Question 1

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to

prevent this type of attack from reoccurring? (Choose two.)

Options :

A : Implement a patch management process.

B : Scan the company server files for known viruses.

C : Apply existing patches to the company servers.

D : Automate antivirus scans of the company servers.

E : Define roles and responsibilities in the incident response playbook.

Answer: A,D

Question 2

Refer to the exhibit.

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

Options :

A : An attacker can initiate a DoS attack.

B : An attacker can read or change data.

C : An attacker can transfer data to an external server.

D : An attacker can modify the access logs.

Answer: A

Question 3

A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

Options :

A : assessment scope

B : event severity and likelihood

C : incident response playbook

D : risk model framework

Answer: D

Question 4

Refer to the exhibit.

Where are the browser page rendering permissions displayed?

Options :

A : x-frame-options

B : x-xss-protection

C : x-content-type-options

D : x-test-debug

Answer: C

Question 5

Refer to the exhibit.

What is occurring in this packet capture?

Options :

A : TCP port scan

B : TCP flood

C : DNS flood

D : DNS tunneling

Answer: B