A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to
lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?

During a security assessment, an administrator wishes to see which services are running on a remote
server. Which of the following should the administrator use?

Which of the following tools would a security administrator use in order to identify all running services
throughout an organization?

Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services
and operating systems are running on the corporate network. Which of the following should be used to
complete this task?

Which device monitors network traffic in a passive manner?

A new security analyst is given the task of determining whether any of the company’s servers are
vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest
FIRST step toward determining the version of SSH running on these servers?

After analyzing and correlating activity from multiple sensors, the security administrator has determined
that a group of very well organized individuals from an enemy country is responsible for various attempts
to breach the company network, through the use of very sophisticated and targeted attacks. Which of the
following is this an example of?

A system administrator has noticed vulnerability on a high impact production server. A recent update was
made available by the vendor that addresses the vulnerability but requires a reboot of the system
afterwards. Which of the following steps should the system administrator implement to address the
vulnerability?

A security specialist has been asked to evaluate a corporate network by performing a vulnerability
assessment. Which of the following will MOST likely be performed?

Which of the following would a security administrator implement in order to identify change from the
standard configuration on a server?