Musser final
John has viewed and manipulated the ARP cache of his system using the arp command. He further wants to view the cache on all interfaces. Which of the following arp flags would John use?
-a
Which grep command option is used to consider search strings as discrete words?
-c
Which grep command option is used to return the names of the files with matching lines rather than the lines themselves?
-l
Which of the following search operators matches zero or one instances of the preceding character?
?
Which of the following statements are true of interception proxies? Each correct answer represents a complete solution. Choose all that apply.
A passive testing tool for analyzing the communications of web app Crawl outbound web traffic based on pre-defined factors before blocking it Determine the nature of HTTPS request that the application sends and receive
Company A allows visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect of Company A wants to ensure that the partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A's internal network from those same ports. Which of the following can be employed to allow this type of setup?
ACL
Which of the following identifies potentially malicious external domains?
Access control list
A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the best approach for the analyst to perform?
Analyze the trends of the events while manually reviewing to see if any of the indicators match.
Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?
Blue team training exercises
Which of the following is an open source network monitor for a Unix-based system that includes custom scripting languages which allow users to set detection rules and action policies?
Bro
Which of the following tools intercepts proxy for analyzing and modifying traffic to exploit web apps?
Burp Suite
Which of the following tools is used as an interception proxy for analyzing traffic and modifying traffic to exploit web apps?
Burp Suite
Which of the following tables maps MAC addresses to ports and forwards packets to specific interfaces?
CAM tables
Which graphing and monitoring tool allows users to poll services at fixed intervals and graph the resulting data?
Cacti
Which of the following statements are true of manual approach to provisioning and de-provisioning? Each correct answer represents a complete solution. Choose all that apply.
Causes interruption and service delay Requires human intervention for creation or deletion of user account
Digital evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate?
Chain of custody
Rex, a forensic analyst, after receiving the hard drive from detectives used a log to capture corresponding events prior to sending the evidence to lawyers for a court case. Which of the following do these actions indicate?
Chain of custody
Which of the following process is shown in the above figure?
Chain of custody
James, a security technician, wants to ensure security controls are functioning as intended by taking the regular measurements of network traffic levels to maintain an appropriate security posture. Which of the following security techniques is most appropriate for him to do this?
Continuous security monitoring
Which of the following governs the behavior of individuals and groups in the use of computers, the Internet, and other IT domains?
Cyberlaw
Which of the following is a Microsoft's anti-malware solution that deals with targeted protection of trusted software?
EMET (enhanced mitigation experience toolkit)
Which of the following is a proprietary tool that supports a wide range of forensic methods, including evidence collection, analysis, and reporting?
EnCase
Which of the following statements is not true of benchmarks?
Enables an organization to defend against active threat
Joe, an investigator, wants to scan a hard drive to view the deleted communication. Which of the following tools should Joe use?
FTK
What is the process of extracting data from a computer when that data has no associated file system metadata?
File carving
Which of the following is the process of extracting data from a computer when that data has no associated file system metadata?
File carving
An organization has limited the traffic flow on its network's border. For this, the organization has used a type of log which can manage user activity, control bandwidth usage, monitor IDS activity, and permit or deny connections. Which of the following types of the log is used by the organization?
Firewall
Which of the following incident handling tools is used for recovery of deleted data? Each correct answer represents a complete solution. Choose all that apply.
Foremost TestDisk
Which of the following statements describes a cyberlaw? Each correct answer represents a complete solution. Choose all that apply.
Governs the behavior of individuals and groups in the use of computers and the Internet Varies significantly depending on the jurisdiction
Identify the alert generated when the cryptographic hash of an important file does not match with its accepted value?
HIDS/ HIPS (host intrusion detection system/host intrusion prevention system)
Which of the following is a proprietary SIEM tool that has a limited trial version?
HP ArcSight
Which of the following methods of analysis identifies the nature of an entity by subjecting it to a particular environment?
Heuristic
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?
Honeypot
Andrew works as a security administrator for uCertify Inc. He wants to capture attack details on his network that are occurring while also protecting his production network. Which of the following will he implement to accomplish this task?
Honeypot
Ann, a security analyst, while reviewing the monthly Internet usage noticed that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations AUP. Which of the following tool or technology will work best for her to obtain more information on this traffic?
