A security analyst is hardening a network infrastructure. The analyst is given the following requirements:
Preserve the use of public IP addresses assigned to equipment on the core router.
Enable "in transport" encryption protection to the web server with the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Choose two.)


A. Configure VLANs on the core router.
B. Configure NAT on the core router.
C. Configure BGP on the core router.
D. Enable AES encryption on the web server.
E. Enable 3DES encryption on the web server.
F. Enable TLSv2 encryption on the web server.

A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of
the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor
was observed using in previous campaigns?


A. Security research publications
B. The MITRE ATT&CK framework
C. The Diamond Model of Intrusion Analysis
D. The Cyber Kill Chain

A research company discovered that an unauthorized piece of software has been detected on a small number
of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet
using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and
is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve
the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following
contains the BEST course of action in this scenario?


A. Update the host firewalls to block outbound SMB.
B. Place the machines with the unapproved software in containment.
C. Place the unauthorized application in a blocklist.
D. Implement a content filter to block the unauthorized software communication.

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM
elasticity, and secure networking. Which of the following cloud service provider types should the business
engage?


A. IaaS
B. PaaS
C. XaaS
D. SaaS

While checking logs, a security engineer notices a number of end users suddenly downloading files with the
.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not
initiate any of the downloads. Further investigation reveals the end users all clicked on an external email
containing an infected MHT file with an href link a week prior. Which of the following is MOST likely
occurring?


A. A RAT was installed and is transferring additional exploit tools.
B. The workstations are beaconing to a command-and-control server.
C. A logic bomb was executed and is responsible for the data transfers.
D. A fileless virus is spreading in the local network environment

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work
from home anytime during business hours, including during a pandemic or crisis. However, the CEO is
concerned that some staff members may take advantage of the flexibility and work from high-risk countries
while on holiday or outsource work to a third-party organization in another country. The Chief Information
Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk.
Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.)


A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls

A network administrator has been alerted that web pages are experiencing long load times. After determining it
is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the
following output:
CPU 0 percent busy, from 300 sec ago
1 sec ave: 99 percent busy
5 sec ave: 97 percent busy
1 min ave: 83 percent busy
Which of the following is the router experiencing?


A. DDoS attack
B. Memory leak
C. Buffer overflow
D. Resource exhaustion

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large
number of organizations?


A. Machine learning
B. DNS sinkhole
C. Blocklist
D. Honeypot

Which of the following BEST helps to demonstrate integrity during a forensic investigation?


A. Event logs
B. Encryption
C. Hashing
D. Snapshots

Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud
provider?


A. IaaS
B. SaaS
C. PaaS
D. XaaS