Which of the following logs should be checked to determine if an internal user connected to a potentially malicious website? (Choose two.)
Which of the following describes the MOST important reason for capturing post-attack metadata?
During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?
During review of a company’s web server logs, the following items are discovered:
2015-03-01 03:32:11 www.example.com/index.asp?id=-999 or 1=convert(int,@@version)—
2015-03-01 03:35:33 www.example.com/index.asp?id=-999 or 1=convert(int,db_name())—
2015-03-01 03:38:25 www.example.com/index.asp?id=-999 or 1=convert(int,user_name())—
Which of the following is depicted in the log example above?
An incident responder notices many entries in an apache access log file that contain semicolons. Which of the following attacks is MOST likely being attempted?
A security analyst would like to parse through several SQL logs for indicators of compromise. The analyst is aware that none of the fields should contain a string of text longer than 30 characters; however, the analyst is unaware if there are any implemented controls to prevent such an overflow. Which of the following BEST describes the regular expression the analyst should use to find any alphanumeric character string?
An incident responder has captured packets associated with malware. The source port is 8765 and the destination port is 7653. Which of the following commands should be used on the source computer to help determine which program is responsible for the connection?
An organization needs to determine of any systems on its network (10.0.25.0/24) have web services running on port 80 or 443. Which of the following is the BEST command to do this?
Which of the following can hackers use to gain access to a system over the network without knowing the actual password?
An incident responder needs to quickly locate specific data in a large data repository. Which of the following Linux tool should be used?