IDS logs
Due to new regulations, an organization has decided to initiate an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would best support the program? Each correct answer represents a complete solution. Choose two.
ITIL OWASP
What is the follow-up process of a penetration test?
Identifying assets marked as vulnerable and determining ways to remediate the system
Which of the following statements are true of RADIUS (Remote Authentication Dial-In User Service)? Each correct answer represents a complete solution. Choose all that apply.
Implements AAA for users requesting remote access to a network service Uses a two-step process for managing network access Uses User Datagram Protocol for communication
Ann appointed as a new CTO (Chief Technology Officer) for a company. He is seeking recommendations for network monitoring services for the local Intranet. He would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?
Installation of a firewall on the internal interface and an NIDS on the external interface of the gateway router.
Which of the following is a hardened server that provides access to other hosts?
Jumpbox
Which of the following is a Windows-based proprietary log management platform that collects Linux syslog and Windows event log data from a variety of different networking and host-based appliances?
Kiwi Syslog Server
Which of the following log analysis tools collects Linux syslog and Windows event log data from different networking and host-based appliances?
Kiwi Syslog Server
Which of the following log analysis tools parses system logs and creates a report on various aspects that users specify?
Logwatch
Which of the following is a means of restricting access to objects and formal authorization of subjects based on the sensitivity of the information contained in them?
MAC (mandatory access control)
Who is responsible for communicating an incident to the employees? Each correct answer represents a complete solution. Choose all that apply.
Marketing HR
An incident response report discovers a virus that was introduced through a remote host connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?
NAC
Which of the following are examples of WAF (web application firewall)? Each correct answer represents a complete solution. Choose all that apply.
NAXSI ModSecurity Imperva SecureSphere WAF
Sia, a cybersecurity analyst, wants to use a command utility to identify open ports and running services on a host along with the application associated with those services and port. Which of the following should she use to achieve this?
Netstat
Which of the following SIEM tools is developed by AlienVault and combines a selection of tools designed to help administrators in computer security, intrusion detection and prevention?
OSSIM
Which is an online community that provides free access to various articles, methodologies, and tools on web application security?
OWASP (Open Web Application Security Project)
Which of the following is a community effort that provides free access to a number of secure programming resources?
Open Web Application Security Project
Which of the following fuzzers provides customizable testing definitions for a wide range of computing protocols and file types?
Peach
James works as a security administrator for a company. He wants to actively test that an application's security controls are in place or not. Which of the following assessments will he perform to test this?
Penetration test
A security administrator wants to manage both local and remote hosts together on a Windows system. Which of the following can a security administrator use to accomplish this?
PowerShell
Each correct answer represents a complete solution. Choose all that apply.
Provides full disk encryption Provides application whitelisting functionality Reduces data loss Contains centralized in-house server for distributing malware signature update
Andrew, a security administrator, wants to monitor and limit users' access to external websites. Which of the following will he implement to address this?
Proxy server
Which of the following best describes the offensive participants in a tabletop exercise?
Red team
Which of the following consists of a group of characters that describe how to execute a specific search pattern on a given text?
Regular expression
What is meant by isolation?
Removing an affected component which is a part of a larger environment
Which of the following involves deconstructing existing hardware or software to its basest level?
Reverse engineering
Adam found that an extra NIC (network interface controller) has been installed on his computer which is creating a side channel for an attack on his computer. What is the term used for such type of unauthorized equipment?
Rogue hardware
Which of the following aspects of identity schemes leads to privilege creep when roles are poorly defined?
Role
An organization wishes to update its network resources for which it provides access only to its network managers and other network experts. It also wants the entries in the database table to be monitored for which it provides access to a database administrator. Which of the following factors is the organization using for providing access to a particular entity based on the entity's responsibilities?
Role-based
An organization wishes to conduct a pen test to assess organization's security posture. To conduct the test, the organization needs to specify various guidelines and constraints. Which of the following documents the same?
Rules of engagement
Which of the following security monitoring tools is a conglomeration of open standards that identify flaws in security configurations?
SCAP
Which of the following log analysis tools runs as a single process that monitors a stream of events producing output through external programs such as snmptrap?
SEC (Simple event correlator)
Which of the following enables a security personnel to take defensive actions more quickly by providing real-time or near-real-time analysis of security alerts generated by network hardware and applications?
