The following IDS log was discovered by a company's cybersecurity analyst:

Which of the following was launched against the company based on the IDS log?

A security administrator determines several months after the first instance that a local privileged user has
been routinely logging into a server interactively as "root" and browsing the Internet. The administrator
determines this by performing an annual review of the security logs on that server. For which of the
following security architecture areas should the administrator recommend review and modification? (Select
TWO).

In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:

Based on the output of the scan, which of the following is the BEST answer?

A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages.
After determining the alert was a true positive, which of the following represents the MOST likely cause?

A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?