- In which one of the following mobile device deployment models does the organization allow employees to use corporate-owned devices for personal use?
A. BYOD
B. CYOD
C. COPE
D. Corporate-owned
- Bruce would like to implement an authentication mechanism that requires that users connecting via mobile devices use a second authentication factor when they are connecting from an unfamiliar IP address. What term best describes this technique?
A. Context-based authentication
B. Role-based authentication
C. Rule-based authentication
D. Device-based authentication
- Rob is tracking down the unauthorized exfiltration of sensitive information from his organization and found suspicious emails sent by an employee to a Gmail address. The emails seem to only contain photos, but Rob suspects that the photos contain sensitive information. What technique might the employee have used to embed sensitive information within a photograph?
A. Cartography
B. Cryptography
C. Steganography
D. Psychology
- Brad received a call from the Help Desk that users are suddenly calling to report that they are receiving an Access Denied message when trying to access several popular websites, although they are able to access other sites. It seems that everyone in the organization is experiencing the same symptoms on different devices and operating systems and the sites that are being blocked are consistent from user to user. Of the components listed here, which is the most likely culprit?
A. Content filter
B. Network firewall
C. GPO
D. IPS
- Ryan is reviewing logs for his wireless network controller and discovers that a single system attempted to connect to the wireless network once every minute with incorrect credentials until finally logging in successfully after several hours. While reviewing the logs, Ryan noticed that the system had been used by the same user on the network several days ago. What is the most likely explanation of these log entries?
A. The user's password was compromised via a brute force attack.
B. The user fell victim to a social engineering attack.
C. The user changed his or her password.
D. The user's device was stolen.
- Mary's organization uses a specialized statistical software package for their research. Mary discovered that users pass around installation media within their departments rather than deploying the software via a centralized tool. What is the greatest risk facing the organization?
A. Social engineering
B. Malware infection
C. License violation
D. Faulty software
- Sandra is deploying cellular devices to her firm's salesforce. She is concerned that the employees will install apps on the devices that jeopardize security. Which one of the following technologies will allow her to control the configuration of the device and prevent the installation of unwanted apps?
A. ERP
B. BYOD
C. MDM
D. CRM
- Which one of the following tools would be the most helpful in detecting missing operating system patches?
A. Documentation review
B. Network vulnerability scanner
C. Port scanner
D. Configuration management tool
- Tina is deploying an NAC solution for a university network and she wishes to perform host health checking. The network has many unmanaged student machines and students do not want to have software installed on their systems that remains behind after they leave the network. Which one of the following approaches would be best for Tina to use?
A. Dissolvable NAC
B. Permanent NAC
C. Captive portal
D. Active Directory NAC
- Which one of the following elements of an LDAP entry can be reconstructed to determine the domain name of a system?
A. CN
B. OU
C. DC
D. ST
- Charlie received an alert from file integrity monitoring software running on a server in his organization. Which one of the following is NOT a likely reason for this alert?
A. Operating system update
B. CPU failure
C. Application update
D. Security incident
- Which one of the following features is not typically supported by mobile device management solutions?
A. Remote wiping
B. Carrier unlocking
C. Application management
D. Configuration management
- Consider the load balanced server situation shown here. The load balancer sent the last user request to Server A. If the server is using round-robin load balancing, which server will receive the next request?
Figure 2.1
A. Server A
B. Server B
C. Server C
D. Server D
- Ben would like to identify all of the active network connections and services listening for connections on a Linux system that he is analyzing. What command-line utility can he use to meet this need?
A. pstools
B. tcpdump
C. netstat
D. netcat
- Carl is troubleshooting a Windows device that is having issues connecting to the network. He runs the ipconfig commands and finds the information shown here for the problematic interface. How did the system receive this IP address?
Figure 2.2
A. Active Directory preferred address
B. DHCP
C. Static assignment
D. APIPA
- Tim is planning the deployment of a new VPN that is illustrated in the high-level diagram shown here. What type of VPN is Tim deploying?
Figure 2.3
A. TLS VPN
B. Remote access VPN
C. Site-to-site VPN
D. IPsec VPN
- Vince is concerned that attackers might be able to gain access to the password file for a service that he runs and he would like to protect it as much as possible. Which one of the following controls provides the most effective protection against the success of rainbow table attacks?
