Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibit.

Which encoding method is used to obfuscate the script?

A.

ASCII85 encoding

B.

Base64 encoding

C.

metamorphic encoding

D.

hex encoding

A.

Initiate a connection to 23.1.4.14 over port 8443.

B.

Generate a Windows executable file.

C.

Open the Mozilla Firefox browser.

D.

Validate the SSL certificate for 23.1.4.14.

An “unknown error code” is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?

A.

/var/log/syslog.log

B.

/var/log/vmksummary.log

C.

/var/log/shell.log

D.

/var/log/general/log

A security analyst receives a notification from SIEM that an internal host has active connections to Tor exit nodes. The analyst investigates SIEM events related to the workstation and identifies that the host scans networks for servers with an opened TCP port 1433 An antivirus scan of the workstation does not determine any suspicious activity Which two actions must the analyst take to mitigate this behavior? (Choose two.)

A.

Configure SIEM alert rules to perform quick response and mitigation

B.

Block any connection to TCP port 1433 from external sources.

C.

Block Tor nodes via an NGFW and restrict access to SQL only from trusted sources

D.

Create a Cisco Secure Network Analytics notification rule to further investigate port scanning activity

E.

Deploy EDR and SOAR for automatic quarantine of actions from suspicious hosts

An engineer must advise on how YARA rules can enhance detection capabilities. What can YARA rules be used to identify?

A.

suspicious web requests

B.

suspicious files that match specific conditions

C.

suspicious emails and possible phishing attempts

D.

network traffic patterns

A financial company handling international transactions recently experienced a complex security incident The incident involves simultaneous DDoS attacks, suspected internal data leakage and the discovery of sophisticated malware implants that have remained dormant until triggered remotely During the incident it became clear that the current procedures are inadequate and plans to tackle issues were created on the go To counter this problem going forward, the IR team is developing an incident playbook to be used if a similar incident reoccurs Which set of elements of the playbook must be introduced?

A.

Introducing DDoS mitigation procedures, internal data leak investigations, and proactive malware containment

B.

Establishing real-time collaboration procedures, increasing data encryption and revising access controls

C.

Engaging third-party cybersecurity experts expanding throat intelligence sharing and improving incident documentation

D.

Enhancing monitoring protocols, updating firewall rules, and automating traffic analysis tasks efficiently

Refer to the exhibit.

What should be determined from this Apache log?

A.

A module named mod_ssl is needed to make SSL connections.

B.

The private key does not match with the SSL certificate.

C.

The certificate file has been maliciously modified

D.

The SSL traffic setup is improper

A.

Destination IP 51.38.124.206 is identified as malicious

B.

MD5 D634c0ba04a4e9140761cbd7b057t>8c5 is identified as malicious

C.

Path http-req-51.38.124.206-80-14-1 is benign

D.

The stream must be analyzed further via the pcap file

Data has been exfiltrated and advertised for sale on the dark web. A web server shows:

    Database unresponsiveness

    PageFile.sys changes

    Disk usage spikes with CPU spikes

    High page faults

Which action should the IR team perform on the server?

A.

Review the database.log file in the program files directory for database errors

B.

Examine the system.cfg file in the Windows directory for improper system configurations

C.

Analyze the PageFile.sys file in the System Drive and the Virtual Memory configuration

D.

Check the Memory.dmp file in the Windows directory for memory leak indications

A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)

A.

Introduce a priority rating for incident response workloads.

B.

Provide phishing awareness training for the full security team.

C.

Conduct a risk audit of the incident response workflow.

D.

Create an executive team delegation plan.

E.

Automate security alert timeframes with escalation triggers.