During her review of incident logs, Deepa discovers the initial entry via SSH on a front-facing bastion host (A) at 8:02 a.m. If the network that Deepa is responsible for is designed as shown here, what is the most likely diagnosis if the second intrusion shows up on host B at 7:15 a.m.?

Neither host B nor host A are synchronized to NTP properly.

How should Hank react to his boss's request about configuring the scanner to start a new scan immediately after the prior scan completes?

Hank should consider the request and work with networking and engineering teams on possible implementation.

What action should Jiang take based on the average response time results from his SolarWinds network monitoring tools in Amazon’s AWS environment?

He should perform additional diagnostics to determine the cause of the latency.

What purpose does a honeypot system serve when placed on a network?

It provides information about the techniques attackers are using.

Which one of the following metrics would be most useful in determining the effectiveness of a vulnerability remediation program? Options: Number of critical vulnerabilities resolved, Time to resolve critical vulnerabilities, Number of new critical vulnerabilities per month, Time to complete vulnerability scans

Time to resolve critical vulnerabilities

Mike’s Nmap scan of a system using the command nmap 192.168.1.100 does not return any results. What does Mike know about the system if he is sure of its IP address, and why?

There are no TCP services reachable on Nmap’s default 65535 TCP ports.

What is the purpose of creating a hash value for a drive during the forensic imaging process?

To prove that the drive’s contents were not altered, to prove that no data was deleted from the drive, and to prove that no files were placed on the drive.

After completing his unsuccessful forensic analysis of the hard drive from a workstation that was compromised by malware, Ben sends it to be re-imaged and patched by his company’s desktop support team. Shortly after the system returns to service, the device once again connects to the same botnet. What action should Ben take as part of his next forensic review if this is the only system showing symptoms like this?

Validate the BIOS hash against a known good version.

What detailed analysis can Susan do with the Wireshark packet capture data to determine the type of media an employee was consuming during work?

She can export and view the GIF.

Sybex Practice Test 01

Flashcard

•

Information Technology (IT)

•

Professional Development

•

Practice Problem

•

Hard

Wayground Content

FREE Resource

Student preview

42 questions

Show all answers

FLASHCARD QUESTION

Front

What is the most likely cause of a sudden drop to zero in network flow on a particular segment? Options: A denial-of-service attack, A link failure, High bandwidth consumption, Beaconing

Back

A link failure

Answer explanation

The sudden drop to zero is most likely to be an example of link failure. A denial-of-service
attack could result in this type of drop but is less likely for most organizations. High bandwidth
consumption and beaconing both show different traffic patterns than shown in this example.

FLASHCARD QUESTION

Front

Which one of the following should be Saanvi's highest priority for patching during the recovery process after a security incident? Windows systems, Systems involved in the incident, Linux systems, Web servers

Back

Systems involved in the incident

Answer explanation

During an incident recovery effort, patching priority should be placed on systems that
were directly involved in the incident. This is one component of remediating known issues
that were actively exploited.

FLASHCARD QUESTION

Front

Susan’s organization suffered from a major breach attributed to an advanced persistent threat (APT) using exploits of zero-day vulnerabilities. Which of the following is the least appropriate solution for Susan to recommend to help prevent future attacks of this type? Heuristic attack detection methods, Signature-based attack detection methods, Segmentation, Leverage threat intelligence

Back

Signature-based attack detection methods

Answer explanation

Signature-based attack detection methods rely on knowing what an attack or malware looks like. Zero-day attacks are unlikely to have an existing signature, making them a poor choice to prevent them. Heuristic (behavior) detection methods can indicate compromises despite the lack of signatures for the specific exploit. Building a well-designed and segmented network can limit the impact of compromises or even prevent them. Leveraging threat intelligence
to understand new attacks and countermeasures is an important part of defense against zero-day attacks.

FLASHCARD QUESTION

Front

During his investigation of a Windows system, Eric discovered that files were deleted and he wants to determine whether a specific file previously existed on the computer. Which of the following is the least likely to be a potential location to discover evidence supporting that theory? Windows registry, Master File Table, INDX files, Event logs

Back

Event logs

Answer explanation

The Windows registry, Master File Tables, and INDX files all contain information about files, often including removed or deleted files. Event logs are far less likely to contain information about a specific file location.

FLASHCARD QUESTION

Front

As part of her SOC analyst duties, Emily is tasked with monitoring intrusion detection systems that cover her employer’s corporate headquarters network. During her shift, Emily’s IDS alarms report that a network scan has occurred from a system with IP address 10.0.11.19 on the organization’s WPA3 Enterprise wireless network aimed at systems in the finance division. What data source should she check first?

