376. A security analyst receives a mobile device with symptoms of a virus infection. The virus is morphing whenever it is from sandbox to sandbox to analyze. Which of the following will help to identify the number of variations through the analysis life cycle? A. Journaling B. Hashing utilities C. Log viewers D. OS and process analysis My guess: C Others answer: D __________________________________________________ 378. Which of the following BEST describes why vulnerabilities found in ICS and SCADA can be difficult to remediate? A. ICS/SCADA systems are not supported by the CVE publications. B. ICS/SCADA systems rarely have full security functionality. C. ICS/SCADA systems do not allow remote connections. D. ICS/SCADA systems use encrypted traffic to communicate between devices My guess: D Others answer: A __________________________________________________ 380. The security team for a large, international organization is developing a vulnerability management program. The development staff has expressed concern that the new program will cause service interruptions and downtime as vulnerabilities are remedied. Which of the following should the security team implement FIRST as a core component of the remediation process to address this concern? A. Automated patch management B. Change control procedures C. Security regression testing D. Isolation of vulnerable servers My guess: B Others answer: C __________________________________________________ 382. A security analyst's daily review of system logs and SIEM showed fluctuating patterns of latency. During the analysis, the analyst discovered recent attempts of intrusion related to malware that overwrites the MBR. The facilities manager informed the analyst that a nearby construction project damaged the primary power lines, impacting the analyst's support systems. The electric company has temporarily restored power, but the area may experience temporary outages. Which of the following issues the analyst focus on to continue operations? A. Updating the ACL B. Conducting backups C. Virus scanning D. Additional log analysis My guess: D Others answer: C __________________________________________________ 383. A company has a popular shopping cart website hosted geographically diverse locations. The company has started hosting static content on a content delivery network (CDN) to improve performance. The CDN provider has reported the company is occasionally sending attack traffic to other CDN-hosted targets. Which of the following has MOST likely occurred? A. The CDN provider has mistakenly performed a GeoIP mapping to the company. B. The CDN provider has misclassified the network traffic as hostile. C. A vulnerability scan has tuned to exclude web assets hosted by the CDN. D. The company has been breached, and customer PII is being exfiltrated to the CDN. My guess: D Others answer: D __________________________________________________ 385. A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described? A. Draft a new MOU to include response incentive fees. B. Reengineer the BPA to meet the organization's needs. C. Modify the SLA to support organizational requirements. D. Implement an MOA to improve vendor responsiveness. My guess: C Others answer: C __________________________________________________