A financial institution has several that currently employ the following controls:

1.

The severs follow a monthly patching cycle.

2.

All changes must go through a change management process.

3.

Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

4.

The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

A. Require more than one approver for all change management requests.

B. Implement file integrity monitoring with automated alerts on the servers.

C. Disable automatic patch update capabilities on the servers

D. Enhanced audit logging on the jump servers and ship the logs to the SIEM.

An organization has been notified of a breach related to its sensitive data The point of compromise is the use of weak encryption algorithms on a web server that provides access to a legacy API The organization had previously decided to

accept the nsk of using weak algorithms due to the cost to continually develop the legacy platform.

Other system owners need to be aware of the increased likelihood of this threat.

Which of the following should be reviewed by the CERT and presented to system owners to ensure a proper nsk analysis is performed?

A. Lessons learned

B. Incident log

C. Risk register

D. Root-cause analysis

E. Gap analysis

Ann. a user, brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output: Which of the following will the analyst most likely use NEXT?

A. Process explorer

B. Vulnerability scanner

C. Antivirus

D. Network enumerator

While traveling to another state, the Chief Financial Officer (CFO) forgot to submit payroll for the company The CFO quickly gained access to the corporate network through the high-speed wireless network provided by the hotel and

completed the task. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware attack on the system.

Which of the following is the MOST likely cause of the secunty breach?

A. The security manager did not enforce automatic VPN connection.

B. The company's server did not have endpoint security enabled.

C. The hotel did not require a wireless password to authenticate.

D. The laptop did not have the host-based firewall properly configured.

The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

A. Preserve all communication matching the requested search terms

B. Block communication with the customer while litigation is ongoing

C. Require employees to be trained on legal record holds

D. Request that all users do not delete any files