A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

1. 65
2. 77
3. 83
4. 87

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst's FIRST action?

Options:

A Create a full inventory of information and data assets.
B Ascertain the impact of an attack on the availability of crucial resources.
C Determine which security compliance standards should be followed.
D Perform a full system penetration test to determine the vulnerabilities.

C or D 

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

Options:

A Quarantine 10.0.5.52 and run a malware scan against the host.
B Access 10.0.5.52 via EDR and identify processes that have network connections.
C Isolate 10.0.50.6 via security groups.
D Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A NX bit
B ASLR
C DEP
D HSM