1. A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered,large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The securityanalyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of thefollowing would be the BEST course of action for the analyst to take?

A) Verify user permissions.
B) Verify SLA with cloud provider.
C) Investigate a potential incident.
D) Run a vulnerability scan.



2. Given the following output from a Linux machine:file2cable i eth0 -f file.pcapWhich of the following BEST describes what a security analyst is trying to accomplish?

A) The analyst is attempting to use a protocol analyzer to monitor network traffic.
B) The analyst is attempting to measure bandwidth utilization on interface eth0.
C) The analyst is attempting to replay captured data from a PCAP file.
D) The analyst is attempting to capture traffic for a PCAP file.
E) The analyst is attempting to capture traffic on interface eth0.


3. There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?

A) Asset inventory of all critical devices
B) Scanning of all types of data regardless of sensitivity levels
C) Daily automated reports of exploited devices
D) Vulnerability scanning frequency that does not interrupt workflow



4. Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).(Select 3answers)

A) Hard drive capacity
B) Processing power
C) Trained operators
D) VLANs
E) OS
F) Physical access restriction

5. A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford topurchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against dataloss? (Select THREE).(Select 3answers)

A) Prevent users from being able to use the copy and paste functions
B) Prevent users from using roaming profiles when changing workstations
C) Prevent flash drives from connecting to USB ports using Group Policy
D) Prevent users from copying data from workstation to workstation
E) Prevent Internet access on laptops unless connected to the network in the office or via VPN
F) Prevent users from accessing personal email and file-sharing sites via web proxy