A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST
likely used by the analyst for the initial discovery?
Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
-Running antivirus scans on the affected user machines
-Checking department membership of affected users
-Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
-Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?
Which term best describes an asset's susceptibility to damage or loss due to a threat?
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
Which of the following backup strategies will result in the shortest backup time during weekdays and use the least amount of storage space but incur the longest restore time?
Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?
According to SANS, when should an incident retrospective be performed?
What term means that data is valid and not corrupt?
