Comprehensive and Detailed
Enriching data to compare domains requires actionable visibility. Let's analyze:
A . Cron job:Automates updates but doesn't analyze in the SIEM.
B . Parser:Processes logs but doesn't provide comparison insights.
C . Filter query:Excludes matches, opposite of enrichment.

To determine how the acquisition of Company B will impact the attack surface, the following steps are crucial:
A . Documenting third-party connections used by Company B: Understanding all external connections is essential for assessing potential entry points for attackers and ensuring that these connections are secure.
E . Performing an architectural review of Company B's network: This review will identify vulnerabilities and assess the security posture of the acquired company's network, providing a comprehensive understanding of the new attack surface.
These actions will provide a clear picture of the security implications of the acquisition and help in developing a plan to mitigate any identified risks.
Reference:
CompTIA SecurityX Study Guide: Emphasizes the importance of understanding third-party connections and conducting architectural reviews during acquisitions.
NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems": Recommends comprehensive reviews and documentation of third-party connections.
"Mergers, Acquisitions, and Other Restructuring Activities" by Donald DePamphilis: Discusses the importance of security assessments during acquisitions.

To develop a baseline of security configurations that will be automatically utilized when a machine is created, the security architect should deploy Ansible. Here's why:
Automation: Ansible is an automation tool that allows for the configuration, management, and deployment of applications and systems. It ensures that security configurations are consistently applied across all new machines.
Scalability: Ansible can scale to manage thousands of machines, making it suitable for large enterprises that need to maintain consistent security configurations across their infrastructure.
Compliance: By using Ansible, organizations can enforce compliance with security policies and standards, ensuring that all systems are configured according to best practices.
Reference:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
Ansible Documentation: Best Practices
NIST Special Publication 800-40: Guide to Enterprise Patch Management Technologies

Comprehensive and Detailed
Understanding the Security Event:
HOST002 is the only device authorized for internet traffic. However, theSIEM logs show that VM002 is making network connections to web.corp.local.
This indicatesunauthorized access, which could bea sign of lateral movement or network infection.
This is ared flagfor potential malware, unauthorized software, or a compromised host.
Why Option D is Correct:
Unusual network traffic patternsare often an indicator of acompromised system.
VM002 should not be communicating externally, but it is.
This suggests a possiblebreach or malware infectionattempting to communicate with a command-and-control (C2) server.
Why Other Options Are Incorrect:
A (Misconfiguration):While a misconfiguration could explain the unauthorized connections, the pattern of activity suggests something more malicious.
B (Security incident on HOST002):The issue is not with HOST002. The suspicious activity isfrom VM002.
C (False positives):The repeated pattern of unauthorized connections makes false positivesunlikely.
Reference:
CompTIASecurityX CAS-005 Official Study Guide:Chapter on SIEM & Incident Analysis MITRE ATT&CK Tactics:Lateral Movement & Network-based Attacks NIST 800-94:Guidelines for Network Intrusion Detection and Analysis

Risk mitigation involves taking actions to reduce either the likelihood or impact of a threat. By implementing a firewall between the two environments, Company A is minimizing the risk of threats from Company B impacting its own systems. Accepting the risk would involve taking no action, avoiding it would mean terminating activities with Company B, and transferring would involve outsourcing the risk, none of which occurred here.