A. Salting
B. Hashing
C. Shadow passwords
D. Password expiration
- Which one of the following techniques often reveals both the type and version of a service running on a particular port?
A. Traceroute
B. Port scanning
C. Steganography
D. Banner grabbing
- Jena would like to configure her organization's switches so that they do not allow systems connected to a switch to spoof MAC addresses. Which one of the following features would be helpful in this configuration?
A. Loop protection
B. Port security
C. Flood guard
D. Traffic encryption
- What type of proxy server is shown in the following illustration?
Figure 2.4
A. Caching proxy
B. Reverse proxy
C. Content filtering proxy
D. Forward proxy
- Bill is inspecting a new tablet computer that was brought to him by an employee wishing to connect it to the network. The device has the logo shown here on its back panel. What does this logo indicate?
Figure 2.5
A. The device has the ability to upload data to cloud services.
B. The device is portable.
C. The device can be recharged through the USB port.
D. The device may be used as a server to access other USB devices.
- Drew is concerned that users in his organization may send customers sensitive email messages that travel over the internet in an unencrypted form. What technology can he use to intercept these messages and provide encrypted delivery to the recipient?
A. Firewall
B. Email gateway
C. IPS
D. TLS
- What transport protocol is used by the traceroute command by default?
A. No transport protocol is used
B. ICMP
C. TCP
D. UDP
- Helen is working with a user who reported that strange messages were appearing on his mobile device. After troubleshooting, Helen determines that the messages were sent over Bluetooth. There is no indication that any information on the device was accessed by the attacker. What type of attack likely took place?
A. Bluelining
B. Bluesnarfing
C. Bluescreening
D. Bluejacking
- Alan is running a system audit and detects a user workstation that deviates from the organization's security standard. What action should he take next?
A. Identify the cause of the deviation.
B. Report the issue to his manager.
C. Reimage the workstation.
D. Reconfigure the device to meet the baseline.
- Brian recently established a transport mode IPsec connection between his system and a remote VPN concentrator. Which one of the following statements is correct about this connection?
A. The payload of the packet is not encrypted.
B. The IP header of the packet is not encrypted.
C. The connection supports NAT traversal.
D. No encryption is in use.
- Gwen is crafting a social media policy for her organization and is considering including the following provisions. Which one of these provisions is most likely to be problematic from a legal perspective?
A. Restricting the use of personal social media accounts outside of working hours.
B. Requiring disclosure of company affiliation on social media.
C. Requiring the approval of posts that are sent out via corporate social media accounts.
D. Blocking social media sites at the perimeter firewall.
- Nancy issues the command shown here to determine whether a system is live on the network. What type of packet is sent out by her system?
Figure 2.6
A. ICMP echo reply
B. ICMP echo request
C. ICMP information request
D. ICMP information reply
- What type of social engineering attack always occurs via telephone calls?
A. Spear phishing
B. Vishing
C. Smishing
D. Whaling
- What type of Wi-Fi antenna is shown in the following image?
Figure 2.7
A. Omnidirectional
B. Parabolic
C. Pulse width
D. Yagi
- Hannah is investigating a security incident and discovers that a network client sent false MAC address information to a switch. What type of attack likely took place?
A. DNS poisoning
B. ARP poisoning
C. Man-in-the-middle
D. Eavesdropping
- Laura is performing a DNS query using the nslookup command and she would like to identify the SMTP server(s) associated with a domain. What type of records should she retrieve?
A. MX
B. A
C. CNAME
D. NS
- Helen would like to sideload an app onto an Android device. What format must the application be in for her to successfully sideload it?
A. EXE
B. IPA
C. ZIP
D. APK
- Raj is troubleshooting authentication problems with his organization's VPN. All of the users are receiving password authentication failures. What is the most likely cause of this problem?
A. Password expiration
B. Incorrect passwords
C. RADIUS server failure
D. VPN server failure
- Carla learns that a user in her organization is about to be terminated at 3:00 and she wants to properly time the disablement of that user's account. What would be the best time to terminate access?
A. During the termination conversation
B. Immediately
C. At the end of the day
D. Tomorrow morning
- Ricky is configuring a directory server that must be accessible to users passing through a firewall. He would like to allow only encrypted LDAPS sessions through the firewall. What port should Ricky enable?
A. TCP port 3389
B. TCP port 389
C. TCP port 636
D. TCP port 443
- Which one of the following security controls can best protect against the risk of unauthorized software installation?
