REMEDIAL

31問 • 6ヶ月前

問題一覧

As a SOC analyst, you receive an alert concerning a dramatic slowdown affecting the company's e-commerce server due to the load balancer's critical failure. Your company depends on online sales for all of its business, and you know the immediate impact of this event will be a loss of sales. Which of the following is an appropriate classification of the impact in terms of the total impact and notification requirements? (SELECT THREE)

- Notification of external authorities is optional, - Total impact includes a loss of customers, - Organization impact is anticipated

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do?

- Change all devices and servers that support it to port 636 since encrypted services run by default on port 636

Which of the following lists the UEFI boot phases in the proper order?

- Security, Pre-EFI initialization, Driver Execution Environment, Boot Device Select, Transient System Load, Runtime

Your intrusion detection system has produced an alert based on its review of a series of network packets. After analysis, it is determined that the network packets did not contain any malicious activity. How should you classify this alert?

- False positive

You have evidence to believe that an attacker was scanning your network from an IP address at 172.16.1.224. This network is part of a /26 subnet. You wish to quickly filter through several logs using a REGEX for anything that came from that subnet. What REGEX expression would provide the appropriate output when searching the logs for any traffic originating from only IP addresses within that subnet?

- \b172\.16\.1\.(25[0-5]|2[0-4][0-9]|19[2-9])\b

If an attacker can compromise an Active Directory domain by utilizing an attack to grant administrative access to the domain controllers for all domain members, which type of attack is being used?

- Golden ticket

An adversary compromises a web server in your network using a zero-day exploit and then uses it as a command and control (C2) server for further attacks. Which stage of the MITRE ATT&CK framework does the use of a C2 server illustrate?

- Command and Control

Which of the following is the correct usage of the T.C.P Dump command to create a packet capture filter for all traffic going to and from the server located at 10.10.1.1?

- tcpdump -i eth0 host 10.10.1.1

Yoyodyne Systems has recently bought out its competitor, Whamiedyne Systems, which went out of business due to a series of data breaches. As a cybersecurity analyst for Yoyodyne, you are assessing Whamiedyne's existing applications and infrastructure. During your analysis, you discover the following URL is used to access an application: /// You change the URL to end with 12346 and notice that a different user's account information is displayed. Which of the following type of vulnerabilities or threats have you discovered?

- Insecure direct object reference

Which security tool is used to facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment?

- SOAR

As part of an incident response team, you've just managed a major security incident that affected your organization's operations. The management wants to know how long it took from when the incident was first detected to when the response was initiated. What key metric would best provide this information?

- Mean time to respond

Review the network diagram provided. /// Which of the following ACL entries should be added to the firewall to allow only the Human Resources (HR) computer to have SMB access to the file server (Files)? /// (Note: The firewall in this network is using implicit deny to maintain a higher level of security. ACL entries are in the format of Source IP, Destination IP, Port Number, TCP/UDP, Allow/Deny.)

- 172.16.1.3, 192.168.1.12, 445, TCP, ALLOW

A cybersecurity analyst is reviewing the logs for his company's server and sees the following output: /// Based on this potential indicator of compromise (IoC), which of the following hypotheses should you make to begin threat hunting?

- Unauthorized privileges are being utilized

You were interpreting a Nessus vulnerability scan report and identified a vulnerability in the system with a CVSS attack vector rating of A. Based on this information, which of the following statements would be true?

- The attacker must have access to the local network that the system is connected to

Dion Consulting Group has just won a contract to provide updates to an employee payroll system originally written years ago in C++. During your assessment of the source code, you notice the command "strcpy" is being used in the application. Which of the following provides is cause for concern, and what mitigation would you recommend to overcome it?

- strcpy could allow a buffer overflow to occur; upgrade the operating system to run ASLR to prevent a buffer overflow

How does timely and effective communication and reporting of vulnerabilities assist an organization in meeting the GDPR's requirement of reporting data breaches within 72 hours of detection?

- It facilitates quicker identification of vulnerabilities enabling prompt reporting to the supervisory authority

Evaluate the following log entry: /// Based on this log entry, which of the following statements are true?

- An attempted connection to the telnet service was prevented, - The packet was blocked inbound to the network

A cybersecurity analyst conducts an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?

- Privacy breach

Which attack methodology framework primarily focuses on understanding the stages of a cyber attack from the reconnaissance to the exploitation, installation, and achieving their objectives?

- Cyber Kill Chain

You have been hired to investigate a possible insider threat from a user named Terri. Which of the following commands would successfully look through all the log files in "/var/log" for any references to "Terri" or "terri" on a Linux server?

- find /var/log/ -exec grep -H -e "[Tt]erri" {} \; 2> /dev/null

You are investigating traffic involving three separate IP addresses (192.168.66.6, 10.66.6.10, and 172.16.66.1). Which REGEX expression would you use to be able to capture ONLY those three IP addresses in a single statement?

- \b(192\.168\.66\.6)|(10\.66\.6\.10)|(172\.16\.66\.1)\b

A cybersecurity analyst is attempting to classify network traffic within an organization. The analyst runs the tcpdump command and receives the following output: /// Which of the following statements is true based on this output?

- 10.0.19.121 is a client that is accessing an SSH server over port 52497

In the Cyber Kill Chain, which phase involves the attacker taking advantage of a vulnerability in the system or application to execute the delivered payload?

- Exploitation

You are analyzing the SIEM for your company's e-commerce server when you notice the following URL in the logs of your SIEM: /// Based on this line, what type of attack do you expect has been attempted?

- XML injection

Which of the following is the difference between an incident summary report and a lessons-learned report?

- An incident summary report is designed for a non-technical audience

A new alert has been distributed throughout the information security community regarding a critical Apache vulnerability. What action could you take to ONLY identify the known vulnerability?

- Perform a scan for the specific vulnerability on all web servers

- \b172\.16\.1\.(25[0-5]|2[0-4][0-9]|19[2-9])\b

How do service level objectives (SLOs) contribute to incident response?

- They define expectations for incident response times and quality, providing clear targets for the response team

Which of the following techniques would allow an attacker to get a full listing of your internal DNS information if your DNS server is not properly secured?

- Zone transfers

Which of the following categories would contain information about a French citizen's race or ethnic origin?

- SPI

Within Useful Firewall / I.D.S Evasion and Spoofing Examples: Select the Example and Switch to: Relay connections through HTTP/SOCKS4 proxies

- nmap --proxies http://192.168.1.1:8080, http://192.168.1.2:8080 192.168.1.1, --proxies

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )