Correct answer:

The Command & Control stage is used for remote manipulation of the victim is correct. During the Command & Control stage, an attacker can control a victim’s assets and remotely manipulate them.

Incorrect answers:

The Command & Control stage is used for remote manipulation of the victim is incorrect. The attacker delivers organized malware to the victim during the Delivery stage, not the Weaponization stage.

During the Actions on Objective stage, the attacker performs reconnaissance on the victim to include harvesting e-mail addresses and so on is incorrect. The attacker performs reconnaissance on the victim during the Reconnaissance stage, not the Actions on Objective stage.

The Exploitation stage involves installing malware on a victim’s assets is incorrect. Installing malware on a victim’s assets is performed during the Installation stage, not the Exploitation stage.

Correct answer:

SQL injection is correct. The exhibit shows that an SQL injection vulnerability is present, which makes possible an attack that takes advantage of this vulnerability.

Incorrect answers:

Cross-site scripting is incorrect. The exhibit does show that a cross-site scripting vulnerability is present, but this is not the focus of the tool at the moment.

XML injection is incorrect. The exhibit does not show that an XML injection vulnerability is a high risk for the system.

Session hijacking is incorrect. The exhibit does not show that session hijacking is a high-risk vulnerability for the system.

Correct answer:

Taking disciplinary action if the perpetrator of an incident is an employee is correct. The human resources department will likely be involved only if the perpetrator of the incident is an employee and disciplinary action is warranted.

Incorrect answers:

Hiring the incident response team is incorrect. Hiring the incident response team is a responsibility of the human resources department, which happens only as part of normal business operations and does not occur during the incident itself.

Communicating with outside law enforcement agencies during an incident is incorrect. The human resources department is not qualified or staffed to communicate with external law enforcement agencies during an incident; this is the responsibility of the organization’s legal counsel.

Communicating with the media and the public during an incident is incorrect. The human resources department is not qualified or staffed to communicate with the media and the public during an incident; this is the responsibility of the organization’s public relations team.

Correct answer:

Risk acceptance is correct. Risk acceptance occurs when an organization determines that it cannot further reduce, avoid, or transfer risk, and it must simply accept the fact that residual risk exists.

Incorrect answers:

Risk transfer is incorrect. Risk transfer involves transferring some of the risk, but not the responsibility for it, to a third-party, such as an insurance company.

Risk mitigation is incorrect. Risk mitigation consists of all actions designed to mitigate or reduce risk to an acceptable level.

Risk avoidance is incorrect. Risk avoidance is the act of changing the organization or its processes such that it ceases engaging in activities that incur a particular risk.

Correct answer:

You must focus on conducting the inventory and prioritizing the information technology assets that support critical business processes within the organization is correct. A business impact analysis is concerned with conducting an inventory of critical business processes and the information technology assets, including systems and data, that support them. It must also prioritize these assets for restoration in the event they are lost or compromised during a disaster or incident.

Incorrect answers:

You must focus on modeling threats, determining vulnerabilities, and calculating likelihood and impact for the critical information technology assets in the organization is incorrect. This is the definition of risk assessment.

You must focus on determining the different data sensitivity levels of critical information that the organization must have to conduct its mission is incorrect. This is the process of determining data sensitivity levels and its subsequent protection levels.

You must focus on developing a change management plan for critical assets that includes provisions for authorizing changes, patching, and configuration baseline is incorrect. This is the definition of developing a formal organizational change management process

Correct answer:

Spatial trend analysis is correct. In spatial trend analysis, data that pertains to particular places, such as geographical regions, physical subnets, or even logical locations, can be used to analyze trends that may focus on those particular logical or physical spaces.

Incorrect answers:

Historical analysis is incorrect. Historical analysis helps compare new observations to past ones; it is a form of temporal analysis.

Temporal analysis is incorrect. Temporal trend analysis examines data collected over time to predict future events or explain past events.

Behavioral analysis is incorrect. Behavioral analysis looks at patterns of behavior over time to determine unusual or anomalous behaviors.

Correct answer:

A virtual private network (VPN) provides a secure tunnel between two endpoints over some shared medium is correct. A VPN provides a secure tunnel between two endpoints over some shared medium; a VPN is most commonly created on demand between an endpoint and a network device (typically a router or VPN concentrator). VPNs can also be persistently established between network devices to create a VPN backbone between corporate locations such as branch offices and corporate headquarters.

Incorrect answers:

A virtual private network (VPN) is achieved by creating large pools of logical storage, CPUs, memory, networking, and applications that reside on a common physical platform is incorrect. This describes system virtualization, which is achieved by creating large pools of logical storage, CPUs, memory, networking, and applications that reside on a common physical platform.

A virtual private network is a private set of resources within a public cloud environment is incorrect. This describes a virtual private cloud (VPC), which is a private set of resources within a public cloud environment.

A virtual private network (VPN) separates the physical devices that the users are touching from the systems hosting the desktops, applications, and data is incorrect. This describes a virtual desktop infrastructure (VDI), which separates the physical devices that the users are touching from the systems hosting the desktops, applications, and data.

Correct answer:

Moderate is correct. Information that is credibly sourced and plausible, but not of sufficient quality or corroboration to warrant a higher level of confidence, warrants a Moderate level of confidence.

Incorrect answers:

Low is incorrect. A Low level of confidence means that information acquired is questionable or implausible, and may be too fragmented or poorly corroborated to make solid analytic inferences.

Very high is incorrect. There is no Very High level of confidence in the estimative language used by intelligence providers.

High is incorrect. With a High level of confidence, assessments are based on high-quality information, and/or the nature of the issue makes it possible to render a solid judgment. The judgment is not to be interpreted as fact and still has the possibility of being incorrect.

Correct answer:

Code of conduct is correct. A code of conduct may not be typically written as a policy document, but most policies require that you conform to the organization’s code of conduct or code of ethics.

Incorrect answers:

Conflict of interest policy is incorrect. A conflict of interest policy may be part of a larger ethics policy and requires you to disclose any potential conflicts of interest that you may have with the organization and its businesses, as well as external agencies. This is not typically written as a part of the code of conduct but may reference it.

Data handling policy is incorrect. A data handling policy prescribes requirements for how users will handle the organization’s data, to include sensitive data. Although not an ethics policy itself, it may in fact reference a code of conduct to indicate that users should handle sensitive data ethically and responsibly.

Acceptable use policy is incorrect. An acceptable use policy dictates how employees will conduct themselves when using organizational information systems and data. It likely will not be part of a code of conduct but may reference the code of conduct to indicate what is acceptable behavior.

Correct answer:

Set minimum password age to seven is correct. To prevent users from changing their password for a predetermined amount of time once it has been set, you must change the set minimum password age setting, in this case, to seven days.

Incorrect answers:

Set maximum password age to seven is incorrect. Setting the maximum password age to seven means the users must change their passwords after seven days have passed.

Set enforce password history to seven is incorrect. Setting the enforce password history to seven means that the users’ past seven passwords will be remembered and cannot be reused.

Set enforce password history to seven is incorrect. Setting the minimum password length audit to seven configures the password requirements such that all passwords must be at least seven characters.