Join the discussion
Question 1/83
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
Correct Answer: C
Add Comments
- Other Question (83q)
- Q1. While reviewing some audit logs, an analyst has identified consistent modifications to the...
- Q2. Which of the following, when exposed together, constitutes PII? (Choose two.)...
- Q3. A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) tra...
- Q4. What is the definition of a security breach?
- Q5. Which of the following are core functions of SIEM solutions?...
- Q6. Which three disk image formats are used for evidence collection and preservation? (Choose ...
- Q7. After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data...
- Q8. A suspicious script was found on a sensitive research system. Subsequent analysis determin...
- Q9. Which of the following is considered a weakness or gap in a security program that can be e...
- Q10. Which two options represent the most basic methods for designing a DMZ network firewall? (...
- Q11. During an incident, the following actions have been taken: -Executing the malware in a san...
- Q12. Which of the following is susceptible to a cache poisoning attack?...
- Q13. During a log review, an incident responder is attempting to process the proxy server's log...
- Q14. Which of the following is a cybersecurity solution for insider threats to strengthen infor...
- Q15. A Linux administrator is trying to determine the character count on many log files. Which ...
- Q16. In a Linux operating system, what kind of information does a /var/log/daemon.log file cont...
- Q17. A security analyst needs to capture network traffic from a compromised Mac host. They atte...
- Q18. A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers t...
- Q19. A web server is under a denial of service (DoS) attack. The administrator reviews logs and...
- Q20. Senior management has stated that antivirus software must be installed on all employee wor...
- Q21. An organization recently suffered a data breach involving a server that had Transmission C...
- Q22. Which of the following plans helps IT security staff detect, respond to, and recover from ...
- Q23. A company help desk is flooded with calls regarding systems experiencing slow performance ...
- Q24. Which of the following would MOST likely make a Windows workstation on a corporate network...
- Q25. A security administrator needs to review events from different systems located worldwide. ...
- Q26. A Windows system administrator has received notification from a security analyst regarding...
- Q27. During which phase of the incident response process should an organization develop policie...
- Q28. Which of the following is a social engineering tactic in which an attacker engages in temp...
- Q29. A security analyst has discovered that an application has failed to run. Which of the foll...
- Q30. When performing a vulnerability assessment from outside the perimeter, which of the follow...
- Q31. Traditional SIEM systems provide:
- Q32. Which part of a proactive approach to system security is responsible for identifying all p...
- Q33. A company website was hacked via the following SQL query: email, passwd, login_id, full_na...
- Q34. While planning a vulnerability assessment on a computer network, which of the following is...
- Q35. Which approach to cybersecurity involves a series of defensive mechanisms that are layered...
- Q36. Which of the following types of attackers would be MOST likely to use multiple zero-day ex...
- Q37. Which of the following describes United States federal government cybersecurity policies a...
- Q38. Which of the following methods are used by attackers to find new ransomware victims? (Choo...
- Q39. A company that maintains a public city infrastructure was breached and information about f...
- Q40. What is the primary role of an intrusion detection system (IDS) on a network?...
- Q41. After a security breach, a security consultant is hired to perform a vulnerability assessm...
- Q42. Detailed step-by-step instructions to follow during a security incident are considered:...
- Q43. An administrator investigating intermittent network communication problems has identified ...
- Q44. A security administrator notices a process running on their local workstation called SvrsS...
- Q45. What is the correct order of the DFIR phases? (Exhibit)...
- Q46. As part of an organization's regular maintenance activities, a security engineer visits th...
- Q47. To minimize vulnerability, which steps should an organization take before deploying a new ...
- Q48. An incident response team is concerned with verifying the integrity of security informatio...
- Q49. An incident at a government agency has occurred and the following actions were taken: -Use...
- Q50. An employee discovered the default credentials in DB servers, which were found by using a ...
- Q51. According to SANS, when should an incident retrospective be performed?...
- Q52. Malicious code designed to execute in concurrence with a particular event is BEST defined ...
- Q53. Which common source of vulnerability should be addressed to BEST mitigate against URL redi...
- Q54. After imaging a disk as part of an investigation, a forensics analyst wants to hash the im...
- Q55. A system administrator pulls records from a database that only requires the use of their g...
- Q56. Which of the following are part of the hardening phase of the vulnerability assessment pro...
- Q57. An incident responder has collected network capture logs in a text file, separated by five...
- Q58. What allows a company to restore normal business operations in a matter of minutes or seco...
- Q59. Which of the following security best practices should a web developer reference when devel...
- Q60. Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose t...
- Q61. If a hacker is attempting to alter or delete system audit logs, in which of the following ...
- Q62. A first responder notices a file with a large amount of clipboard information stored in it...
- Q63. Which of the following is BEST suited to prevent piggybacking into a sensitive or otherwis...
- Q64. Which of the following can increase an attack surface?...
- Q65. Which answer option is a tactic of social engineering in which an attacker engages in an a...
- Q66. When reviewing log files from a recent incident, the response team discovers that most of ...
- Q67. According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirement...
- Q68. Which of the following is the FIRST step taken to maintain the chain of custody in a foren...
- Q69. Which of the following should normally be blocked through a firewall?...
- Q70. What kind of measures and controls are implemented when employees get assigned personal, u...
- Q71. Which of the following types of digital evidence is considered the MOST volatile?...
- Q72. A security professional discovers a new ransomware strain that disables antivirus on the e...
- Q73. A security analyst is required to collect detailed network traffic on a virtual machine. W...
- Q74. ABC Company uses technical compliance tests to verify that its IT systems are configured a...
- Q75. A digital forensics investigation requires analysis of a compromised system's physical mem...
- Q76. During a malware-driven distributed denial of service attack, a security researcher found ...
- Q77. An organization recently suffered a breach due to a human resources administrator emailing...
- Q78. Which of the following enables security personnel to have the BEST security incident recov...
- Q79. Which of the following digital forensic goals is being provided with hashing and time-stam...
- Q80. Which three answer options are password attack methods and techniques? (Choose three.)...
- Q81. Tcpdump is a tool that can be used to detect which of the following indicators of compromi...
- Q82. When performing an investigation, a security analyst needs to extract information from tex...
- Q83. Which asset would be the MOST desirable for a financially motivated attacker to obtain fro...
