19 ) SY EX. 3 | COMPLETE | 暗記メーカー

19 ) SY EX. 3 | COMPLETE

91問 • 5ヶ月前

問題一覧

/////////////////////////////// Benicio wants to implement a tool for all the workstations and laptops in his company that can combine behavioral detection attack indicators based on current threat intelligence with real-time visibility into the systems. What sort of tool should he select?

- An EDR

Eric wants to analyze a malware binary in the safest way possible. Which of the following methods has the least likelihood of allowing the malware to cause problems?

- Performing static analysis of the malware

Tom wants to improve his detection capabilities for his software-as-a-service (SaaS) environment. What technology is best suited to give him a view of usage, data flows, and other details for cloud environments?

- CASB

Juan wants to audit filesystem activity in Windows and configures Windows filesystem auditing. What setting can he set to know if a file was changed or not using Windows file auditing?

- None of the above

Naomi wants to analyze URLs found in her passive DNS monitoring logs to find domain generation algorithm (DGA)–generated command-and-control links. What techniques are most likely to be useful for this?

- WHOIS lookups and NXDOMAIN queries of suspect URLs

Kathleen wants to ensure that her team of security analysts sees important information about the security status of her organization whenever they log in to the SIEM. What part of a SIEM is designed to provide at-a-glance status information using the “single pane of glass” approach?

- The dashboard

Lucca is reviewing bash command history logs on a system that he suspects may have been used as part of a breach. He discovers the following grep command run inside of the /users directory by an administrative user. What will the command find? Grep -r "sudo" /home/users/ | grep "bash.log"

- All occurrences of the sudo command in bash log files in user home directories

Cynthia wants to build scripts to detect malware beaconing behavior. Which of the following is not a typical means of identifying malware beaconing behavior on a network?

- Beacon protocol

Eric has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is not a common method of monitoring network bandwidth usage?

- Portmon

Kelly sees high CPU utilization in the Windows Task Manager, as shown here, while reviewing a system's performance issues. If she wants to get a detailed view of the CPU usage by application, with PIDs and average CPU usage, what native Windows tool can she use to gather that detail?

- Resource Monitor

Roger's monitoring system provides Windows memory utilization reporting. Use the chart shown here to determine what actions Roger should take based on his monitoring.

- The memory usage is stable and can be left as it is.

NIST defines five major types of threat information in NIST SP 800-150, “Guide to Cyber Threat Information Sharing.”: 1 ) Indicators, which are technical artifacts or observables that suggest an attack is imminent, currently underway, or compromise may have already occurred 2 ) Tactics, techniques, and procedures that describe the behavior of an actor 3 ) Security alerts like advisories and bulletins 4 ) Threat intelligence reports that describe actors, systems, and information being targeted and the methods being used 5 ) Tool configurations that support collection, exchange, analysis, and use of threat information Which of these should Frank seek out to help him best protect the midsize organization he works for against unknown threats?

- 1, 3, and 5

Deepa is diagnosing major network issues at a large organization and sees the following graph in her PRTG console on the “outside” interface of her border router. What can Deepa presume has occurred?

- The network link has been restored.

Angela wants to use her network security device to detect potential beaconing behavior. Which of the following options is best suited to detecting beaconing using her network security device?

- IP reputation

A server in the datacenter that Chris is responsible for monitoring unexpectedly connects to an offsite IP address and transfers 9 GB of data to the remote system. What type of monitoring should Chris enable to best assist him in detecting future events of this type?

- Flow logs with heuristic analysis

While reviewing his network for rogue devices, Dan notes that for three days a system with MAC address D4:BE:D9:E5:F9:18 has been connected to a switch in one of the offices in his building. What information can this provide Dan that may be helpful if he conducts a physical survey of the office?

- The vendor that built the system

While checking for bandwidth consumption issues, Bohai uses the ifconfig command on the Linux box that he is reviewing. He sees that the device has sent less than 4 GB of data, but his network flow logs show that the system has sent more than 20 GB. What problem has Bohai encountered?

