After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?
It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been
compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be
PRIMARY focus of the incident response team?
A security investigator has detected an unauthorized insider reviewing files containing company secrets.
Which of the following commands could the investigator use to determine which files have been opened by this user?
During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following
would be the BEST action to take to plan for this kind of attack in the future?
Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?
During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?
Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?
Copyright © 2021-2024 CertsTopics. All Rights Reserved
