A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

A. Shut down the computer

B. Capture live data using Wireshark

C. Take a snapshot

D. Determine if DNS logging is enabled.

E. Review the network logs.

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.

The access records are used to identify which staff members accessed the data center in the event of equipment theft.

Which of the following MUST be prevented in order for this policy to be effective?

A. Password reuse

B. Phishing

C. Social engineering

D. Tailgating

A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of the following is the MOST important security control for the manager to invest in to protect the facility?

A. Run a penetration test on the installed agent.

B. Require that the solution provider make the agent source code available for analysis.

C. Require through guides for administrator and users.

D. Install the agent for a week on a test system and monitor the activities.

A technician at a company's retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.

Which of the following is MOST likely causing the issue?

A. A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.

B. Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.

C. A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.

D. Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.

A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described?

A. Draft a new MOU to include response incentive fees.

B. Reengineer the BPA to meet the organization's needs.

C. Modify the SLA to support organizational requirements.

D. Implement an MOA to improve vendor responsiveness.