98. A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A. The end user changed the file permissions.

B. A cryptographic collision was detected.

C. A snapshot of the file system was taken.

269. A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

D. The software contained a backdoor

A. The software had a hidden keylogger

C. The user's computer had a fileless virus

163. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

D. Install endpoint management software on all systems.

A. Configure all systems to log scheduled tasks.

B. Collect and monitor all traffic exiting the network.

C. Block traffic based on known malicious signatures.

328. A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

A. A misconfiguration in the endpoint protection software

B. A zero-day vulnerability in the file

C. A supply chain attack on the endpoint protection vendor

247. A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

B. Enabling malware detection through a UTM

A. Utilizing attack signatures in an IDS

C. Limiting the affected servers with a load balancer

D. Blocking command injections via a WAF

510. A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline. Which of the following should the analyst use?

C. Endpoint detection and response

314. An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker's bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following: PS>.\mimikatz.exe "sekurlsa::pth /user:localadmin /domain: corp-domain.com /ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327 Which of the following best describes how the attacker gained access to the hardened PC?

B. The attacker performed a pass-the-hash attack using a shared support account.

A. The attacker created fileless malware that was hosted by the banking platform.

C. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software.

D. The attacker socially engineered the accountant into performing bad transfers.

SYO 701 EDR Module FC

Quiz

•

Computers

•

University

•

Practice Problem

•

Hard

Wayground Content

FREE Resource

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

60. A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

A. FDE

B. NIDS

C. EDR

D. DLP

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

170. A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A. Application

B. IPS/IDS

C. Network

D. Endpoint

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

392. A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

A . Implementing encryption

B . Monitoring outbound traffic

C . Using default settings

D . Closing all open ports

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

360. A security administrator recently reset local passwords and the following values were recorded in the system:
Which of the following in the security administrator most likely protecting against?

A . Account sharing

B . Weak password complexity

C . Pass-the-hash attacks

D . Password compromise

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

201. A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

A. Full disk encryption

B. Network access control

C. File integrity monitoring

D. User behavior analytics

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

494. An organization needs to monitor its users’ activities in order to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

A. Behavioral analytics

B. Access control lists

C. Identity and access management

D. Network intrusion detection system

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

454. Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

A. UBA

B. EDR

C. NAC

D. DLP

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

1ºDAM/DAW - Entornos de Desarrollo - UD1-6 - Prof. C. Boni

Quiz

•

University - Professi...

20 questions

basisdata1

Quiz

•

University

15 questions

After Effect Intoduction

Quiz

•

10th Grade - University

18 questions

Memory-Mobo-Hard/Software

Quiz

•

University

16 questions

Digital Icons

Quiz

•

12th Grade - University

20 questions

PARC Linux Basic Part 2

Quiz

•

University

20 questions

CSS Pseudo dan CSS Grid System

Quiz

•

University

18 questions

SQL Quiz

Quiz

•

University

Popular Resources on Wayground

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

15 questions

Solving Equations with Variables on Both Sides Review

Quiz

•

8th Grade

Discover more resources for Computers

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

7 questions

Different Types of Energy

Interactive video

•

4th Grade - University

7 questions

Transition Words and Phrases

Interactive video

•

4th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Biomolecules (Updated)

Interactive video

•

11th Grade - University

34 questions

Unit 5 Review - The Middle Ages in Europe-B

Quiz

•

9th Grade - University

26 questions

Day2 classwork: Permutation and combination

Quiz

•

2nd Grade - University

5 questions

Using Context Clues

Interactive video

•

4th Grade - University

SYO 701 EDR Module FC

20 questions

60. A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

392. A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

360. A security administrator recently reset local passwords and the following values were recorded in the system:Which of the following in the security administrator most likely protecting against?

201. A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

494. An organization needs to monitor its users’ activities in order to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

454. Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

98. A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

269. A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

163. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

360. A security administrator recently reset local passwords and the following values were recorded in the system:
Which of the following in the security administrator most likely protecting against?

98. A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months.
Which of the following most likely occurred?