NO.332 Which of the following uses six initial steps that provide basic control over system security

by including hardware and software inventory, vulnerability management, and continuous

monitoring to minimize risk in all network environments?

NO.333 A security analyst is hardening a network infrastructure. The analyst is given the following

requirements.

* Preserve the use of public IP addresses assigned to equipment on the core router.

* Enable "in transport 'encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select TWO).

NO.334 A security analyst is investigating a vulnerability in which a default file permission was set

incorrectly. The company uses non-credentialed scanning for vulnerability management.

Which of the following tools can the analyst use to verify the permissions?

NO.335 Which of the following would BEST identify and remediate a data-loss event in an enterprise

using third-party, web-based services and file-sharing platforms?

NO.336 An organization wants to implement a third factor to an existing multifactor authentication.

The organization already uses a smart card and password. Which of the following would meet the

organization's needs for a third factor?

NO.337 Which of the following is the purpose of a risk register?

NO.338 A security analyst discovers that a company username and password database was posted

on an internet forum.

The username and passwords are stored in plan text. Which of the following would mitigate the

damage done by this type of data exfiltration in the future?