After running a packet analyzer on the network, a security analyst has noticed the following output:Which of the following is occurring? A.A ping sweep B.A port scan C.A network map D.A service discovery Explanation: Show Answer
Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?
The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:Locky.js xerty.ini xerty.libFurther analysis indicates that when the .zip file is opened, it is […]
Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would
A threat intelligence analyst who works for a technology firm received this report from a vendor.“There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted isR&D data. The data exfiltration appears to occur over […]
A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the […]
During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server […]
A software patch has been released to remove vulnerabilities from company’s software. A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT? A.Fuzzing B.User acceptance testing C.Regression testing D.Penetration testing Explanation: Reference: […]
A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and production is affected. Which of the following sources would be used to evaluate which network service was interrupted? A.Syslog B.Network mapping C.Firewall logs D.NIDS Explanation: Show Answer
A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement? A.Self-service password […]
Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?
A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company’s asset inventory is not current. Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization? A.A manual log review from data sent to syslog B.An OS fingerprinting […]
A cybersecurity analyst is completing an organization’s vulnerability report and wants it to reflect assets accurately. Which of the following items should be in the report? A.Processor utilization B.Virtual hosts C.Organizational governance D.Log disposition E.Asset isolation Explanation: Show Answer