A. Content filters
B. Application blacklisting
C. Host firewalls
D. Application whitelisting
- During a security audit of his organization's web environment, Robert discovers that his web server supports SSL v2.0. What action should he recommend based upon this information?
A. The organization should replace SSL with TLS.
B. The organization should disable SSL v2.0 and support only SSL v3.0 or higher.
C. The organization should replace SSL with SSH.
D. No action is necessary.
- Ryan is experiencing interference on his Wi-Fi network. Which one of the following options is not an effective solution to the problem?
A. Change wireless channels
B. Relocate access points
C. Increase bandwidth
D. Relocate wireless clients
- Which one of the following statements about IPsec protocols is correct?
A. AH supports authentication, integrity, and confidentiality. ESP supports confidentiality and authentication.
B. AH supports authentication, integrity, and confidentiality. ESP supports confidentiality and integrity.
C. AH supports authentication and integrity. ESP supports confidentiality, authentication, and integrity.
D. AH supports authentication and confidentiality. ESP supports integrity and authentication.
- Barry is reviewing log records in the wake of a security incident. He suspects that the attackers attempted a SQL injection attack that was blocked. Which one of the following log sources is likely to contain the best information about the attempted attack?
A. Host firewall logs
B. Web server logs
C. Database logs
D. Web application firewall logs
- After implementing a SIEM solution, Amanda discovers that the timestamps on log entries are not synchronized. What protocol can Amanda deploy in her organization to ensure clock synchronization?
A. DHCP
B. DNS
C. NTP
D. BGP
- Colleen's company is considering deploying a BYOD mobile device strategy. She is concerned about the intermingling of corporate and personal data on mobile devices. What security control can help resolve this situation?
A. Application control
B. Full device encryption
C. Storage segmentation
D. Multifactor authentication
- Renee ran a wireless network scan in her office and found the results shown in the following table. Which one of the following networks has the strongest signal?
Figure 2.8
A. CAFwifi-Guest
B. cathy
C. CornerBakeryCafeWiFi
D. CAFwifi
- Dylan is helping his organization select a secure video conferencing solution that will be used to meet both internally and with customers. He would like to choose a technology that uses a protocol that supports secure video conferencing and will most likely be allowed through the network firewalls of customer organizations. Which one of the following protocols is his best option?
A. RTPS
B. HTTPS
C. H.323
D. SIP
- Sally is planning to deploy an advanced malware protection system. What feature of these systems would allow Sally to leverage information obtained from malware monitoring that was conducted by other customers of the same vendor?
A. Sandboxing
B. Threat intelligence
C. Quarantining
D. Behavioral detection
- Ron is selecting an email data loss prevention (DLP) solution for use in his organization. He is specifically concerned about preventing the loss of a set of product plans that are contained in a single repository. Which DLP technology would be the most effective at meeting his needs?
A. Pattern recognition
B. Watermarking
C. Host-based
D. Network-based
- Visitors to Patricia's organization's website are seeing the following error message. What is the simplest way that Patricia can resolve this issue?
Figure 2.9
A. Require the use of TLS
B. Renew the certificate
C. Replace the certificate
D. Block insecure ciphers
- Dennis is reviewing the logs from a content filter and notices that a user has been visiting pornographic websites during business hours. What action should Dennis take next?
A. Take no action
B. Discuss the issue with the user
C. Block access to the websites
D. Report the issue to management
- Review the ifconfig results shown here. What is the primary IP address for this machine?
Figure 2.10
A. 127.0.0.1
B. 10.36.23.255
C. 10.36.23.22
D. 98:e0:d9:87:8a:73
- Alan created a system named PersonnelDatabase that is designed to attract attackers, but there is no real sensitive information on the server. When someone attempts to connect to the system, Alan analyzes their activity. What type of system has Alan created?
A. Honeypot
B. Darknet
C. Sinkhole
D. Honeynet
- Tom would like to deploy NAC technology that is capable of constantly monitoring the configuration of endpoint machines and quarantining machines that fail to meet a security baseline. Which technology would be the most appropriate for Tom to deploy?
A. Dissolvable NAC
B. Agentless NAC
C. Captive portal
D. Agent-based NAC
- Flo is investigating an alert that was generated by her organization's NIDS. The system was alerted to a distributed denial of service attack and Flo's investigation revealed that this type of attack did take place. What type of report has the system generated?
