1. A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of theerrors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

A) Network firewall
B) Web application firewall
C) Intrusion prevention system
D) Web proxy



2. A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for bothIP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?

A) Use the IP addresses to search through the event logs.
B) Scan for vulnerabilities with exploits known to have been used by an APT.
C) Create an advanced query that includes all of the indicators, and review any of the matches.
D) Analyze the trends of the events while manually reviewing to see if any of the indicators match.



3. A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing thenetwork while still conducting a credentialed scan, which of the following is the BEST choice?

A) Deploy scanners with administrator privileges on each endpoint
B) Encrypt all of the traffic between the scanner and the endpoint
C) Provide each endpoint with vulnerability scanner credentials
D) Install agents on the endpoints to perform the scan



4. An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users thatthe application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analystduring their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reportedproblems?

A) The security analyst should perform end user acceptance security testing during each application development cycle.
B) The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle.
C) The security analyst should perform security regression testing during each application development cycle.
D) The security analyst should perform secure coding practices during each application development cycle.



5. A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?

A) APT and behavioral analysis
B) Insider threat and indicator analysis
C) Ransomware and encryption
D) Polymorphic malware and secure code analysis