A company is outsourcing to an MSSP that performs managed detection and response
services. The MSSP requires a server to be placed inside the network as a log aggregate
and allows remote access to MSSP analyst. Critical devices send logs to the log
aggregator, where data is stored for 12 months locally before being archived to a
multitenant cloud. The data is then sent from the log aggregate to a public IP address in the
MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer’s GREATEST concern?

An e-commerce company is running a web server on premises, and the resource utilization
is usually less than 30%. During the last two holiday seasons, the server experienced
performance issues because of too many connections, and several customers were not
able to finalize purchase orders. The company is looking to change the server configuration
to avoid this kind of performance issue.
Which of the following is the MOST cost-effective solution?

A financial services company wants to migrate its email services from on-premises servers
to a cloud-based email solution. The Chief information Security Officer (CISO) must brief
board of directors on the potential security concerns related to this migration. The board is
concerned about the following.
* Transactions being required by unauthorized individual
* Complete discretion regarding client names, account numbers, and investment
information.
* Malicious attacker using email to distribute malware and ransom ware.
* Exfiltration of sensitivity company information.
The cloud-based email solution will provide an6-malware, reputation-based scanning,
signature-based scanning, and sandboxing. Which of the following is the BEST option to
resolve the board’s concerns for this email migration?

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin
an investigation?

An energy company is required to report the average pressure of natural gas used over the
past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required
reports in an and IT environment?

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.
Which of the following systems should the consultant review before making a
recommendation?

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST
prevent this type of behavior?

A forensic expert working on a fraud investigation for a US-based company collected a few
disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was
obtained legally?