- (Exam Topic 2)
A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats.
Which of the following should the security operations center implement?

1. A. theHarvester
2. B. Nessus
3. C. Cuckoo
4. D. Sn1per

Correct Answer: C
Cuckoo is a sandbox that is specifically written to run programs inside and identify any malware. A sandbox is a virtualized environment that isolates the program from the rest of the system and monitors its behavior. Cuckoo can analyze files of various types, such as executables, documents, URLs, and more. Cuckoo can provide a report of the files’ activity against known threats, such as network traffic, file operations, registry changes, API calls, and so on.
A security operations center can implement Cuckoo to execute files to test for malicious activity and generate a report of the analysis. Cuckoo can help the security operations center to detect and prevent malware infections, investigate incidents, and perform threat intelligence.

- (Exam Topic 2)
A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

1. A. Install DLP software to prevent data loss.
2. B. Use the latest version of software.
3. C. Install a SIEM device.
4. D. Implement MDM.
5. E. Implement a screened subnet for the web server.
6. F. Install an endpoint security solution.
7. G. Update the website certificate and revoke the existing ones.
8. H. Deploy additional network sensors.

Correct Answer: BEF