Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Which of the following logs should be checked to determine if an internal user connected to a potentially malicious website? (Choose two.)

A.

FTP logs

B.

Email logs

C.

Firewall logs

D.

Proxy logs

E.

HTTP logs

Which of the following describes the MOST important reason for capturing post-attack metadata?

A.

To assist in updating the Business Continuity Plan

B.

To assist in writing a security magazine article

C.

To assist in fortification of defenses to prevent future attacks

D.

To assist in improving security awareness training

During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?

A.

\Windows\Systems32\winevt\logs\System.evt

B.

\Windows\System32\winevt\Logs\System.evtx

C.

\Windows\Systems\winevt\Evtlogs\System.evtx

D.

\Windows\System\winevt\Logs\System.evt

During review of a company’s web server logs, the following items are discovered:

2015-03-01 03:32:11 www.example.com/index.asp?id=-999 or 1=convert(int,@@version)—

2015-03-01 03:35:33 www.example.com/index.asp?id=-999 or 1=convert(int,db_name())—

2015-03-01 03:38:25 www.example.com/index.asp?id=-999 or 1=convert(int,user_name())—

Which of the following is depicted in the log example above?

A.

An administrator using the web interface for application maintenance

B.

Normal web application traffic

C.

A web application scan

D.

An attempt at enumeration via SQL injection

An incident responder notices many entries in an apache access log file that contain semicolons. Which of the following attacks is MOST likely being attempted?

A.

SQL injection

B.

Remote file inclusion

C.

Account brute force

D.

Cross-site scripting

A security analyst would like to parse through several SQL logs for indicators of compromise. The analyst is aware that none of the fields should contain a string of text longer than 30 characters; however, the analyst is unaware if there are any implemented controls to prevent such an overflow. Which of the following BEST describes the regular expression the analyst should use to find any alphanumeric character string?

A.

/^[a-zA-Z0-9]{5,30}$/

B.

/^[a-zA-Z-9]{30}$/

C.

/^[a-zA-Z]{5,30}$/

D.

/^[a-Z0-9]{5,30}$/

An incident responder has captured packets associated with malware. The source port is 8765 and the destination port is 7653. Which of the following commands should be used on the source computer to help determine which program is responsible for the connection?

A.

services.msc

B.

psexec

C.

msconfig

D.

fport

An organization needs to determine of any systems on its network (10.0.25.0/24) have web services running on port 80 or 443. Which of the following is the BEST command to do this?

A.

netstat –p 80-443 10.0.25.0/24

B.

nmap –v 80,443 10.0.25.0/24

C.

netstat –v 80,443 10.0.25.0/24

D.

nmap –p 80,443 10.0.25.0/24

Which of the following can hackers use to gain access to a system over the network without knowing the actual password?

A.

User enumeration

B.

Pass the hash

C.

Port scanning

D.

Password cracking

An incident responder needs to quickly locate specific data in a large data repository. Which of the following Linux tool should be used?

A.

cat

B.

find

C.

grep

D.

man