1. Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:

A) sandboxing
B) sniffing
C) hashing
D) hardening



2. A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?

A) The sinkhole has begun blocking suspect or malicious traffic.
B) Someone has logged on to the sinkhole and is using the device.
C) Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.
D) The sinkhole has begun rerouting unauthorized traffic.



3. A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following shouldhappen NEXT?

A) Begin the incident response process.
B) Implement continuous monitoring.
C) Rescan to ensure the vulnerability still exists.
D) Start the change control process.



4. A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed?

A) Memorandum of agreement
B) Vulnerability report
C) Reverse-engineering incident report
D) Lessons learned report



5. Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.Which of the following frameworks would BEST support the program? (Select two.)(Select 2answers)

A) ISO 27000 series
B) NIST
C) OWASP
D) ITIL
E) COBIT