SIEM
Which tool provides real-time analysis of security alerts generated by applications and devices?
SIEM
A security administrator is constructing a development environment and places three virtual servers in a new virtual network to isolate them from the production network. Which of the following describes the environment the administrator is building?
Sandbox
You suspect a program that contains malware on a cloud server. You want to test the program by safely executing it in an isolated environment. Which of the following techniques will you use?
Sandboxing
Which of the following is an act of permanently removing all the data from a storage device?
Sanitization
Who is responsible for providing technical support to other team members when dealing with fully designed systems?
Security specialist
An organization has a website that is accessed in its partner organization. The users in the partner organization reset their passwords by pressing a button to get an email containing the reset link. Which of the following function allows the users to reset the password?
Self-service reset
Which of the following devices provides load balancing and data backups during DDoS attacks and data destruction breaches?
Server
Which of the following is a network defense method that redirects outbound malicious traffic to an internal host so that it remains inside the network?
Sinkhole
Rex, a security analyst, has been asked to remediate a server vulnerability. Once he has located a patch for the vulnerability, which of the following should he perform next?
Start the change control process.
Brena, a security analyst, notices that external users are constantly reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices will she implement to prevent this issue?
Stress testing
Which of the following TCP/IP protocol is used to communicate logs to another system, uses UDP port 514, and is compatible with all the operating systems?
Syslog
Which of the following protocols developed by Cisco provides full encryption and communication over TCP for clients requesting access to network resources?
TACACS+
Which of the following provides inherent reliability and better availability of the AAA mechanism as compared to RADIUS?
TACACS+
Which of the following software tools of forensic toolkit is a library and collection of Unix- and Window-based utilities and has graphical frontend called Autopsy?
TSK (The Sleuth Kit)
Which of the following factors restricts an organization's access control policy to mitigate risk?
Time
What is the function of a sinkhole?
To reroute malicious outbound traffic from an organization's network
What is the purpose of creating Trusted Foundry?
To secure integrated circuits used in critical systems throughout the entire supply chain
Which of the following criminal offenses are introduced by the UK Computer Misuse Act?
Unauthorized modification of computer material Unauthorized access with intent to commit or facilitate commission of further offense Unauthorized access to computer material
Which of the following statements are true of SDEE (Security Device Event Exchange) server? Each correct answer represents a complete solution. Choose all that apply.
Uses HTTP/HTTPS and XML protocols to communicate between different types of systems An IDS alert format and transport protocol specification Based on Simple Object Access Protocol
A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing and during which phase of the SDLC should this occur? Each correct answer represents a complete solution. Choose two.
Verification phase Fuzzing
Which of the following protocols is an application-layer firewall that applies a set of rules to HTTP traffic and protects web servers and clients from malicious traffic?
WAF
Samuel, a cybersecurity professional, is assigned a work of actively verifying the strength of the security controls on an organization's live modem pool. Which of the following activities will be the best for him to verify this?
War dialing
Which pen testing color-coded team decides over the simulations and defines the ROE (rules of engagement)?
White
Which of the following approaches simulates an inside attacker with an extensive knowledge about the target?
White box
Which of the following malware consumes maximum bandwidth to quickly replicate through network channels and congests the entire network even at a small payload?
Worms
Ann, a security analyst, discovers unusual network traffic from a workstation. She notices that the workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of this infection. Which of the following attacks has occurred on the workstation?
Zero-day attack
Sam works as a cybersecurity analyst for a company. He wants to make a full copy of an image for forensics use. Which of following command utilities would he use to achieve this?
dd
Which of the following commands would a cybersecurity analyst use to make a copy of an image for forensics use?
dd
Question 63 :In piping, which of the following command utilities are combined together to form a single command?Each correct answer represents a complete solution. Choose three.
diff grep cut
A user wants to compare two text files, iplog1.txt and iplog2.txt, to find the lines that are not same in both the files. What is the correct format that the user should follow to get the difference between these files by using diff command?
diff iplog1.txt iplog2.txt
An administrator of an organization has found specific string values missing from a text file. Which of the following commands will help the administrator to search for the same?
grep
In Linux, which of the following commands is used when users need to search for specific strings in a log file, like a particular source or event ID?
grep
Which of the following commands searches text files for specific strings, regardless of the size of the log file in Linux computing?
grep
