During a recent network audit, several devices on the internal network were found not running antivirus or HIPS. Upon further investigation, it was found that these
devices were new laptops that were deployed without having the end-point protection suite used by the company installed. Which of the following could be used to
mitigate the risk of authorized devices that are unprotected residing on the network?

Which of the following is an example of hardening a UNIX/Linux host based application?

A recent counter threat intelligence notification states that companies should review indicators of compromise on all systems. The notification stated that the
presence of a win32.dll was an identifier of a compromised system. A scan of the network reveals that all systems have this file. Which of the following should the
security analyst perform FIRST to determine if the files collected are part of the threat intelligence?

A security administrator is testing an older server that is still in production. The administrator makes a copy of the registry where passwords are stored using NTLM.
Which of the following should the administrator use to try and disclose the usernames and passwords of this server the FASTEST?

An IDS analyst while reviewing a TCPDUMP file concluded the traffic was a benign email correspondence. The presence and use of which of the following ports
confirms this assumption?

A system administrator is configuring a site-to-site IPSec VPN tunnel. Which of the following should be configured on the VPN concentrator for payload encryption?

An attacker is attempting to exploit a zero-day vulnerability in a popular enterprise application. The attacker is using personalized information to target high-value
individuals in an attempt to obtain proprietary information from the organization. Which of the following attack methodologies is the attacker using?

During a recent audit, it was discovered that several database services were running with local user accounts named “admin” and “dbadmin”. The following controls
will prevent network administrators from using these types of usernames for services in the future? (Select TWO)

A Chief Information Office (CIO) has recently expressed an interest in ensuring that critical business systems are protected from isolated outages. Which of the
following would provide the CIO a measure of the frequency at which these critical business systems experience breakdowns?

A major banking institution has been the victim of recurring, widespread fraud. The fraud has all occurred on the bank’s web portal. Recently, the bank implemented
a requirement for all users to obtain credentials in person at a physical office. However, this has not reduced the amount of fraud against legitimate customers.
Based on a review of the logs, most fraudulent transactions appear to be conducted with authentic credentials. Which of the following controls should be
strengthened to reduce the fraud through the website?