the company’s internal wireless network. Only company-issued devices should be
connected to the network. Which of the following controls should be implemented to prevent the unauthorized devices from connecting to the wireless network?
(Select TWO).

Which of the following is the MAIN purpose for incorporating a DMZ into the design of a network?

A vulnerability in the underlying SSL/TLS library used by a web server has been announced. The vulnerability allows an attacker to access the web server’s
memory. Which of the following actions should be taken after the vulnerability is patched? (Select TWO).

A security administrator suspects that an employee has altered some fields within a noSQL database. Which of the following should the security administrator do to
confirm the suspicion and identify the employee?

An administrator learns that port 389 will soon be blocked by the internal firewall for security reasons. Which of the following should the administrator now use to
maintain compatibility with most applications?

A security administrator is implementing a new feature on the company extranet server to provide client access to track the status of products the company makes.
Which of the following will use a configuration baseline to reduce cross-site scripting and cross-site request forgery on the new feature?

A plant security officer is continually losing connection to two IP cameras that monitor several critical high voltage motors. Which of the following should the network
administrator do to BEST ensure the availability of the IP camera connections?

A UNIX server recently had restricted directories deleted as the result of an insider threat. The root account was used to delete the directories while logged on at the
server console. There are five administrators that know the root password. Which of the following could BEST identify the administrator that removed the restricted
directories?

Two visitors connected their laptops to the wired internal network and immediately began consuming excessive amounts of bandwidth. Which of the following can
the administrator implement to mitigate these type of issues in the future?