Please Answer If You Are 100% Sure 259. A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value? A. Access control list network segmentation that prevents access to the SCADA devices inside the network. B. Detailed and tested firewall rules that effectively prevent outside access of the SCADA devices. C. Implementation of a VLAN that allows all devices on the network to see all SCADA devices on the network. D. SCADA systems configured with `SCADA SUPPORT'=ENABLE My guess: B Others answer: B __________________________________________________ 260. A logistics company's vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ : SSL/TLS not used for a website that contains promotional information The scan also shows the following vulnerabilities on internal resources : TLS downgrade vulnerability on a server in a development network In order of risk, which of the following should be patched FIRST? A. Microsoft Office Remote Code Execution B. SQL injection C. SSL/TLS not used D. TLS downgrade My guess: C Others answer: A __________________________________________________ 262. While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company's manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops? A. Implement a group policy on company systems to block access to SCADA networks. B. Require connections to the SCADA network to go through a forwarding proxy. C. Update the firewall rules to block SCADA network access from those laptop IP addresses. D. Install security software and a host-based firewall on the SCADA equipment. My guess: A Others answer: A __________________________________________________ 281. A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kit with tools to support chip-off analysis. Which of the following tools would BEST meet this requirement? A. JTAG adapters B. Last-level cache readers C. Write-blockers D. ZIF adapters My guess: A Others answer: A __________________________________________________ 290. A company has monthly scheduled windows for patching servers and applying configuration changes. Out-of-window changes can be done, but they are discouraged unless absolutely necessary. The systems administrator is reviewing the weekly vulnerability scan report that was just released. Which of the following vulnerabilities should the administrator fix without waiting for the next scheduled change window? A. The administrator should fix dns (53/tcp). BIND `NAMED' is an open-source DNS server from ISC.org. The BIND-based NAMED server (or DNS servers) allow remote users to query for version and type information. B. The administrator should fix smtp (25/tcp). The remote SMTP server is insufficiently protected against relaying. This means spammers might be able to use the company's mail server to send their emails to the world. C. The administrator should fix http (80/tcp). An information leak occurs on Apache web servers with the UserDir module enabled, allowing an attacker to enumerate accounts by requesting access to home directories and monitoring the response. D. The administrator should fix http (80/tcp). The `greeting.cgi' script is installed. This CGI has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon. E. The administrator should fix general/tcp. The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall a company is using, an attacker may use this flaw to bypass its rules. My guess: D Others answer: B