A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain.
Which of the following countermeasures should be used to BEST protect the network in response to this
alert? (Choose two.)

A system administrator recently deployed and verified the installation of a critical patch issued by the company's primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network.
However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?

Which of the following countermeasures should the security administrate apply to MOST effectively mitigate Rootkit level infections of the organization's workstation devices?

A newly discovered malware has a known behavior of connecting outbound to an external destination on port 27500 for the purpose of exfiltrating data. The following are four snippets taken from running netstat -an on separate Windows workstations:




Based on the above information, which of the following is MOST likely to be exposed to this malware?

A security analyst has concluded that suspicious Intermittent network activity Is coming from one or more systems using random IP addresses and MAC addresses. The same IP or MAC address Is not used twice Which of the following Is the BEST course of action to Identify the source of the suspicious activity when It resumes?