- ifconfig resets traffic counters at 4 GB.

Vlad believes that an attacker may have added accounts and attempted to obtain extra rights on a Linux workstation. Which of the following is not a common way to check for unexpected accounts like this?

- Check / home/ for new user directories.

Ben wants to coordinate with other organizations in the information security community to share data and current events as well as warnings of new security issues. What type of organization should he join?

- An ISAC

While investigating a spam email, Adam is able to capture headers from one of the email messages that was received. He notes that the sender was Carmen Victoria Garci. What facts can he gather from the headers shown here?

- The sender sent via a system in Japan.

After submitting a suspected malware package to Virus Total, Damian receives the following results. What does this tell Damian?

- Antivirus vendors use different names for the same malware.

Laura needs to check on CPU, disk, network, and power usage on a Mac. What GUI tool can she use to check these?

- Activity Monitor

Nara is reviewing event logs to determine who has accessed a workstation after business hours. When she runs secpol.ms on the Windows system she is reviewing, she sees the following settings. What important information will be missing from her logs?

- Successful logins

Profiling networks and systems can help to identify unexpected activity. What type of detection can be used once a profile has been created?

- Anomaly analysis

Singh is attempting to diagnose high memory utilization issues on a macOS system and notices a chart showing memory pressure. What does memory pressure indicate for macOS when the graph is yellow and looks like the following image?

- Memory resources are available but being tasked by memory management processes

Saanvi needs to verify that his Linux system is sending system logs to his SIEM. What method can he use to verify that the events he is generating are being sent and received properly?

- Generate a known event ID and monitor for it.

Maria wants to understand what a malware package does and executes it in a virtual machine that is instrumented using tools that will track what the program does, what changes it makes, and what network traffic it sends while allowing her to make changes on the system or to click files as needed. What type of analysis has Maria performed?

- Interactive behavior analysis

Alyssa is analyzing a piece of malicious code that has arrived in her organization and finds that it is an executable file. She uses specialized tools to retrieve the source code from the executable files. What type of action is she taking?

- Reverse engineering

A major new botnet infection that uses a peer-to-peer command-and-control process has been released. Latisha wants to detect infected systems but knows that peer-to-peer communication is irregular and encrypted. If she wants to monitor her entire network for this type of traffic, what method should she use to catch infected systems?

- Capture network flows for all hosts and use filters to remove normal traffic types.

While investigating a compromise, Jack discovers four files that he does not recognize and believes may be malware. What can he do to quickly and effectively check the files to see whether they are malware?

- Submit them to a site like Virus Total.

Brian's network suddenly stops working at 8:40 a.m., interrupting videoconferences, streaming, and other services throughout his organization, and then resumes functioning. When Brian logs into his PRTG console and checks his router's traffic via the primary connection's redundant network link, he sees the following graph. What should Brian presume occurred based on this information?

- His primary link went down, and he should check his secondary link for traffic.

Adam works for a large university and sees the following graph in his PRTG console when looking at a yearlong view. What behavioral analysis could he leverage based on this pattern?

- Identify unexpected traffic during breaks like the low point at Christmas.

Samantha is preparing a report describing the common attack models used by advanced persistent threat actors. Which of the following is a typical characteristic of APT attacks?

- They quietly gather information from compromised systems.

While reviewing system logs, Charles discovers that the processor for the workstation he is reviewing has consistently hit 100 percent processor utilization by the web browser. After reviewing the rest of the system, no unauthorized software appears to have been installed. What should Charles do next?

- Review the sites visited by the web browser when the CPU utilization issues occur.

Barb wants to detect unexpected output from the application she is responsible for managing and monitoring. What type of tool can she use to detect unexpected output effectivelv?

- A behavior-based analysis tool

Greg suspects that an attacker is running an SSH server on his network over a nonstandard port. What port is normally used for SSH communications?

