- REMEDIALS - | 暗記メーカー

- REMEDIALS -

46問 • 5ヶ月前

問題一覧

This will allow an authorized administrator the option to change a great deal about an operating system, but it cannot explicitly stop a process or service that is already running

- secpol.msc

This is a method of cracking passwords, encryption keys, or other authentication credentials by systematically trying every possible combination until the correct one is found. It's essentially like trying every key on a keyring until you find the one that opens the lock.

- Brute force

This provides an excellent methodology for communicating cyber events and allowing an analyst to derive mitigation strategies implicitly.

- Diamond Model of Intrusion Analysis

Your organization is transitioning to a cloud environment and wants to ensure its new infrastructure is secure. What tool could you utilize to assess the security of your cloud infrastructure?

- Pacu

This is a statement by which to determine a course of action. This aims to streamline particular processes according to a set routine or sound practice.

- Guidelines

is a class of cybersecurity vulnerabilities that exploit a fundamental performance optimization technique used in nearly all modern C.P.U. (Central Processing Units) called speculative execution. It allows attackers to trick a victim program into revealing sensitive data that it should not normally have access to.

- Spectre Attack

This refers to the physical and virtual resources used in the attack, not the tools or techniques used in the attack.

- Infrastructure

The 2017 WannaCry ransomware attack exploited a specific vulnerability in Microsoft's implementation of the SMB protocol, impacting thousands of computers worldwide. Which of the following patches, if applied timely, could have prevented this large-scale compromise?

- MS17-010

( H.T.T.P.S. ) - HyperText Transfer Protocol Secure

- Port 443

( NetBIOS - N.S. ) - NetBIOS Name Service supports Windows File Sharing with pre-Windows 2000 version hosts

- Port 137

This was a significant security bug disclosed in April 2016 that affected both Microsoft Windows and Samba servers. Samba is an open-source software suite that provides file and print services to SMB/CIFS clients, enabling Linux/Unix systems to interact with Windows environments.

- Badlock

Short for Decrypting R.S.A with Obsolete and Weakened eNcryption) is a serious cross-protocol security flaw discovered in March 2016. It allows attackers to decrypt sensitive communications, even those protected by modern TLS (Transport Layer Security) protocols, by leveraging support for the outdated and insecure SSLv2 protocol.

- DROWN

This is a detailed investigation of an incident to understand its origin, extent, and impact. While it can inform lessons learned, it does not itself represent the comprehensive review process aimed at improving future responses.

- Forensic analysis

Within Timing and Performance EXT: Select the Example and Switch to: Parallel host scan group sizes

- 50; 1024, --min-hostgroup/max-hostgroup <size>

Within Timing and Performance EXT: Select the Example and Switch to: Adjust delay between probes

- 20ms; 2s; 4m; 5h, --scan-delay/--max-scan-delay <time>

Within Useful Output Examples: Select the Example and Switch to: Grepable output to screen. -oN -, -oX - also usable

- nmap 192.168.1.1 -oG -, -oG -

Summarize the following Vector String: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

- A vulnerability with Base metric values of, , - “Attack Vector: Network, , - Attack Complexity: Low,, - Privileges Required: High,, - User Interaction: None, , - Scope: Unchanged, , - Confidentiality: Low, , - Integrity: Low, , - Availability: None” , - and no specified Temporal or Environmental metrics

] (right square bracket):

- Encoded as %5D.

, (comma):

- Encoded as %2C.

Within Scan Techniques: Select the Example and Switch to: TCP SYN port scan (Default)

- nmap 192.168.1.1 -sS, -sS

You have evidence to believe that an attacker was scanning your network from an IP address at 172.16.1.224. This network is part of a /26 subnet. You wish to quickly filter through several logs using a REGEX for anything that came from that subnet. What REGEX expression would provide the appropriate output when searching the logs for any traffic originating from only IP addresses within that subnet?

- \b172\.16\.1\.(25[0-5]|2[0-4][0-9]|19[2-9])\b

Barrett needs to verify settings on a macOS computer to ensure that the configuration he expects is currently set on the system. What type of file is commonly used to store configuration settings for a macOS system?

- plists

Richard attempted to visit a website and received a DNS response from the DNS cache server pointing to the wrong IP address. Which of the following attacks has occurred?

- DNS poisoning

A cybersecurity analyst is reviewing the logs of an authentication server and saw the following output: /// What type of attack was most likely being attempted by the attacker?

