1. A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended bythe audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

A) Correct the audit. This finding is a well-known false positive, the services that typically run on 389 and 636 are identical.
B) Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
C) Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
D) Change all devices and servers that support it to 636, as encrypted services run by default on 636.



2. A cybersecurity professional typed in a URL and discovered the admin panel for the e-commerce application is accessible over the open web with the defaultpassword. Which of the following is the MOST secure solution to remediate this vulnerability?

A) Change the default password, whitelist specific source IP addresses, and require two-factor authentication.
B) Rename the URL to a more obscure name, whitelist all corporate IP blocks, and require two-factor authentication.
C) Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication.
D) Whitelist all corporate IP blocks, require an alphanumeric passphrase for the default password, and require two-factor authentication.



3. An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, andprocedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?

A) Conduct a risk assessment.
B) Identify assets.
C) Develop a data retention policy.
D) Execute vulnerability scanning.



4. A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?

A) An HTTP response that reveals an internal IP address.
B) A cipher that is known to be cryptographically weak.
C) A buffer overflow that allows remote code execution.
D) A website using a self-signed SSL certificate.



5. A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analystcontinues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. Theanalyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario,which of the following roles are the analyst, the employee, and the manager filling?

A) The analyst is blue team.The employee is red team.The manager is white team.
B) The analyst is red team.The employee is white team.The manager is blue team.
C) The analyst is red team.The employee is blue team.The manager is white team.
D) The analyst is white team.The employee is red team.The manager is blue team.