A. False positive
B. True negative
C. True positive
D. False negative
- Kyle would like to capture network traffic to assist with troubleshooting a firewall issue. What command-line utility can he use to capture traffic?
A. netcat
B. Wireshark
C. nmap
D. tcpdump
- Which one of the following IP addresses should never be seen as the destination address of a packet leaving an organization's network over the internet?
A. 192.168.10.6
B. 12.8.1.42
C. 129.53.100.15
D. 154.42.190.5
- Trevor is planning the deployment of a Wi-Fi network. Which one of the following encryption technologies provides the highest level of security?
A. WPA2
B. WEP
C. TKIP
D. WPA
- Wendy is deploying mobile devices to field workers who must travel in rural areas and require constant data service availability. Which one of the following technologies can provide that access?
A. Cellular
B. SATCOM
C. Wi-Fi
D. Bluetooth
- Which one of the following tools is an exploitation framework commonly used in penetration testing?
A. Metasploit
B. Cain and Abel
C. Nessus
D. Sysinternals
- Tim is concerned about the integrity of log records written by a database that stores sensitive information. What technology can he use to best prevent unauthorized changes to log entries?
A. TLS
B. Cryptographic hashing
C. File integrity monitoring
D. WORM
- Brian would like to restrict access to his Wi-Fi network to three specific devices that he controls. This network is small and Brian would like to control costs and preserve simplicity. What is the best way to restrict access?
A. PSK
B. MAC filtering
C. NAC
D. Kerberos
- Victor's organization is experiencing a rash of misplaced devices. What IT management discipline can help them maintain an accurate inventory?
A. Configuration management
B. Asset management
C. Change management
D. Firewall management
- Barry is using Nmap to scan systems and is experiencing difficulty because some systems are not responding to ping requests. He knows the hosts are active. What flag can he use to skip the discovery step entirely?
A. -Pn
B. -PS
C. -PA
D. -PU
- Carrie is setting up a site-to-site VPN between two of her organization's offices and wishes to establish the connection using IPsec-based VPN concentrators. Which IPsec mode should Carrie use?
A. Tunnel mode
B. Transport mode
C. Split tunnel
D. TLS
- Maddox is configuring an internal firewall that will restrict access to a network subnet populated with database servers. Which one of the following ports is not commonly associated with database traffic?
A. 1433
B. 1521
C. 1701
D. 3306
- Tammy is running a set of three load-balanced web servers for her domain. The first server is the primary server and handles requests until it reaches capacity, and then new requests are assigned to the second server. The third server remains idle unless the other two servers are fully utilized. What IP address should Tammy use for the DNS entry for the domain?
A. Second server's IP
B. First server's IP
C. Virtual IP
D. Third server's IP
- Alan is checking the NTFS permissions for a file and finds that the permissions for a problematic user are as follows. What is the end result of these permissions?
Figure 2.11
A. The user cannot read or write the file.
B. The user can read the file but not write to it.
C. The user can write to the file but cannot read it.
D. The user can read and write the file.
- Eric would like to determine whether the users on his network are transmitting sensitive information without the use of encryption. What technology, of the following choices, can best assist Eric in completing this task?
A. Exploitation framework
B. Port scanner
C. Protocol analyzer
D. Honeypot
- Laurie is considering using the S/MIME standard to provide secure email capability for her organization. Which one of the following statements best describes the security capabilities of S/MIME?
A. S/MIME provides confidentiality, integrity, and non-repudiation.
B. S/MIME provides confidentiality and integrity, but not non-repudiation.
C. S/MIME provides integrity and non-repudiation, but not confidentiality.
D. S/MIME provides confidentiality and non-repudiation, but not integrity.
- Tom is conducting a security audit of network devices in a hospital and discovers that the devices are using SNMPv3 for management. What conclusion can he reach from this information alone?
A. SNMPv3 is insecure because it contains injection vulnerabilities.
B. SNMPv3 is insecure because it uses plaintext community strings.
C. SNMPv3 is insecure because it transfers commands in unencrypted form.
D. The hospital is using a secure network management protocol.
- Greg is concerned that users might connect USB drives to their workstations in an attempt to steal sensitive information without being detected on the network. What technology can Greg use to block USB device use?
A. Host-based DLP
B. Network-based DLP
C. Host-based IPS
D. Network-based IPS
- Which one of the following approaches provides the greatest security for a two-factor authentication system based upon the use of mobile devices?
