CySA Module 10 - Responding to a Cyber Incident

Rudyard has heard rumors that an employee has set up an FTP server at his house. The server is said to be running on port 80, as ports 20 and 21 are blocked on the company's firewall. He knows that the firewall doesn't perform any sort of packet inspection to ensure that only HTTP traffic is being transmitted. Which of the following tools might he use in conjunction with port mirroring on the switch to monitor the user's traffic and search for signs of FTP traffic being sent on port 80?

Louise has been asked to provide a report to management that contains a list of insecure traffic types coming into the company's network from the Internet. Which of the following tools might she use to collect this information?

A threat actor has gone to a local coffee shop and opened a program that can analyze traffic being sent and received on the network. He finds that someone on the network is sending emails using SMTP without encryption, and he can see the contents of the emails. Which of the following programs is he most likely using?

Nichole, a cybersecurity analyst, has received an alert about a potential ping flood on one of the company's Windows servers. She is able to connect to the server via an out-of-band management network. Which of the following native tools might help her verify what is occurring on the server at the moment?

The security administrator for a large organization wants to prevent customer service employees from being able to access control panels or command prompts. Which of the following could the security administrator implement in order to accomplish this goal?

Alisi, a cybersecurity manager, has found that a former employee was engaging in illegal activities online; she must report these activities to local law enforcement authorities. She locks the employee's computer in a closet to which only she and two of her peers have access. Which of the following should be created as part of the documentation for this incident?

Kevin is working the after-hours shift in the NOC and receives an alert that there has been a potential intrusion into one of the servers. He pulls out the incident response plan and sees that the first step is to notify the on-call manager. Where might he find that information?

Dion is developing an application that will allow users to create their own passwords. He then needs to store that information in a database to be used when the user attempts to log in again. Which of the following provides the strongest option for Dion to accomplish this task?

Attempt to undelete files on the drive. Which of the following tools would be most useful as part of his analysis?

Ines is reviewing the network traffic logs and sees what appears to be beaconing. Which of the following best describes the traffic she has noticed?