A security administrator wants to get a real time look at what attackers are doing in the wild,
hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish
this goal?

During a security assessment, an administrator wishes to see which services are running on a
remote server. Which of the following should the administrator use?

Which of the following tools would a security administrator use in order to identify all running
services throughout an organization?

Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what
services and operating systems are running on the corporate network. Which of the following
should be used to complete this task?

Which device monitors network traffic in a passive manner?

A new security analyst is given the task of determining whether any of the company’s servers are
vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the

quickest FIRST step toward determining the version of SSH running on these servers?

After analyzing and correlating activity from multiple sensors, the security administrator has
determined that a group of very well organized individuals from an enemy country is responsible
for various attempts to breach the company network, through the use of very sophisticated and
targeted attacks. Which of the following is this an example of?

A system administrator has noticed vulnerability on a high impact production server. A recent
update was made available by the vendor that addresses the vulnerability but requires a reboot of
the system afterwards. Which of the following steps should the system administrator implement to
address the vulnerability?

A security specialist has been asked to evaluate a corporate network by performing a vulnerability
assessment. Which of the following will MOST likely be performed?

Which of the following would a security administrator implement in order to identify change from
the standard configuration on a server?