Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

An alert on user account activity outside of normal business hours returns Windows even IDs 540 and 4624. In which of the following locations will these events be found?

A.

Application event log

B.

System event log

C.

Setup event log

D.

Security event log

A zero-day vulnerability is discovered on a company’s network. The security analyst conducts a log review, schedules an immediate vulnerability scan, and quarantines the infected system, but cannot determine the root cause of the vulnerability. Which of the following is a source of information that can be used to identify the cause of the vulnerability?

A.

www.virustotal.com

B.

Security RSS feeds

C.

Security software websites

D.

Government websites

A security professional has been tasked with the protection of a specific set of information essential to a corporation’s livelihood, the exposure of which could cost the company billions of dollars in long-term revenue. The professional is interested in obtaining advice for preventing the theft of this type of information. Which of the following is the BEST resource for finding this material?

A.

Law enforcement information sharing groups

B.

National Threat Assessment Center

C.

Vendor web pages that provide intelligence feeds and advisories

D.

Blogs concerning the theft of PII

Which of the following techniques allows probing firewall rule sets and finding entry points into a targeted system or network?

A.

Distributed checksum clearinghouse

B.

Firewall fingerprinting

C.

Network enumeration

D.

Packet crafting

Click the exhibit button. After reviewing captured network traffic logs, a security auditor suspects a violation of the organization’s computer use policy. Which of the following is the likely indicator of the violation?

A.

Unauthorized programs

B.

Malicious software

C.

Service disruption

D.

Registry entries

E.

New user account

A SOC analyst reviews vendor security bulletins and security blog articles against the company’s deployed system and software base. Based on current attack patterns, three vulnerabilities, including a zero-day vulnerability, have been upgraded to high priority. Which of the following should the SOC analyst recommend? (Choose two.)

A.

Reboot affected servers

B.

Implement DNS filtering

C.

Update IPS rules

D.

Implement application whitelisting

E.

Patch affected systems

During a malware outbreak, a security analyst has been asked to capture network traffic in hourly increments for analysis by the incident response team. Which of the following tcpdump commands would generate hourly pcap files?

A.

tcpdump –nn –i eth0 –w output.pcap –C 100 –W 10

B.

tcpdump –nn –i eth0 –w output.pcap –W 24

C.

tcpdump –nn –i eth0 –w output.pcap –G 3600 –W 14

D.

tcpdump –nn –i eth0 –w output.pcap

Which of the following tools can be used to identify open ports and services?

A.

netstat

B.

tcpdump

C.

nmap

D.

recon-ng

During an annual penetration test, several rootkit-enabled systems are found to be exfiltrating data. The penetration test team and the internal incident response team work to begin cleanup. The company’s operations team offers a new emails server to use for communications during the incident. As cleanup continues, the attackers seem to know exactly what the incident response plan is. Which of the following will prevent the attackers from compromising cleanup activities?

A.

Check the DNS server for rootkits placed by the attackers.

B.

Disconnect the Internet router until all systems can be checked and cleaned.

C.

Use out-of-band communication until the end of the incident.

D.

Disconnect the old emails server until they can be checked and cleaned.

The above Linux command is used to search for:

A.

MAC addresses.

B.

memory addresses.

C.

IPv4 addresses.

D.

IPv6 addresses.