Which of the following statements is appropriate in an incident response report?
A. There had been a storm on September 27th that may have caused a power surge
B. The registry entry was modified on September 29th at 22:37
C. The attacker may have been able to access the systems due to missing KB2965111
D. The backup process may have failed at 2345 due to lack of available bandwidth
What is an organization's goal in deploying a policy to encrypt all mobile devices?
A. Enabling best practices for the protection of their software licenses
B. Providing their employees, a secure method of connecting to the corporate network
C. Controlling unauthorized access to sensitive information
D. Applying the principle of defense in depth to their mobile devices
Implementing which of the following will decrease spoofed e-mail messages?
A. Finger Protocol
B. Sender Policy Framework
C. Network Address Translation
D. Internet Message Access Protocol
Which projects enumerates or maps security issues to CVE?
A. SCAP
B. CIS Controls
C. NIST
D. ISO 2700
An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control. Which action should they take when they discover that an application running on a web server is no longer needed?
A. Uninstall the application providing the service
B. Turn the service off in the host configuration files
C. Block the protocol for the unneeded service at the firewall
D. Create an access list on the router to filter traffic to the host
As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic. Which event should they receive an alert on?
A. The number of website hits is higher that the daily average
B. The logfiles of the webserver are rotated and archived
C. The website does not respond to a SYN packet for 30 minutes
D. The website issues a RST to a client after the connection is idle
What documentation should be gathered and reviewed for evaluating an Incident Response program?
A. Staff member interviews
B. NIST Cybersecurity Framework
C. Policy and Procedures
D. Results from security training assessments
Janice is auditing the perimeter of the network at Sugar Water InC. According to documentation, external SMTP traffic is only allowed to and from 10.10.10.25. Which of the following actions would demonstrate the rules are configured incorrectly?
A. Receive spam from a known bad domain
B. Receive mail at Sugar Water Inc. account using Outlook as a mail client
C. Successfully deliver mail from another host inside the network directly to an external contact
D. Successfully deliver mail from web client using another host inside the network to an external contact.
Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log. Which of the following lines in your firewall ruleset has expired and should be removed from the configuration?

A. access-list outbound permit tcp host 10.1.1.7 any eq smtp
B. access-list outbound deny tcp any host 74.125.228.2 eq www
C. access-list inbound permit tcp 8.8.0.0 0.0.0.255 10.10.12.252 eq 8080
D. access-list inbound permit tcp host 8.8.207.97 host 10.10.12.100 eq ssh
Kenya is a system administrator for SANS. Per the recommendations of the CIS Controls she has a dedicated host (kenya- adminbox / 10.10.10.10) for any administrative tasks. She logs into the dedicated host with her domain admin credentials. Which of the following connections should not exist from kenyaadminbox?

A. 10.10.245.3389
B. Mail.jane.org.25
C. Firewall_charon.jane.org.22
D. 10.10.10.33.443