MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: An unauthorized network scan may be detected by parsing network sniffer data for:
Question2: An incident responder has collected network capture logs in a text file, separated by five or more data fields.Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?
Question3: Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)
Question4: A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
Question5: A security investigator has detected an unauthorized insider reviewing files containing company secrets.Which of the following commands could the investigator use to determine which files have been opened by this user?
Question6: An incident at a government agency has occurred and the following actions were taken:-Users have regained access to email accounts-Temporary VPN services have been removed-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated-Temporary email servers have been decommissionedWhich of the following phases of the incident response process match the actions taken?
Question7: A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:"You seem tense. Take a deep breath and relax!"The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:\Temp\chill.exe:Powershell.exe -Command "do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c "You seem tense. Take a deep breath and relax!");Start-Sleep -s 900) } while(1)" Which of the following BEST represents what the attacker was trying to accomplish?
Question8: During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
Question9: To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)
Question10: Senior management has stated that antivirus software must be installed on all employee workstations. Which of the following does this statement BEST describe?
Question11: Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)
Question12: An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
Question13: Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?
Question14: Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?
Question15: A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?
Question16: A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?
Question17: An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?
Question18: Organizations considered "covered entities" are required to adhere to which compliance requirement?
Question19: After a security breach, a security consultant is hired to perform a vulnerability assessment for a company's web application. Which of the following tools would the consultant use?
Question20: An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?
Question21: During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?
Question22: Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?
Question23: Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)
Question24: A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?
Question25: Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
Question26: The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
Question27: An incident response team is concerned with verifying the integrity of security information and event management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?
Question28: Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?
Question29: When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
Question30: An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following BEST describes what is occurring?
Question31: Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B.Which of the following threat motives does this MOST likely represent?
Question32: According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
Question33: Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
Question34: During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?