dumpspedia logo
Which of the following describes United States federal government cybersecurity policies and guidelines?
Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)
An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following
BEST describes what is occurring?
A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?
A security analyst needs to capture network traffic from a compromised Mac host. They attempt to execute the tcpdump command using their general user account but continually receive an "Operation Not Permitted" error.
Use of which of the following commands will allow the analyst to capture traffic using tcpdump successfully?
Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
Detailed step-by-step instructions to follow during a security incident are considered:
When performing a vulnerability assessment from outside the perimeter, which of the following network devices is MOST likely to skew the scan results?
It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
A company is reviewing the results of the Nikto scan, and they determined that several internal web servers (likely associated with internal web applications) have a number of vulnerabilities. They also noticed several servers that have returned click-jacking vulnerabilities. Which option should be used to remediate this issue?
An unauthorized network scan may be detected by parsing network sniffer data for:
Windows Server 2016 log files can be found in which of the following locations?
What are the two most appropriate binary analysis techniques to use in digital forensics analysis? (Choose two.)
When reviewing log files from a recent incident, the response team discovers that most of the network-based indicators are IP-based. It would be helpful to the response team if they could resolve those IP-based indicators to hostnames. Which of the following is BEST suited for this task?
The statement of applicability (SOA) document forms a fundamental part of which framework?
Which of the following is BEST suited to prevent piggybacking into a sensitive or otherwise restricted area of a facility?
According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator’s group. Which of the following actions should the security administrator take?
Which of the following attack vectors capitalizes on a previously undisclosed issue with a software application?
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with
archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
To minimize vulnerability, which steps should an organization take before deploying a new Internet of Things (IoT) device? (Choose two.)
An organization wants to deploy a network security tool to alert them but not block malicious activity and network traffic. Which of the following tools would BEST meet the organization's needs?
A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.
The unknown process is MOST likely:
An incident responder has collected network capture logs in a text file, separated by five or more data fields.
Which of the following is the BEST command to use if the responder would like to print the file (to terminal/ screen) in numerical order?
An incident at a government agency has occurred and the following actions were taken:
-Users have regained access to email accounts
-Temporary VPN services have been removed
-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
-Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?
ABC Company uses technical compliance tests to verify that its IT systems are configured according to organizational information security policies, standards, and guidelines. Which two tools and controls can ABC Company use to verify that its IT systems are configured accordingly? (Choose two.)
Vulnerability scanners generally classify vulnerabilities by which of the following? (Choose two.)
Network infrastructure has been scanned and the identified issues have been remediated. What is the next step in the vulnerability assessment process?
A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are
MOST important for log integrity? (Choose two.)
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
After a hacker obtained a shell on a Linux box, the hacker then sends the exfiltrated data via Domain Name System (DNS). This is an example of which type of data exfiltration?
In a Linux operating system, what kind of information does a /var/log/daemon.log file contain?
Which common source of vulnerability should be addressed to BEST mitigate against URL redirection attacks?
Which of the following backup strategies will result in the shortest backup time during weekdays and use the least amount of storage space but incur the longest restore time?
Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
A system administrator identifies unusual network traffic from outside the local network. Which of the following
is the BEST method for mitigating the threat?
A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to accomplish?
Which of the following regulations is most applicable to a public utility provider operating in the United States?
Which three tools are used for integrity verification of files? (Choose three.)
When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?
Which two options represent the most basic methods for designing a DMZ network firewall? (Choose two.)
TESTED 04 Apr 2025