During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been
compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
After a security breach, a security consultant is hired to perform a vulnerability assessment for a company’s web application. Which of the following tools would the consultant use?
Which three answer options are password attack methods and techniques? (Choose three.)
Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?
The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)
A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