- 22

Amanda is reviewing the security of a system that was previously compromised. She is searching for signs that the attacker has achieved persistence on the system. Which one of the following should be her highest priority to review?

- Scheduled tasks

Brendan is reviewing a series of syslog entries and notices several with different logging levels. Which one of the following messages should he review first?

- Level 0

You are looking for operating system configuration files that are stored on a Linux system. Which one of the following directories is most likely to contain those files?

- /etc

Which one of the following is not a standard Windows system process?

- MALWARESCAN. EXE

Which one of the following computer hardware components is responsible for executing instructions found in code?

- CPU

You are deciding where to place a web server in an on-premises network architecture. The server will be accessible by the general public. Which one of the following network zones would be the most appropriate?

- Screened subnet

Matthew is reviewing a new cloud service offering that his organization plans to adopt. In this offering, a cloud provider will create virtual server instances under the multitenancy model. Each server instance will be accessible only to Matthew's company. What cloud deployment model is being used?

- Private cloud

In a zero-trust network architecture, what criteria is used to make trust decisions?

- Identity of a user or device

Lynn's organization is moving toward a secure access service edge (SASE) approach to security. Which one of the following technologies is least likely to be included in a SASE architecture?

- Hypervisor

Which one of the following technologies would not commonly be used as part of a passwordless authentication approach?

- Shadow file

During their organization's incident response preparation, Manish and Linda are identifying critical information assets that the company uses. Included in their organizational data sets is a list of customer names, addresses, phone numbers, and demographic information. How should Manish and Linda classify this information?

- PII

Randy received a complaint from an end user that links from a legitimate site are being removed from email messages. After examining several of those links, he notes that they all have a common domain: http://bit.ly/3.H9CaOv http://bit.ly/3.VswDgG http://bit.ly/3.XLwMXI What is the reason these links were blocked?

- This is a URL redirection domain.

Derek sets up a series of virtual machines that are automatically created in a completely isolated environment. Once created, the systems are used to run potentially malicious software and files. The actions taken by those files and programs are recorded and then reported. What technique is Derek using?

- Sandboxing

Which one of the following attackers generally only uses code written by others with minor modifications?

- Script kiddie

Tanya is creating an open-source intelligence operation for her organization. Which one of the following sources would she be least likely to use in this work?

- Web server logs

What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?

- ISACS

Which one of the following teams is least likely to be the recipient of threat intelligence data?

- Human Resources

The ATT&CK framework defines which of the following as "the specifics behind how the adversary would attack the target"?

- The attack vector

Kevin is trying to identify security processes that may be suitable for automation. Which one of the following characteristics best identifies those processes?

- Repeatable

Brian is selecting a CASB for his organization, and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?

- API-based CASB

Sherry is deploying a zero-trust network architecture for her organization. In this approach, which one of the following characteristics would be least important in validating a login attempt?

- IP address

Lisa wants to integrate with a cloud identity provider that uses Auth 2.0, and she wants to select an appropriate authentication framework. Which of the following best suits her needs?

- OpeniD Connect

Which lookup tool provides information about a domain's registrar and physical location?

- WHOIS

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?

- loC

A PIN is an example of what type of authentication factor?

- Something you know

Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own datacenter but also leverages an laaS provider for hosting its web services and an SaaS email system. What term best describes the type of cloud environment this organization uses?

- Hybrid cloud

What type of malware is characterized by spreading from system to system under its own power by exploiting vulnerabilities that do not require user intervention?

- Worm

Which of the following threat actors typically has the greatest access to resources?

- Nation-state actors

Which one of the following information sources would not be considered an OSINT source?

- Port scans

Gabby's organization captures sensitive customer information, and salespeople and others often work with that data on local workstations and laptops. After a recent inadvertent breach where a salesperson accidentally sent a spreadsheet of customer information to another customer, her organization is seeking a technology solution that can help prevent similar problems. What should Gabby recommend?

- DLP

Ben is using the sudo command to carry out operations on a Linux server. What type of access is he using?

