An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website, but instead connects to an attacker
who is performing a man-in-the-middle attack. Which of the following should employees do to mitigate the vulnerability described in the scenario?

An administrator installs a system that sends an SMS message containing a password recovery token to a user’s mobile device. Which of the following should also
be deployed to prevent accounts from being compromised?

It was recently discovered that after a meeting in the datacenter, a malicious insider deleted several gigabytes of critical data and physically destroyed the
accompanying tape backups. However, an investigation revealed that the insider’s badge was never used to enter the server room. How could the insider BEST
have accomplished this?

An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing
the malware, the attacker is provided with access to the infected machine. Which of the following is being described?

A security analyst at a nuclear power plant needs to secure network traffic from the legacy SCADA systems. Which of the following methods could the analyst use
to secure network traffic in this static environment?

During a recent network audit, several devices on the internal network were found not running antivirus or HIPS. Upon further investigation, it was found that these
devices were new laptops that were deployed without having the end-point protection suite used by the company installed. Which of the following could be used to
mitigate the risk of authorized devices that are unprotected residing on the network?

Which of the following is an example of hardening a UNIX/Linux host based application?

A recent counter threat intelligence notification states that companies should review indicators of compromise on all systems. The notification stated that the
presence of a win32.dll was an identifier of a compromised system. A scan of the network reveals that all systems have this file. Which of the following should the
security analyst perform FIRST to determine if the files collected are part of the threat intelligence?

A security administrator is testing an older server that is still in production. The administrator makes a copy of the registry where passwords are stored using NTLM.
Which of the following should the administrator use to try and disclose the usernames and passwords of this server the FASTEST?

An IDS analyst while reviewing a TCPDUMP file concluded the traffic was a benign email correspondence. The presence and use of which of the following ports
confirms this assumption?