98. A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A. The end user changed the file permissions.

B. A cryptographic collision was detected.

C. A snapshot of the file system was taken.

269. A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

D. The software contained a backdoor

A. The software had a hidden keylogger

C. The user's computer had a fileless virus

163. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

D. Install endpoint management software on all systems.

A. Configure all systems to log scheduled tasks.

B. Collect and monitor all traffic exiting the network.

C. Block traffic based on known malicious signatures.

328. A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

A. A misconfiguration in the endpoint protection software

B. A zero-day vulnerability in the file

C. A supply chain attack on the endpoint protection vendor

247. A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

B. Enabling malware detection through a UTM

A. Utilizing attack signatures in an IDS

C. Limiting the affected servers with a load balancer

D. Blocking command injections via a WAF

510. A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline. Which of the following should the analyst use?

C. Endpoint detection and response

314. An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker's bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following: PS>.\mimikatz.exe "sekurlsa::pth /user:localadmin /domain: corp-domain.com /ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327 Which of the following best describes how the attacker gained access to the hardened PC?

B. The attacker performed a pass-the-hash attack using a shared support account.

A. The attacker created fileless malware that was hosted by the banking platform.

C. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software.

D. The attacker socially engineered the accountant into performing bad transfers.

SYO 701 EDR Module FC

Authored by Wayground Content

Computers

University

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

60. A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

A. FDE

B. NIDS

C. EDR

D. DLP

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

170. A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A. Application

B. IPS/IDS

C. Network

D. Endpoint

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

392. A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

A . Implementing encryption

B . Monitoring outbound traffic

C . Using default settings

D . Closing all open ports

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

360. A security administrator recently reset local passwords and the following values were recorded in the system:
Which of the following in the security administrator most likely protecting against?

A . Account sharing

B . Weak password complexity

C . Pass-the-hash attacks

D . Password compromise

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

201. A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

A. Full disk encryption

B. Network access control

C. File integrity monitoring

D. User behavior analytics

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

494. An organization needs to monitor its users’ activities in order to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

A. Behavioral analytics

B. Access control lists

C. Identity and access management

D. Network intrusion detection system

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

454. Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

A. UBA

B. EDR

C. NAC

D. DLP

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Banco de Dados

Quiz

•

University - Professi...

19 questions

DSA Quest 1.0

Quiz

•

University

16 questions

W6_BIS

Quiz

•

University

20 questions

Bubble Sort and Pointers

Quiz

•

University

19 questions

python

Quiz

•

University

20 questions

C - Structures

Quiz

•

University

20 questions

DreamWeaver CS6

Quiz

•

University

20 questions

Berpikir Komputasi - Assessment 1

Quiz

•

University

Popular Resources on Wayground

20 questions

STAAR Review Quiz #3

Quiz

•

8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

6 questions

Marshmallow Farm Quiz

Quiz

•

2nd - 5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Computers

20 questions

Disney Trivia

Quiz

•

University

10 questions

GMAS ELA Review

Quiz

•

KG - University

9 questions

Week 9 Recitation

Quiz

•

University

26 questions

Customary Measurement

Quiz

•

KG - University

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...

SYO 701 EDR Module FC

60. A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

392. A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

360. A security administrator recently reset local passwords and the following values were recorded in the system:Which of the following in the security administrator most likely protecting against?

201. A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

494. An organization needs to monitor its users’ activities in order to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

454. Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

98. A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

269. A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

163. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

360. A security administrator recently reset local passwords and the following values were recorded in the system:
Which of the following in the security administrator most likely protecting against?

98. A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months.
Which of the following most likely occurred?