A. TLS notification
B. SMS notification
C. MMS notification
D. Push notification
- Dave's organization uses Android devices from a manufacturer who is very slow to provide operating system updates. Users in his organization are very tech-savvy and want the most recent version of Android. What technique might they wind up adopting to obtain those updates that might also jeopardize Dave's ability to manage them through his MDM platform?
A. Custom firmware
B. Application sideloading
C. Bluejacking
D. Bluesnarfing
- Scott is creating a VPN policy for end users. He would like to provide maximum protection for mobile devices running Windows by automatically establishing VPN connections when the users of those devices open applications that are known to process sensitive data. What technology can best assist Scott with this task?
A. Split tunnel VPN
B. TLS VPN
C. IPsec VPN
D. Always On VPN
- Alan's organization is deploying a BYOD policy for mobile devices, and he would like to protect corporate data stored on those devices in the event of a compromise. Which one of the following features would be the least appropriate for meeting this goal?
A. Remote wiping
B. Containerization
C. Geofencing
D. Encryption
- Molly's security team is overwhelmed by the number of sources of security information that they receive. She would like to select a tool that can aggregate and correlate log entries. What tool is the most appropriate for her needs?
A. DLP
B. SIEM
C. IPS
D. NAC
- Which feature of Microsoft operating systems prevents the execution of code stored in regions of memory not specifically designated for executable code?
A. PCI
B. ASLR
C. DEP
D. PGP
- Libby is reviewing the logs that were generated by her organization's application whitelisting system. Which one of the following circumstances is most likely to generate a false positive alert?
A. Software update to authorized application
B. Downloading software from the web
C. Execution of malware on a system
D. Installation of a rootkit
- Juan is running two load balancers in active/passive mode. Which one of the following terms does NOT describe this situation?
A. High availability
B. Fully utilized
C. Fault tolerant
D. Easily maintained
- Carl is configuring security permissions for his network and comes across the ruleset shown here. What type of device is most likely executing this policy?
Figure 2.12
A. IDP
B. Firewall
C. DLP
D. Router
- In the following image, what term is used to describe the Wi-Fi network names being displayed to the user?
Figure 2.13
A. Broadcast name
B. MAC
C. IP address
D. SSID
- Bev is analyzing host IPS logs from endpoints in her network and notices that many are receiving port scans from external hosts. Which one of the following circumstances is likely present?
A. Compromised internal system
B. Misconfigured host firewall
C. Misconfigured IPS
D. Misconfigured network firewall
- Greg is reviewing smartphone security controls for users who take photos at sensitive locations. He is concerned about the type of information that might be included in the EXIF metadata associated with each image. Which one of the following data elements is not commonly included in EXIF metadata?
A. Ambient temperature
B. GPS coordinates
C. Camera model
D. Shutter speed
- Ricky works for a defense contractor that would like to disable the use of cameras on all mobile devices owned by the organization. They are doing this to prevent the theft of confidential information through device cameras. What technology can Ricky use to best enforce this requirement?
A. IPS
B. DLP
C. MDM
D. WAF
- Which one of the following firewall types is capable of monitoring connection statuses by tracking the stages of the TCP handshake and then using that information when deciding whether to allow future packets that are part of an active connection?
A. Stateless firewall
B. Packet filter
C. Stateful inspection
D. Router ACL
- Barbara is the cybersecurity manager for a retail chain that is considering deploying contactless payment systems that support Apple Pay, Google Wallet, and similar solutions. What type of communication technology do these solutions use to communicate between a user's smartphone and the payment terminal?
A. NFC
B. Bluetooth
C. Infrared
D. Wi-Fi
- After reviewing the results of a system scan, Mike determines that a server in his organization supports connections using the FTP service. What is the primary risk associated with this service?
A. Buffer overflow
B. Unencrypted credentials
C. Cross-site scripting
D. Privilege escalation
- Tina is selecting a firewall for her organization and would like to choose a technology that is capable of serving as her organization's front line connection to the internet and blocking a variety of attacks, including SYN floods, TCP probes, and SQL injection. Which one of the following devices would best meet her needs?
A. Packet filter
B. Next-generation firewall
C. Router ACL
D. Web application firewall
- Sam is reviewing the logs from his organization's unified threat management system. Which one of the following functions is not typically performed by a UTM device?
