Security+ Domain 4.0
A cybersecurity investigator is investigating a breach, and the method of entry is not yet known. The investigator decides to begin by checking for suspicious entries in the routing table. Select the command-line tool that will enable the investigator to directly access the table.
NOT tracert NOT pathping Maybe route
A government agency is getting rid of older workstations. The agency will donate these workstations, along with other excess computer systems, to nearby schools. Management reminds the systems administrators about the data sanitization and disposal policy. What policy items are applicable for these IT systems, prior to donating to the schools? (Select all that apply.)
Use the DoD 5220.22-M method Degauss media with a magnet
A network technician working for a three-letter intelligence organization has to troubleshoot a specialized, air-gapped Linux device without asking any questions. The technician only has access to the CLI and needs to read a log file, without a GUI, and without network access. Outline the command that will easily enable the technician to view the file from the command line.
cat security.log
A cybersecurity student has been using dig and whois to query hosting records and check external DNS services when a fellow student recommends a tool that packages similar functions and tests into a single query. Conclude what tool the student recommended.
dnsenum
A malware expert wants to examine a new worm that is infecting Windows devices. Verify the sandbox tool that will enable the expert to contain the worm and study it in its active state.
Cuckoo
A penetration tester is testing a network's vulnerability. The first test to perform is to test how well the network's firewall responds to a flood-based Denial of Service (DoS) attack. What software tools can perform both packet sniffing and a DoS attack? (Select all that apply.)
hping Nmap
A penetration tester is experimenting with Nmap on a test network. The tester would like to know the operating system of the target device. Select all Nmap commands that will provide the tester with OS information. (Select all that apply.)
nmap xxx.xxx.x.x -O nmap xxx.xxx.x.x -A
A white-hat penetration tester is simulating an attack to check for vulnerabilities. The first step is to determine if the pen tester can scan for ports or services that have been left open, without being detected by the Intrusion Prevention System (IPS). Recommend a tool that fits the pen tester's requirements.
scanless
Identify the command that will output the 15 most recent entries in the log file called hostnames.
tail -n 15 /var/log/hostnames
A systems administrator recently hardened two servers (Linux and Windows), disabling unused ports and setting up a software firewall to block specific port connections and protocols. These servers support employees at an external branch that operates on wireless network connections and laptops. Which of the following tools will help audit the server's security settings with the least amount of effort? (Select all that apply.)
tcpdump tshark
Select the methods of containment based on the concept of isolation. (Select all that apply.)
Blackhole Physical disconnection/air gapping Sandboxing
The marketing department at a local organization has detected malicious activity on several computers. In response, IT personnel have disconnected the marketing switch from the network. Identify which incident response lifecycle step IT has enacted.
Containment
A security event popped up, alerting security of a suspicious user gaining access to, and copying files from, the %SystemRoot%\NTDS\ file path on a server. What is the user trying to do?
Gather employee login credentials.
A new cybersecurity analyst is working at his first job. The analyst requires a penetration test reporting and evidence gathering framework that can run automated tests through integration with Metasploit. Recommend a framework that will fulfill the analyst's needs.
NOT theHarvester NOT Nessus Maybe Sn1per
After a security breach, a cybersecurity analyst decides to cross-check the services and software installed on the breached network against lists of known vulnerabilities. Prescribe a software tool best suited for the analyst's purpose.
Nessus
An incident involving a data breach is under investigation at a major video game software company. The incident involves the unauthorized transfer of a sensitive file to an outside source (a leak). During the investigation, employees find that they cannot access the original file at all. Verify the data loss prevention (DLP) terminology that describes what has been done to the file in question.
Quarantine
A network administrator for a large oil company has discovered that a host on the company network has been compromised by an attacker spoofing digital certificates. Recommend an immediate response that does not require generating new certificates.
Revoke the host's certificate
Identify the command that will output the 15 oldest entries in the log file called hostnames.
head -n 15 /var/log/hostnames
An administrator of a Linux network is writing a script to transfer a list of local host names, contained in a file called hostnames, directly into the syslog file. Predict the CLI command the admin is likely to use to accomplish this.
logger -f hostnames
A cyber forensic investigator is analyzing a disk image acquired from a suspect in a major network breach and wants to generate a timeline of events from the image. Predict the tool the investigator will use to piece together a timeline of events so that they can tie the hacker's disk to the breach in question.
Autopsy
A resident cybersecurity expert is putting together a playbook. Evaluate the elements that the security expert should include in the playbook. (Select all that apply.)
Query strings to identify incident types When to report compliance incidents Incident categories and definitions
Select the methods of incident containment based on the concept of segmentation. (Select all that apply.)
Sinkhole Honeynet
A forensics analyst is attempting a live acquisition of the contents of the memory of a running Linux device. In order to copy the blocked /dev/mem file with memdump or dd, the analyst must install a kernel driver. Recommend a framework that will enable the analyst to install a kernel driver.
Volatility