Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?

A.

Reconnaissance

B.

Scanning

C.

Gaining access

D.

Persistence

An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been

compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?

A.

Geolocation

B.

False positive

C.

Geovelocity

D.

Advanced persistent threat (APT) activity

It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

A.

Power resources

B.

Network resources

C.

Disk resources

D.

Computing resources

E.

Financial resources

After a security breach, a security consultant is hired to perform a vulnerability assessment for a company’s web application. Which of the following tools would the consultant use?

A.

Nikto

B.

Kismet

C.

tcpdump

D.

Hydra

Which three answer options are password attack methods and techniques? (Choose three.)

A.

Cross-Site Scripting attack

B.

Brute force attack

C.

Man-in-the-middle attack

D.

Hybrid attack

E.

Dictionary attack

Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?

A.

Confidentiality

B.

Encryption

C.

Integrity

D.

Availability

E.

Chain of custody

The incident response team has completed root cause analysis for an incident. Which of the following actions should be taken in the next phase of the incident response process? (Choose two.)

A.

Providing a briefing to management

B.

Updating policies and procedures

C.

Training staff for future incidents

D.

Investigating responsible staff

E.

Drafting a recovery plan for the incident

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

A.

iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT

B.

iptables -A INPUT -p tcp –sport 25 -d x.x.x.x -j ACCEPT

C.

iptables -A INPUT -p tcp –dport 25 -j DROP

D.

iptables -A INPUT -p tcp –destination-port 21 -j DROP

E.

iptables -A FORWARD -p tcp –dport 6881:6889 -j DROP

Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?

A.

Blue team exercise

B.

Business continuity exercise

C.

Tabletop exercise

D.

Red team exercise

Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?

A.

Transaction logs

B.

Intellectual property

C.

PII/PHI

D.

Network architecture