Company policy states that when a virus or malware alert is received, the suspected host is immediately removed from the company network. Which of the
following BEST describes this component of incident response?

An old 802.11b wireless bridge must be configured to provide confidentiality of data in transit to include the MAC addresses of communicating end users. Which of
the following can be implemented to meet this requirement?

An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website, but instead connects to an attacker
who is performing a man-in-the-middle attack. Which of the following should employees do to mitigate the vulnerability described in the scenario?

An administrator installs a system that sends an SMS message containing a password recovery token to a user’s mobile device. Which of the following should also
be deployed to prevent accounts from being compromised?

It was recently discovered that after a meeting in the datacenter, a malicious insider deleted several gigabytes of critical data and physically destroyed the
accompanying tape backups. However, an investigation revealed that the insider’s badge was never used to enter the server room. How could the insider BEST
have accomplished this?

An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing
the malware, the attacker is provided with access to the infected machine. Which of the following is being described?

A security analyst at a nuclear power plant needs to secure network traffic from the legacy SCADA systems. Which of the following methods could the analyst use
to secure network traffic in this static environment?

During a recent network audit, several devices on the internal network were found not running antivirus or HIPS. Upon further investigation, it was found that these
devices were new laptops that were deployed without having the end-point protection suite used by the company installed. Which of the following could be used to
mitigate the risk of authorized devices that are unprotected residing on the network?

Which of the following is an example of hardening a UNIX/Linux host based application?

A recent counter threat intelligence notification states that companies should review indicators of compromise on all systems. The notification stated that the
presence of a win32.dll was an identifier of a compromised system. A scan of the network reveals that all systems have this file. Which of the following should the
security analyst perform FIRST to determine if the files collected are part of the threat intelligence?