An organization has the following risk mitigation policies
• Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000
• Other nsk mitigation will be pnontized based on risk value. The following risks have been identified:

Which of the following is the ordei of priority for risk mitigation from highest to lowest?

1. A. A, C, D, B
2. B. B, C, D, A
3. C. C, B, A, D
4. D. D, A, B
5. E. D, C, B, A

Correct Answer: C
The order of priority for risk mitigation from highest to lowest is C, B, A, D. This order is based on applying the risk mitigation policies of the organization. According to the first policy, risks without compensating controls will be mitigated first if the risk value is greater than $50,000. Risk C has no compensating controls and a risk value of $75,000, so it is the highest priority. Risk B also has no compensating controls, but a risk value of $40,000, so it is the second priority. According to the second policy, other risk mitigation will be prioritized based on risk value. Risk A has a risk value of $60,000 and a compensating control of encryption, so it is the third priority. Risk D has a risk value of $50,000 and a compensating control of backup power supply, so it is the lowest priority.

An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

1. A. Perform password-cracking attempts on all devices going into production
2. B. Perform an Nmap scan on all devices before they are released to production
3. C. Perform antivirus scans on all devices before they are approved for production
4. D. Perform automated security controls testing of expected configurations pnor to production

Correct Answer: D
Automated security controls testing is a method that uses tools or scripts to verify that the security controls of a system or device are configured correctly and comply with the organization’s policies and standards. Performing automated security controls testing of expected configurations prior to production would help prevent a recurrence of the risk exposure caused by missing antivirus, unnecessary ports enabled, and insufficient password complexity. Performing password-cracking attempts, Nmap scans, or antivirus scans on all devices before they are released to production are other methods that can help detect some security issues, but they are not as comprehensive or efficient as automated security controls testing. Reference: https://www.nist.gov/system/files/documents/2017/04/28/sp800-115.pdf

A security analyst discovers suspicious host activity while performing monitoring activities. The analyst pulls a packet capture for the activity and sees the following:

Which of the following describes what has occurred?

1. A. The host attempted to download an application from utoftor.com.
2. B. The host downloaded an application from utoftor.com.
3. C. The host attempted to make a secure connection to utoftor.com.
4. D. The host rejected the connection from utoftor.com.

Correct Answer: C
The packet capture shows that the host sent a Client Hello message to utoftor.com on port 443. This message is part of the TLS (Transport Layer Security) handshake protocol, which is used to establish a secure connection between a client and a server1. The Client Hello message contains information such as the supported TLS version, cipher suites, and extensions that the client can use for the secure connection. The server is expected to respond with a Server Hello message that selects the parameters for the secure connection. However, the packet capture does not show any response from the server, which means that the host only attempted to make a secure connection to utoftor.com, but did not succeed. The host did not download (B) or reject (D) any application from utoftor.com.

A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization.
Which of the following should be completed FIRST?

1. A. A business Impact analysis
2. B. A system assessment
3. C. Communication of the risk factors
4. D. A risk identification process

Correct Answer: A
A business impact analysis (BIA) should be completed first before risk calculation and prioritization. A BIA is a process that identifies and evaluates the potential effects of disruptions to critical business functions or processes. A BIA helps to determine the recovery priorities, objectives, and strategies for the organization’s assets and resources1. A BIA is a prerequisite for risk calculation and prioritization because it provides the basis for estimating the impact and likelihood of various threats and vulnerabilities on the organization’s operations, reputation, and finances2.

An analyst determines a security incident has occurred Which of the following is the most appropnate NEXT step in an incident response plan?

1. A. Consult the malware analysis process
2. B. Consult the disaster recovery plan
3. C. Consult the data classification process
4. D. Consult the communications plan

Correct Answer: D
A communications plan is a document that outlines who should be notified and how during an incident response. It can also specify the roles and responsibilities of the incident response team members, the escalation procedures, and the communication channels. Consulting the communications plan is the most appropriate next step in an incident response plan after determining a security incident has occurred. Consulting the malware analysis process, the disaster recovery plan, or the data classification process may be relevant at later stages of the incident response, but not as the next step. Reference: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901