- (Exam Topic 2)
A company is moving from the use of web servers hosted in an internal datacenter to a containerized cloud platform. An analyst has been asked to identify indicators of compromise in the containerized environment. Which of the following would BEST indicate a running container has been compromised?
Correct Answer:
A
- (Exam Topic 1)
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:
Which of the following lines indicates the computer may be compromised?
Correct Answer:
D
- (Exam Topic 3)
An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?
Correct Answer:
C
MFA can be used to reduce the likelihood that the attacker gains access to the VM, however, the scenario specifically states that the attacker was able to escalate rights and the question asks what can be done to remediate the vulnerability. the vulnerability in this case would be the ability to escalate rights.
- (Exam Topic 1)
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement
Correct Answer:
A
- (Exam Topic 3)
A company recently experienced a breach of sensitive information that affects customers across multiple
geographical regions. Which of the following roles would be BEST suited to determine the breach notification requirements?
Correct Answer:
A