Back

Wireless authentication logs

Answer explanation

Since Emily’s organization uses WPA3 Enterprise, users must authenticate to use the wireless network. Associating the scan with an authenticated user will help incident responders identify the device that conducted the scan.

FLASHCARD QUESTION

Front

Casey’s incident response process leads her to a production server that must stay online for her company’s business to remain operational. What method should she use to capture the data she needs?

Back

Live image to an external drive.

Answer explanation

Normally, forensic images are collected from systems that are offline to ensure that a complete copy is made. In cases like this where keeping the system online is more important than the completeness of the forensic image, a live image to an external drive using a portable
forensic tool such as FTK Imager Lite, dd, or similar is the correct choice.

FLASHCARD QUESTION

Front

What does the Nmap response “filtered” mean in port scan results?

Back

Nmap cannot tell whether the port is open or closed.

Answer explanation

When Nmap returns a response of “filtered,” it indicates that Nmap cannot tell whether
the port is open or closed. Filtered results are often the result of a firewall or other network
device, but a response of filtered does not indicate that a firewall or IPS was detected.
When Nmap returns a “closed” result, it means that there is no application listening at
that moment.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

38 questions

Medical Vocabulary Flashcards

Flashcard

•

10th Grade

36 questions

Environmental Awareness Flashcard

Flashcard

•

8th Grade

38 questions

Reactions 1 (Activate Y7) - Glossary Flashcard

Flashcard

•

6th - 8th Grade

36 questions

EsP 9 Fourth Grading Reviewer

Flashcard

•

9th Grade

40 questions

Directions - English to Estonian

Flashcard

•

University

44 questions

Electromagnetism IGCSE

Flashcard

•

9th - 11th Grade

44 questions

Waves 1 - Light (Activate Y7) - Glossary Flashcard

Flashcard

•

6th - 8th Grade

36 questions

Mirror and Mental Health Vocabulary

Flashcard

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Information Technology (IT)

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

Sybex Practice Test 01

42 questions

The sudden drop to zero is most likely to be an example of link failure. A denial-of-service
attack could result in this type of drop but is less likely for most organizations. High bandwidth
consumption and beaconing both show different traffic patterns than shown in this example.

During an incident recovery effort, patching priority should be placed on systems that
were directly involved in the incident. This is one component of remediating known issues
that were actively exploited.

The Windows registry, Master File Tables, and INDX files all contain information about files, often including removed or deleted files. Event logs are far less likely to contain information about a specific file location.

Since Emily’s organization uses WPA3 Enterprise, users must authenticate to use the wireless network. Associating the scan with an authenticated user will help incident responders identify the device that conducted the scan.

The most serious vulnerabilities shown in this report are medium-severity vulnerabilities.
Server D has the highest number (8) of vulnerabilities at that severity level.

When an event of the type that is being analyzed has occurred within the recent past
(often defined as a year), assessments that review that event will normally classify the
likelihood of occurrence as high since it has already occurred.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Sybex Practice Test 01

42 questions

The sudden drop to zero is most likely to be an example of link failure. A denial-of-serviceattack could result in this type of drop but is less likely for most organizations. High bandwidthconsumption and beaconing both show different traffic patterns than shown in this example.

During an incident recovery effort, patching priority should be placed on systems thatwere directly involved in the incident. This is one component of remediating known issuesthat were actively exploited.

The Windows registry, Master File Tables, and INDX files all contain information about files, often including removed or deleted files. Event logs are far less likely to contain information about a specific file location.

Since Emily’s organization uses WPA3 Enterprise, users must authenticate to use the wireless network. Associating the scan with an authenticated user will help incident responders identify the device that conducted the scan.

The most serious vulnerabilities shown in this report are medium-severity vulnerabilities.Server D has the highest number (8) of vulnerabilities at that severity level.

When an event of the type that is being analyzed has occurred within the recent past(often defined as a year), assessments that review that event will normally classify thelikelihood of occurrence as high since it has already occurred.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

The sudden drop to zero is most likely to be an example of link failure. A denial-of-service
attack could result in this type of drop but is less likely for most organizations. High bandwidth
consumption and beaconing both show different traffic patterns than shown in this example.

During an incident recovery effort, patching priority should be placed on systems that
were directly involved in the incident. This is one component of remediating known issues
that were actively exploited.

The most serious vulnerabilities shown in this report are medium-severity vulnerabilities.
Server D has the highest number (8) of vulnerabilities at that severity level.

When an event of the type that is being analyzed has occurred within the recent past
(often defined as a year), assessments that review that event will normally classify the
likelihood of occurrence as high since it has already occurred.