- Brute force

A healthcare facility is using a proprietary Electronic Health Records (EHR) system with undisclosed inner workings. How might this secrecy impact their ability to manage vulnerabilities?

- By making it difficult for the organization to fully comprehend and address system vulnerabilities

In the preparation phase of the incident management life cycle, which aspect involves assembling and maintaining a collection of scripts, applications, and other software that can be used to respond to a cyber threat effectively?

- Tools

In the process of fine-tuning your incident management lifecycle, you decide to execute simulated incident scenarios. These scenarios are designed to evaluate how well your incident response plans work and boost the readiness of your response teams. What element of the preparation phase does this practice best represent?

- Tabletop exercises

In the Cyber Kill Chain, which phase involves the attacker taking advantage of a vulnerability in the system or application to execute the delivered payload?

- Exploitation

Which of the following roles should coordinate communications with the media during an incident response?

- Public relations

You have been hired to investigate a possible insider threat from a user named Terri. Which command would you use to review all sudo commands ever issued by Terri (whose login account is terri and UID=1003) on a Linux system? (Select the MOST efficient command)

- journalctl _UID=1003 | grep sudo

Will is using a device to copy signals from cabling to a monitor port. The device doesn't interfere with network traffic so it has lower visibility and won't prevent traffic from flowing if power to the device is lost. What type of tap is Will using?

- Passive

Consider the following data: /// Which of the following best describes the data presented above?

- A JSON excerpt that describes an APT using the Structured Threat Information eXpression (STIX) format

While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?

- 192.186.1.100

You are the first forensic analyst to arrive on the scene of a data breach. You have been asked to begin evidence collection on the server while waiting for the rest of your team to arrive. Which of the following evidence should you capture first?

- L3 cache

Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week, and then the backups should be transported to an off-site facility for storage. What strategy should Hilda choose to BEST meet these requirements?

- Create a daily incremental backup to tape

- \b172\.16\.1\.(25[0-5]|2[0-4][0-9]|19[2-9])\b

What remediation strategies are the MOST effective in reducing the risk to an embedded ICS from a network-based compromise? (Select TWO)

- Disabling unused services, - Segmentation

You are conducting a quick nmap scan of a target network. You want to conduct an SYN scan, but you don't have raw socket privileges on your workstation. Which of the following commands should you use to conduct the SYN scan from your workstation?

- nmap -sT

An adversary compromises a web server in your network using a zero-day exploit and then uses it as a command and control (C2) server for further attacks. Which stage of the MITRE ATT&CK framework does the use of a C2 server illustrate?

- Command and Control

You identified a critical vulnerability in one of your organization's databases. You researched a solution, but it will require the server to be taken offline during the patch installation. You have received permission from the Change Advisory Board to implement this emergency change at 11 pm once everyone has left the office. It is now 3 pm; what action(s) should you take now to best prepare for implementing this evening's change? (SELECT ALL THAT APPLY)

- Identify any potential risks associated with installing the patch, - Validate the installation of the patch in a staging environment, - Ensure all stakeholders are informed of the planned outage, - Document the change in the change management system

After a significant security breach involving customer data leakage, your organization conducts a comprehensive review. The aim is to comprehend the contributing factors that led to this incident and to establish measures to avert such incidents in the future. Which term best describes this specific post-incident activity?

- Lessons learned

As a SOC analyst, you receive an alert concerning a dramatic slowdown affecting the company's e-commerce server due to the load balancer's critical failure. Your company depends on online sales for all of its business, and you know the immediate impact of this event will be a loss of sales. Which of the following is an appropriate classification of the impact in terms of the total impact and notification requirements? (SELECT THREE)

- Notification of external authorities is optional, - Total impact includes a loss of customers, - Organization impact is anticipated

What type of malware is designed to be difficult for malware analysts to reverse engineer?

- Armored virus

Cybersecurity analysts are experiencing some issues with their vulnerability scans aborting because the previous day's scans are still running when the scanner attempts to start the current day's scans. Which of the following recommendations is LEAST likely to resolve this issue?

- Reduce the sensitivity of scans

After a cyber incident at your organization where a ransomware attack crippled the operational servers, your team is tasked with conducting an in-depth examination. The goal is to trace back the origin of the attack, determining where and how it penetrated your defenses. Which activity would best aid your team in this endeavor?

- Root cause analysis

Your intrusion detection system has produced an alert based on its review of a series of network packets. After analysis, it is determined that the network packets did not contain any malicious activity. How should you classify this alert?

- False positive

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )