Musser final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

John has viewed and manipulated the ARP cache of his system using the arp command. He further wants to view the cache on all interfaces. Which of the following arp flags would John use?

-a

Which grep command option is used to consider search strings as discrete words?

-c

Which grep command option is used to return the names of the files with matching lines rather than the lines themselves?

-l

Which of the following search operators matches zero or one instances of the preceding character?

?

Which of the following statements are true of interception proxies? Each correct answer represents a complete solution. Choose all that apply.

A passive testing tool for analyzing the communications of web app Crawl outbound web traffic based on pre-defined factors before blocking it Determine the nature of HTTPS request that the application sends and receive

Company A allows visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect of Company A wants to ensure that the partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A's internal network from those same ports. Which of the following can be employed to allow this type of setup?

ACL

Which of the following identifies potentially malicious external domains?

Access control list

A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the best approach for the analyst to perform?

Analyze the trends of the events while manually reviewing to see if any of the indicators match.

Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?

Blue team training exercises

Which of the following is an open source network monitor for a Unix-based system that includes custom scripting languages which allow users to set detection rules and action policies?

Bro

Which of the following tools intercepts proxy for analyzing and modifying traffic to exploit web apps?

Burp Suite

Which of the following tools is used as an interception proxy for analyzing traffic and modifying traffic to exploit web apps?

Burp Suite

Which of the following tables maps MAC addresses to ports and forwards packets to specific interfaces?

CAM tables

Which graphing and monitoring tool allows users to poll services at fixed intervals and graph the resulting data?

Cacti

Which of the following statements are true of manual approach to provisioning and de-provisioning? Each correct answer represents a complete solution. Choose all that apply.

Causes interruption and service delay Requires human intervention for creation or deletion of user account

Digital evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate?

Chain of custody

Rex, a forensic analyst, after receiving the hard drive from detectives used a log to capture corresponding events prior to sending the evidence to lawyers for a court case. Which of the following do these actions indicate?

Chain of custody

Which of the following process is shown in the above figure?

Chain of custody

James, a security technician, wants to ensure security controls are functioning as intended by taking the regular measurements of network traffic levels to maintain an appropriate security posture. Which of the following security techniques is most appropriate for him to do this?

Continuous security monitoring

Which of the following governs the behavior of individuals and groups in the use of computers, the Internet, and other IT domains?

Cyberlaw

Which of the following is a Microsoft's anti-malware solution that deals with targeted protection of trusted software?

EMET (enhanced mitigation experience toolkit)

Which of the following is a proprietary tool that supports a wide range of forensic methods, including evidence collection, analysis, and reporting?

EnCase

Which of the following statements is not true of benchmarks?

Enables an organization to defend against active threat

Joe, an investigator, wants to scan a hard drive to view the deleted communication. Which of the following tools should Joe use?

FTK

What is the process of extracting data from a computer when that data has no associated file system metadata?

File carving

Which of the following is the process of extracting data from a computer when that data has no associated file system metadata?

File carving

An organization has limited the traffic flow on its network's border. For this, the organization has used a type of log which can manage user activity, control bandwidth usage, monitor IDS activity, and permit or deny connections. Which of the following types of the log is used by the organization?

Firewall

Which of the following incident handling tools is used for recovery of deleted data? Each correct answer represents a complete solution. Choose all that apply.

Foremost TestDisk

Which of the following statements describes a cyberlaw? Each correct answer represents a complete solution. Choose all that apply.

Governs the behavior of individuals and groups in the use of computers and the Internet Varies significantly depending on the jurisdiction

Identify the alert generated when the cryptographic hash of an important file does not match with its accepted value?

HIDS/ HIPS (host intrusion detection system/host intrusion prevention system)

Which of the following is a proprietary SIEM tool that has a limited trial version?

HP ArcSight

Which of the following methods of analysis identifies the nature of an entity by subjecting it to a particular environment?

Heuristic

An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

Honeypot

Andrew works as a security administrator for uCertify Inc. He wants to capture attack details on his network that are occurring while also protecting his production network. Which of the following will he implement to accomplish this task?

Honeypot

Ann, a security analyst, while reviewing the monthly Internet usage noticed that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations AUP. Which of the following tool or technology will work best for her to obtain more information on this traffic?

IDS logs

Due to new regulations, an organization has decided to initiate an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would best support the program? Each correct answer represents a complete solution. Choose two.

ITIL OWASP

What is the follow-up process of a penetration test?

Identifying assets marked as vulnerable and determining ways to remediate the system

Which of the following statements are true of RADIUS (Remote Authentication Dial-In User Service)? Each correct answer represents a complete solution. Choose all that apply.

Implements AAA for users requesting remote access to a network service Uses a two-step process for managing network access Uses User Datagram Protocol for communication

Ann appointed as a new CTO (Chief Technology Officer) for a company. He is seeking recommendations for network monitoring services for the local Intranet. He would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?

Installation of a firewall on the internal interface and an NIDS on the external interface of the gateway router.

Which of the following is a hardened server that provides access to other hosts?

Jumpbox

Which of the following is a Windows-based proprietary log management platform that collects Linux syslog and Windows event log data from a variety of different networking and host-based appliances?

Kiwi Syslog Server

Which of the following log analysis tools collects Linux syslog and Windows event log data from different networking and host-based appliances?

Kiwi Syslog Server

Which of the following log analysis tools parses system logs and creates a report on various aspects that users specify?

Logwatch

Which of the following is a means of restricting access to objects and formal authorization of subjects based on the sensitivity of the information contained in them?

MAC (mandatory access control)

Who is responsible for communicating an incident to the employees? Each correct answer represents a complete solution. Choose all that apply.

Marketing HR

An incident response report discovers a virus that was introduced through a remote host connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?

NAC

Which of the following are examples of WAF (web application firewall)? Each correct answer represents a complete solution. Choose all that apply.

NAXSI ModSecurity Imperva SecureSphere WAF

Sia, a cybersecurity analyst, wants to use a command utility to identify open ports and running services on a host along with the application associated with those services and port. Which of the following should she use to achieve this?

Netstat

Which of the following SIEM tools is developed by AlienVault and combines a selection of tools designed to help administrators in computer security, intrusion detection and prevention?

OSSIM

Which is an online community that provides free access to various articles, methodologies, and tools on web application security?

OWASP (Open Web Application Security Project)

Which of the following is a community effort that provides free access to a number of secure programming resources?

Open Web Application Security Project

Which of the following fuzzers provides customizable testing definitions for a wide range of computing protocols and file types?

Peach

James works as a security administrator for a company. He wants to actively test that an application's security controls are in place or not. Which of the following assessments will he perform to test this?

Penetration test

A security administrator wants to manage both local and remote hosts together on a Windows system. Which of the following can a security administrator use to accomplish this?

PowerShell

Each correct answer represents a complete solution. Choose all that apply.

Provides full disk encryption Provides application whitelisting functionality Reduces data loss Contains centralized in-house server for distributing malware signature update

Andrew, a security administrator, wants to monitor and limit users' access to external websites. Which of the following will he implement to address this?

Proxy server

Which of the following best describes the offensive participants in a tabletop exercise?

Red team

Which of the following consists of a group of characters that describe how to execute a specific search pattern on a given text?

Regular expression

What is meant by isolation?

Removing an affected component which is a part of a larger environment

Which of the following involves deconstructing existing hardware or software to its basest level?

Reverse engineering

Adam found that an extra NIC (network interface controller) has been installed on his computer which is creating a side channel for an attack on his computer. What is the term used for such type of unauthorized equipment?

Rogue hardware

Which of the following aspects of identity schemes leads to privilege creep when roles are poorly defined?

Role

An organization wishes to update its network resources for which it provides access only to its network managers and other network experts. It also wants the entries in the database table to be monitored for which it provides access to a database administrator. Which of the following factors is the organization using for providing access to a particular entity based on the entity's responsibilities?

Role-based

An organization wishes to conduct a pen test to assess organization's security posture. To conduct the test, the organization needs to specify various guidelines and constraints. Which of the following documents the same?

Rules of engagement

Which of the following security monitoring tools is a conglomeration of open standards that identify flaws in security configurations?

SCAP

Which of the following log analysis tools runs as a single process that monitors a stream of events producing output through external programs such as snmptrap?

SEC (Simple event correlator)

Which of the following enables a security personnel to take defensive actions more quickly by providing real-time or near-real-time analysis of security alerts generated by network hardware and applications?

SIEM

Which tool provides real-time analysis of security alerts generated by applications and devices?

SIEM

A security administrator is constructing a development environment and places three virtual servers in a new virtual network to isolate them from the production network. Which of the following describes the environment the administrator is building?

Sandbox

You suspect a program that contains malware on a cloud server. You want to test the program by safely executing it in an isolated environment. Which of the following techniques will you use?

Sandboxing

Which of the following is an act of permanently removing all the data from a storage device?

Sanitization

Who is responsible for providing technical support to other team members when dealing with fully designed systems?

Security specialist

An organization has a website that is accessed in its partner organization. The users in the partner organization reset their passwords by pressing a button to get an email containing the reset link. Which of the following function allows the users to reset the password?

Self-service reset

Which of the following devices provides load balancing and data backups during DDoS attacks and data destruction breaches?

Server

Which of the following is a network defense method that redirects outbound malicious traffic to an internal host so that it remains inside the network?

Sinkhole

Rex, a security analyst, has been asked to remediate a server vulnerability. Once he has located a patch for the vulnerability, which of the following should he perform next?

Start the change control process.

Brena, a security analyst, notices that external users are constantly reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices will she implement to prevent this issue?

Stress testing

Which of the following TCP/IP protocol is used to communicate logs to another system, uses UDP port 514, and is compatible with all the operating systems?

Syslog

Which of the following protocols developed by Cisco provides full encryption and communication over TCP for clients requesting access to network resources?

TACACS+

Which of the following provides inherent reliability and better availability of the AAA mechanism as compared to RADIUS?

TACACS+

Which of the following software tools of forensic toolkit is a library and collection of Unix- and Window-based utilities and has graphical frontend called Autopsy?

TSK (The Sleuth Kit)

Which of the following factors restricts an organization's access control policy to mitigate risk?

Time

What is the function of a sinkhole?

To reroute malicious outbound traffic from an organization's network

What is the purpose of creating Trusted Foundry?

To secure integrated circuits used in critical systems throughout the entire supply chain

Which of the following criminal offenses are introduced by the UK Computer Misuse Act?

Unauthorized modification of computer material Unauthorized access with intent to commit or facilitate commission of further offense Unauthorized access to computer material

Which of the following statements are true of SDEE (Security Device Event Exchange) server? Each correct answer represents a complete solution. Choose all that apply.

Uses HTTP/HTTPS and XML protocols to communicate between different types of systems An IDS alert format and transport protocol specification Based on Simple Object Access Protocol

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing and during which phase of the SDLC should this occur? Each correct answer represents a complete solution. Choose two.

Verification phase Fuzzing

Which of the following protocols is an application-layer firewall that applies a set of rules to HTTP traffic and protects web servers and clients from malicious traffic?

WAF

Samuel, a cybersecurity professional, is assigned a work of actively verifying the strength of the security controls on an organization's live modem pool. Which of the following activities will be the best for him to verify this?

War dialing

Which pen testing color-coded team decides over the simulations and defines the ROE (rules of engagement)?

White

Which of the following approaches simulates an inside attacker with an extensive knowledge about the target?

White box

Which of the following malware consumes maximum bandwidth to quickly replicate through network channels and congests the entire network even at a small payload?

Worms

Ann, a security analyst, discovers unusual network traffic from a workstation. She notices that the workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of this infection. Which of the following attacks has occurred on the workstation?

Zero-day attack

Sam works as a cybersecurity analyst for a company. He wants to make a full copy of an image for forensics use. Which of following command utilities would he use to achieve this?

dd

Which of the following commands would a cybersecurity analyst use to make a copy of an image for forensics use?

dd

Question 63 :In piping, which of the following command utilities are combined together to form a single command?Each correct answer represents a complete solution. Choose three.

diff grep cut

A user wants to compare two text files, iplog1.txt and iplog2.txt, to find the lines that are not same in both the files. What is the correct format that the user should follow to get the difference between these files by using diff command?

diff iplog1.txt iplog2.txt

An administrator of an organization has found specific string values missing from a text file. Which of the following commands will help the administrator to search for the same?

grep

In Linux, which of the following commands is used when users need to search for specific strings in a log file, like a particular source or event ID?

grep

Which of the following commands searches text files for specific strings, regardless of the size of the log file in Linux computing?

grep


Kaugnay na mga set ng pag-aaral

NUR 2092 Pharmacology Ch 51 Drugs acting on the Renal system - diuretic agents

View Set

Chapter 13: Social and Emotional Development in Middle Childhood

View Set

Quiz 1(Geo 155 Discussion section)

View Set

AP World History Period 4 Global Interactions

View Set

2.6 inorganic compounds include water, salts, and many acids and bases

View Set