Question 6 of 416

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Choose two.)

Answer

Suggested Answer

The suggested answer is B, D.

Separation of duties ensures that no single individual has control over all aspects of a critical function, reducing the risk of misuse or mistakes, such as the inappropriate deletion of log files. Personnel training ensures that the system administrator and other employees understand the importance of retaining log files and other appropriate procedures, helping to prevent the issue from occurring again.

Question 7 of 416

Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?

Answer

Suggested Answer

The suggested answer is A.

Question 8 of 416

An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future?

Answer

Suggested Answer

The suggested answer is B.

Implementing a separate logical network segment for management interfaces is the best recommendation to prevent unauthorized access to managed network devices. By isolating the management traffic from the user and production traffic, the organization can restrict access to the management interfaces to only those who are authorized and require access, thereby reducing the risk of unauthorized configuration changes by insiders.

Question 9 of 416

A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

Answer

Suggested Answer

The suggested answer is D.

Implementing a wireless network configured for mobile device access and monitored by sensors provides the flexibility required for users to synchronize their calendars, email, and contacts to their smartphones or other personal devices. It allows users to connect their devices wirelessly, which is more convenient and versatile compared to other options such as a kiosk or a single computer setup. Additionally, monitoring by sensors adds a layer of security to ensure that the data is protected, meeting the mobile data protection requirements.

Question 10 of 416

A security analyst received a compromised workstation. The workstation's hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

Answer

Suggested Answer

The suggested answer is B.

To ensure the integrity of the hard drive while performing the analysis, the first thing the security analyst must do is use write blockers. Write blockers prevent any write operations to the hard drive, hence preserving the original data. This ensures that the evidence remains unaltered and admissible in court or for further forensic analysis. Making a copy of the hard drive would come after ensuring that no data can be modified, which is achieved by using write blockers.