A. Sandboxing
B. Content filter
C. Firewall
D. Intrusion prevention
- Jaime is creating a firewall ruleset that is designed to allow access from external networks to a web server that responds to both encrypted and unencrypted requests. What ports should Jaime fill for the boxes currently labeled X and Y in the following diagram?
Figure 2.14
A. 80 and 443
B. 80 and 8080
C. 53 and 443
D. 53 and 80
- Which one of the following data sanitization techniques uses strong magnetic fields to remove remnant data from a device?
A. Pulverizing
B. Degaussing
C. Wiping
D. Overwriting
- Tom purchased a mobile device from a carrier under a contract that expired last year. He attempted to transfer the device to a new carrier but was told that the device is locked. Who must unlock the device in order for Tom to complete the transfer?
A. The new carrier
B. The original carrier
C. Tom's employer
D. Tom
- Norma is comparing the security characteristics of different Wi-Fi networks. Which one of the following types of Wi-Fi network allows the use of enterprise authentication protocols?
A. PSK
B. WPA
C. Ad hoc
D. Direct
- Tim is installing a data loss prevention system in his organization and is concerned about the likelihood of false positive reports. Which one of the following techniques is most likely to generate false positive alerts?
A. Removable media control
B. Watermarking
C. Pattern matching
D. Software updates
- Which one of the following network device features is NOT used to prevent routing loops from occurring in a network or to correct them when they do occur?
A. Split horizon
B. Loop prevention
C. Flood guard
D. Hold-down timers
- Samantha would like to add security to her organization's voice over IP (VoIP) telephony system. What protocol is specifically designed to assist with securing VoIP implementations?
A. SNMP
B. SRTP
C. SSH
D. TLS
- Which one of the following services is not normally performed by email security gateways?
A. Network firewall
B. Data loss prevention
C. Encryption
D. Spam filtering
- In the firewall ruleset shown here, what name is typically used to refer to rule number 4?
Figure 2.15
A. SMTP
B. Stealth
C. Promiscuous
D. Implicit deny
- John would like to identify a subscription service that helps him block known malicious systems from accessing his network by automatically updating his firewall rules. What type of service would best meet this need?
A. Malware signature
B. IP reputation
C. IDS signature
D. Behavioral analysis
- Ralph runs a large-scale Wi-Fi network and is having difficulty with interference between access points. What is the most effective and efficient way for Ralph to address these issues?
A. Use a Wi-Fi controller
B. Modify access point power levels
C. Reposition access points
D. Modify access point antenna configuration
- Gavin is choosing a model that will allow employees to access corporate systems remotely. He would like to allow employees to use their own devices but would like to provision access in a way that allows them to use the data through a corporate-controlled computing environment without them having to transfer data to their own devices. Which one of the following models would best meet Gavin's needs?
A. COPE
B. CYOD
C. BYOD
D. VDI
- Justin is searching for rogue systems on his network and would like to detect devices that are responding to network requests but are not on his approved list. What tool can he use to identify the systems on a network that are responding to requests?
A. sqlmap
B. OpenSSL
C. netcat
D. nmap
- Nina is assisting a user who reports that he cannot connect to the wireless network in his building. The network continually shows a message requesting a network password. What is the most likely issue with this connection?
A. Expired user account
B. Incorrect PSK
C. Incorrect user password
D. Incorrect SSID
- An attacker has compromised a system on an organization's local network and has set up an encrypted tunnel to that system. He is now attempting to pivot by exploiting a zero-day vulnerability on a system located on the same LAN as the already compromised system. What type of intrusion detection system would be the most likely to detect the pivot attack?
A. Signature HIDS
B. Heuristic HIDS
C. Heuristic NIDS
D. Signature NIDS
- Greg is working with remote users to troubleshoot issues that they are experiencing with VPN connections when traveling to customer sites. He believes that customer firewalls are interfering with the VPN connection and is considering altering the VPN configuration to prevent this issue. What type of VPN connection is the least susceptible to this problem?
A. TLS
B. IPsec
C. Split tunnel
D. Full tunnel
- Mark is analyzing host antivirus logs in the aftermath of a system compromise. He discovers that the antivirus software did not detect malicious software that infected the system. Which one of the following is the least likely cause of this failure?
A. Antivirus software failure
B. Outdated antivirus signatures
C. Zero-day attack
D. APT attack