A security analyst working in the SOC recently discovered Balances m which hosts visited a specific set of domains and IPs and became infected with malware. Which of the following is the MOST appropriate action to take in the situation?

A. implement an IPS signature for the malware and update the blacklisting for the associated domains and IPs

B. Implement an IPS signature for the malware and another signature request to Nock all the associated domains and IPs

C. Implement a change request to the firewall setting to not allow traffic to and from the IPs and domains

D. Implement an IPS signature for the malware and a change request to the firewall setting to not allow traffic to and from the IPs and domains

A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IoC list for monitoring. Which of the following is the best suggestion for improving monitoring capabilities?

A. Update the IPS and IDS with the latest rule sets from the provider.

B. Create an automated script to update the IPS and IDS rule sets.

C. Use an automated subscription to select threat feeds for IDS.

D. Implement an automated malware solution on the IPS.

A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?

A. The whitelist

B. The DNS

C. The blocklist

D. The IDS signature

When investigating a report of a system compromise, a security analyst views the following /var/log/secure log file:

Which of the following can the analyst conclude from viewing the log file?

A. The comptia user knows the sudo password.

B. The comptia user executed the sudo su command.

C. The comptia user knows the root password.

D. The comptia user added himself or herself to the /etc/sudoers file.

A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?

A. Advanced persistent threat

B. Buffer overflow vulnerability

C. Zero day

D. Botnet

While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor may not use offensive software during the audit. This is an example of:

A. organizational control.

B. service-level agreement.

C. rules of engagement.

D. risk appetite

An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization's network and identify active hosts. An analyst sees the following output from a packet capture:

Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?

A. flags=RA indicates the testing team is using a Christmas tree attack

B. ttl=64 indicates the testing team is setting the time to live below the firewall's threshold

C. 0 data bytes indicates the testing team is crafting empty ICMP packets

D. NO FLAGS are set indicates the testing team is using hping

An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?

A. Use the MITRE ATTandCK framework to develop threat models.

B. Conduct internal threat research and establish indicators of compromise.

C. Review the perimeter firewall rules to ensure rule-set accuracy.

D. Use SCAP scans to monitor for configuration changes on the network.

A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?

A. Static analysis

B. Dynamic analysis

C. Regression testing

D. User acceptance testing

An organization has the following risk mitigation policy:

1.

Risks with a probability of 95% or greater will be addressed before all others regardless of the impact.

2.

All other prioritization will be based on risk value. The organization has identified the following risks:

Which of the following is the order of priority for risk mitigation from highest to lowest?

A. A, B, D, C

B. A, B, C, D

C. D, A, B, C

D. D, A, C, B