A threat actor attacked an organization’s Active Directory server from a remote location, and in a
thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator’s account was disabled. Which activity triggered the behavior analytics tool?

1. A. accessing the Active Directory server
2. B. accessing the server with financial data
3. C. accessing multiple servers
4. D. downloading more than 10 files

Correct Answer: C

Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

1. A. Limit the number of API calls that a single client is allowed to make
2. B. Add restrictions on the edge router on how often a single client can access the API
3. C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
4. D. Increase the application cache of the total pool of active clients that call the API

Correct Answer: A

Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

1. A. Exclude the step “BAN malicious IP” to allow analysts to conduct and track the remediation
2. B. Include a step “Take a Snapshot” to capture the endpoint state to contain the threat for analysis
3. C. Exclude the step “Check for GeoIP location” to allow analysts to analyze the location and the associated risk based on asset criticality
4. D. Include a step “Reporting” to alert the security department of threats identified by the SOAR reporting engine

Correct Answer: A

A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

1. A. incident response playbooks
2. B. asset vulnerability assessment
3. C. report of staff members with asset relations
4. D. key assets and executives
5. E. malware analysis report

Correct Answer: BE

An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?

1. A. Restrict the number of requests based on a calculation of daily average
2. B. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.
3. C. Implement REST API Security Essentials solution to automatically mitigate limit exhaustio
4. D. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.
5. E. Increase a limit of replies in a given interval for each AP
6. F. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
7. G. Apply a limit to the number of requests in a given time interval for each AP
8. H. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.

Correct Answer: D