An organization wants to perform network scans to Identify active hosts and vulnerabilities. Management places the highest priority on scans that mimic how an attack would progress. Iftime and resources allow, subsequent scans can be performed using different techniques and methods. Which of the following scan types and sequences would BEST suit the organization's requirements?
A cyber incident response team finds a vulnerability on a company website that allowed an attacker to inject malicious code into its web application. There have been numerous unsuspecting users visiting the infected page, and the malicious code executed on the victim’s browser has led to stolen cookies, hijacked sessions, malware execution, and bypassed access control. Which of the following exploits is the attacker conducting on the company’s website?
A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described?
The Chief Information Security Officer (CISO) has asked the security analyst to examine abnormally high processor utilization on a key server. The output below is from the company’s research and development (R&D) server.
Which of the following actions should the security analyst take FIRST?
Copyright © 2021-2024 CertsTopics. All Rights Reserved
