A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to

create a policy that will automatically disable the services for all workstations in the organization.

Which of the following BEST describes the security analyst's goal?

A. To create a system baseline

B. To reduce the attack surface

C. To optimize system performance

D. To improve malware detection

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

A. Drive adapters

B. Chain of custody form

C. Write blockers

D. Crime tape

E. Hashing utilities

F. Drive imager

A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report over a five-minute sample is included.

Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

A. Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.

B. Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the congestion.

C. Put ACLs in place to restrict traffic destined for random or non-default application ports.

D. Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic.

An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web server that had not been used in over a year and was not regularly patched. After a discussion with the security team, management decided to initiate a program of network reconnaissance and penetration testing. They want to start the process by scanning the network for active hosts and open ports. Which of the following tools is BEST suited for this job?

A. Ping

B. Nmap

C. Netstat

D. ifconfig

E. Wireshark

F. L0phtCrack

A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further investigation?

A. Data carving

B. Timeline construction

C. File cloning

D. Reverse engineering