386. In the development stage of the incident response policy, the security analyst needs to determine the stakeholders for the policy. Who of the following would be the policy stakeholders? A. Human resources, legal, public relations, management B. Chief information Officer (CIO), Chief Executive Officer, board of directors, stockholders C. IT, human resources, security administrator, finance D. Public information officer, human resources, audit, customer service My guess: A Others answer: B __________________________________________________ 393. A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue? A. Review the firewall logs. B. Review syslogs from critical servers. C. Perform fuzzing. D. Install a WAF in front of the application server. My guess: D Others answer: B __________________________________________________ 401. Which of the following is the BEST way to share incident-related artifacts to provide non-repudiation? A. Secure email B. Encrypted USB drives C. Cloud containers D. Network folders My guess: A ( its uses PKI ) Others answer: B __________________________________________________ 408. Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2. Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic? A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway. B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway. C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway. D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway. My guess: B Others answer: A __________________________________________________ 9. A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario? A. Develop a minimum security baseline while restricting the type of data that can be accessed. B. Implement a single computer configured with USB access and monitored by sensors. C. Deploy a kiosk for synchronizing while using an access list of approved users. D. Implement a wireless network configured for mobile device access and monitored by sensors. My guess: A Others answer: D