[Security Architecture] A global organization wants to manage all endpoint and user telemetry. The organization also needs to differentiate this data based on which office it is correlated to. Which of the following strategies best aligns with this goal?
[Security Architecture] A company that uses several cloud applications wants to properly identify: All the devices potentially affected by a given vulnerability. All the internal servers utilizing the same physical switch. The number of endpoints using a particular operating system.Which of the following is the best way to meet the requirements?
[Security Architecture] A senior security engineer flags the following log file snippet as having likely facilitated an attacker’s lateral movement in a recent breach: qry_source: 19.27.214.22 TCP/53 qry_dest: 199.105.22.13 TCP/53 qry_type: AXFR | in comptia.org - --------- directoryserver1 A 10.80.8.10 - -------- directoryserver2 A 10.80.8.11 - --------- directoryserver3 A 10.80.8.12 ------------ internal -dns A 10.80.9.1 ----------- www -int A 10.80.9.3 - --------- fshare A 10.80.9.4 - --------- sip A 10.80.9.5 ------------ msn-crit-apcs A 10.81.22.33 Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?
[Emerging Technologies and Threats] After a penetration test on the internal network, the following report was generated: Attack Target Result Compromised host ADMIN01S.CORP.LOCAL Successful Hash collected KRBTGT.CORP.LOCAL Successful Hash collected SQLSV.CORP.LOCAL Successful Pass the hash SQLSV.CORP.LOCAL Failed Domain control CORP.LOCAL Successful Which of the following should be recommended to remediate the attack?
[Security Architecture] After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?
[Identity and Access Management (IAM)] A security analyst is reviewing the following authentication logs: Which of thefollowing should the analyst do first?
