Question 16
A company recently migrated to a SaaS-based email solution.
The solution is configured as follows.
- Passwords are synced to the cloud to allow for SSO
- Cloud-based antivirus is enabled
- Cloud-based anti-spam is enabled
- Subscription-based blacklist is enabled
Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review.
Which of the following would allow the company to gam additional visibility and reduce additional costs? (Choose two.)
The solution is configured as follows.
- Passwords are synced to the cloud to allow for SSO
- Cloud-based antivirus is enabled
- Cloud-based anti-spam is enabled
- Subscription-based blacklist is enabled
Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review.
Which of the following would allow the company to gam additional visibility and reduce additional costs? (Choose two.)
Question 17
SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.
Only default ports should be used.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one
service/port only)
The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple
ports may need to be closed to comply with the hardening guidelines)
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.
Only default ports should be used.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one
service/port only)
The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple
ports may need to be closed to comply with the hardening guidelines)
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question 18
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?
Which of the following BEST describes this kind of risk response?
Question 19
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is t he NEXT step of the incident response plan?
Which of the following is t he NEXT step of the incident response plan?
Question 20
Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?