A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle. Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)
Install and configure an IPS.
Enforce routine GPO reviews.
Form and deploy a hunt team.
Institute heuristic anomaly detection.
Use a protocol analyzer with appropriate connectors.
An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organizationâ€™s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server. Which of the following procedures should the security responder apply to the situation? (Choose two.)
Contain the server
Initiate a legal hold.
Perform a risk assessment.
Determine the data handling standard.
Disclose the breach to customers.
Perform an IOC sweep to determine the impact.
After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization's security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: Blocking of suspicious websites Prevention of attacks based on threat intelligence Reduction in spam Identity-based reporting to meet regulatory compliance Prevention of viruses based on signature Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make?
Reconfigure existing IPS resources
Implement a WAF
Deploy a SIEM solution
Deploy a UTM solution
Implement an EDR platform
A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect's goals?
Utilize a challenge-response prompt as required input at username/password entry.
Implement TLS and require the client to use its own certificate during handshake.
Configure a web application proxy and institute monitoring of HTTPS transactions.
Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO) A. Use an internal firewall to block UDP port 3544.
Disable network discovery protocol on all company routers.
Block IP protocol 41 using Layer 3 switches.
Disable the DHCPv6 service from all routers.
Drop traffic for ::/0 at the edge firewall.
Implement a 6in4 proxy server.