QUESTION: 33

A threat hunting team receives a report about possible APT activity in the network.
Which of the following threat management frameworks should the team implement?

NIST SP 800-53
MITRE ATT&CK
The Cyber Kill Chain
The Diamond Model of Intrusion Analysis

Answer(s): B

Reference:

https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf

Reveal Solution Next Question

QUESTION: 34

Device event logs sourced from MDM software as follows:
Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220.
Resource leak; recover the device for analysis and clean up the local storage.
Impossible travel; disable the device's account and access while investigating.
Falsified status reporting; remotely wipe the device.

Answer(s): C

Reveal Solution Next Question

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an ׀׀¢ and IT environment?

In the ׀׀¢ environment, use a VPN from the IT environment into the ׀׀¢ environment.
In the ׀׀¢ environment, allow IT traffic into the ׀׀¢ environment.
In the IT environment, allow PLCs to send data from the ׀׀¢ environment to the IT environment.
Use a screened subnet between the ׀׀¢ and IT environments.

Answer(s): D

Reveal Solution Next Question