A security administrator is called to troubleshoot a computer infection. The computer’s software correctly identified the malware and flagged it to the central
management console; however the malicious payload was still executed. Which of the following can cause this scenario?

Am organization decides to implement a BYOD policy but wants to ensure they address requirements associated with any legal investigations and controls needed
to comply with the analysis and recreation of an incident. This concern is also known as which of the following?

A security administrator is having continued issues with malware variants infecting systems infecting systems and encrypting several types of files. The malware
uses a document macro to create a randomly named executable that downloads the encrypted payload of the malware. Once downloaded, the malware searches
all drives, creates and HTML file with the decryption instructions in the directory, and then proceeds to encrypt the target files. Which of the following actions would
BEST interrupt the malware before it encrypts other files while minimizing the adverse impacts to the users?

A media company would like to securely stream live video feeds over the Internet to clients. The security administrator suggests that the video feed is encrypted in
transport and configures the web server to prefer ciphers suited to the live video feeds. Which of the following cipher suites should the administrator implement on
the web server to minimize the computational and performance overhead of delivering live feeds?

Several users require administrative access for software compatibility reasons. Over time, these users have made several changes to important system settings.
Which of the following is the BEST course of action to ensure the system settings are properly enforced?

In the course of troubleshooting wireless issues from users, a technician discovers that users are connecting to their home SSIDs while at work. The technician
scans detects none of those SSIDs. The technician eventually discovers a rogue access point that spoofs any SSID that a client requests. Which of the following
allows wireless use while mitigating this type of attack?

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a movie. The access point is configured to
secure its users with WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of

the following is the reason the malicious user is able to intercept and see clear text communications?

A security engineer notices that unknown devices are connecting to the company’s wireless network and trying to access the database server. The wireless access
point is configured with WPA for encryption and the network administrator setup a 8 digit pin for easy setup to the wireless access point. Which of the following is
the MOST likely type of attack?

A user contacts the help desk after being unable to log in to the corporate website. The user can log into the site from another computer in the next office, but not
from the PC. The user’s PC was able to connect earlier in the day. The help desk has the user restart the NTP service. Afterwards, the user is able to log into the
website. The MOST likely reason for the initial failure was that the website was configured to use which of the following authentication mechanisms?

A network administrator recently implemented two caching proxy servers on the network. How can the administrator BEST aggregate the log files from the proxy
servers?