- Privileged access

When Luca wants to test a potentially malicious file, he uploads it to a third-party website. That website places the software in a secured testing environment, documents what it does, and then uses antimalware tools to try to identify it. What is that type of secure testing environment called?

- A sandbox

Valerie's organization recently fell victim to a scam where an attacker emailed various staff members from an account that appeared to belong to a senior vice president in the organization. The email stated that the vice president was out of the office and needed iTunes gift cards to purchase an application that she needed to accomplish her work. The email asked that the individual immediately purchase an iTunes gift card and send it back via email so that the vice president could continue her work. Valerie wants to prevent this type of attack from succeeding in the future. What should she recommend as an appropriate preventative measure?

- Implement awareness training including simulated phishing attacks.

Which of the following measures is not commonly used to assess threat intelligence?

- Detail

Sara has been asked to explain to her organization how an endpoint detection and response (ED) system could help the organization. Which of the following functions is not a typical function for an ED system?

- Cloud and network data collection and central analysis

Abdul is conducting a security audit of a multicloud computing environment that incorporates resources from AWS and Microsoft Azure. Which one of the following tools will be least useful to him?

- Pacu

Which one of the following types of malware would be most useful in a privilege escalation attack?

- Rootkit

18. Which one of the following languages is least susceptible to an injection attack?

- STIX

The company that Dan works for has recently migrated to an SaaS provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment?

- Rely on vendor testing and audits.

Florian discovered a vulnerability in a proprietary application developed by his organization. The application has a flaw that allows users to log into the system by providing a valid username and leaving the password blank. What term best describes this overflow?

- Broken access control

Lucy recently detected a cross-site scripting (XSS) vulnerability in her organization's web server. The organization operates a support forum where users can enter HTML tags and the resulting code is displayed to other site visitors. What type of cross-site scripting vulnerability did Lucy discover?

- Persistent

Alex has been asked to assess the likelihood of reconnaissance activities against her organization (a small, regional business. Her first assignment is to determine the likelihood of port scans against systems in her organization's screened subnet (otherwise known as a DMZ). How should she rate the likelihood of this occurring?

- High.

Maddox is conducting an inventory of access permissions on cloud-based object buckets, such as those provided by the AWS S3 service. What threat is he seeking to mitigate?

- Unprotected storage

Alex wants to scan a protected network and has gained access to a system that can communicate to both his scanning system and the internal network, as shown in the image here. What type of Nmap scan should Alex conduct to leverage this host if he cannot install Nap on system A?

- A proxy scan

Andrea wants to conduct a passive footprinting exercise against a target company. Which of the following techniques is not suited to a passive footprinting process?

- Banner grabbing

After Kristen received a copy of an Nmap scan run by a penetration tester that her company hired, she knows that the tester used the -o flag. What type of information should she expect to see included in the output other than open ports?

- Operating system and Common Platform Enumeration (CPE) data

Several organizations recently experienced security incidents when their AWS secret keys were published in public GitHub repositories. What is the most significant threat that could arise from this improper key management?

- Total loss of confidentiality, integrity, and availability

Cassandra's Nmap scan of an open wireless network (192.168.10/24) shows the following host at IP address 192.168.1.1. Which of the following is most likely to be the type of system at that IP address based on the scan results shown?

- A wireless router

Lakshman wants to limit what potential attackers can gather during passive or semipassive reconnaissance activities. Which of the following actions will typically most reduce his organization's footprint?

- Limit information available via the organizational website without authentication.

What is the default Nmap scan type when Nmap is not provided with a scan type flag?

- A TCP SYN scan

Nara is concerned about the risk of attackers conducting a brute-force attack against her organization. Which one of the following factors is Nara most likely to be able to control?

- Total attack surface

Which one of the following threats is the most pervasive in modern computing environments?

- Malware

During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?

- Determine the reason for the ports being open.

A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?

- MySQL

During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?

- Perform a DNS brute-force attack.

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )