A security analyst was asked to join an outage call for a critical web application. The web middleware support team determined the web server is running and having no trouble processing requests; however, some investigation has revealed firewall denies to the web server that began around 1.00 a.m. that morning. An emergency change was made to enable the access, but management has asked for a root cause determination. Which of the following would be the BEST next step?

A. Install a packet analyzer near the web server to capture sample traffic to find anomalies.

B. Block all traffic to the web server with an ACL.

C. Use a port scanner to determine all listening ports on the web server.

D. Search the logging servers for any rule changes.

An analyst suspects a large database that contains customer information and credit card data was exfiltrated to a known hacker group in a foreign country. Which of the following incident response steps should the analyst take FIRST?

A. Immediately notify law enforcement, as they may be able to help track down the hacker group before customer information is disseminated.

B. Draft and publish a notice on the company's website about the incident, as PCI regulations require immediate disclosure in the case of a breach of PII or card data.

C. Isolate the server, restore the database to a time before the vulnerability occurred, and ensure the database is encrypted.

D. Document and verify all evidence and immediately notify the company's Chief Information Security Officer (CISO) to better understand the next steps.

A threat intelligence analyst has received multiple reports that are suspected to be about the same advanced persistent threat. To which of the following steps in the intelligence cycle would this map?

A. Dissemination

B. Analysis

C. Feedback

D. Requirements

E. Collection

A security analyst needs to obtain the footprint of the network. The footprint must identify the following information:

1.

TCP and UDP services running on a targeted system

2.

Types of operating systems and versions

3.

Specific applications and versions

Which of the following tools should the analyst use to obtain the data?

A. Prowler

B. Nmap

C. Reaver

D. ZAP

A company wants to reduce the cost of deploying servers to support increased network growth. The company is currently unable to keep up with the demand, so it wants to outsource the infrastructure to a cloud-based solution.

Which of the following is the GREATEST threat for the company to consider when outsourcing its infrastructure?

A. The cloud service provider is unable to provide sufficient logging and monitoring.

B. The cloud service provider is unable to issue sufficient documentation for configurations.

C. The cloud service provider conducts a system backup each weekend and once a week during peak business times.

D. The cloud service provider has an SLA for system uptime that is lower than 99 9%.