A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
A security investigator has detected an unauthorized insider reviewing files containing company secrets.
Which of the following commands could the investigator use to determine which files have been opened by this user?
As part of an organization’s regular maintenance activities, a security engineer visits the Internet Storm Center advisory page to obtain the latest list of blacklisted host/network addresses. The security engineer does this to perform which of the following activities?
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
Which of the following describes United States federal government cybersecurity policies and guidelines?
While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)
During which phase of the incident response process should an organization develop policies and procedures for incident handling?
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to accomplish?
An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?
Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to
determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
The NIST framework 800-137 breaks down the concept of continuous monitoring into which system of tiers?
During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?
Detailed step-by-step instructions to follow during a security incident are considered:
A system administrator identifies unusual network traffic from outside the local network. Which of the following
is the BEST method for mitigating the threat?
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been
compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe.
The unknown process is MOST likely:
Which of the following are part of the hardening phase of the vulnerability assessment process? (Choose two.)
During recovery from an incident, which three options should a company focus on? (Choose three.)
What allows a company to restore normal business operations in a matter of minutes or seconds?
A first responder notices a file with a large amount of clipboard information stored in it. Which part of the MITRE ATT&CK matrix has the responder discovered?
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following
would be the BEST action to take to plan for this kind of attack in the future?
A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST
likely used by the analyst for the initial discovery?
Which of the following would MOST likely make a Windows workstation on a corporate network vulnerable to remote exploitation?
The "right to be forgotten" is considered a core tenet of which of the following privacy-focused acts or regulations?
During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?
A system administrator has been tasked with developing highly detailed instructions for patching managed assets using the corporate patch management solution. These instructions are an example of which of the following?
If an organization suspects criminal activity during the response to an incident, when should they notify law enforcement authorities?
During an incident, the following actions have been taken:
-Executing the malware in a sandbox environment
-Reverse engineering the malware
-Conducting a behavior analysis
Based on the steps presented, which of the following incident handling processes has been taken?
A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there is little endpoint security implementation on the company’s systems. Which of the following could be included in an endpoint security solution? (Choose two.)
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members
WHERE email = “attacker@somewhere.com”; DROP TABLE members; –”
Which of the following did the hackers perform?
A forensic analyst has been tasked with analyzing disk images with file extensions such as .001, .002, etc. Which of the following disk imaging tools was MOST LIKELY used to create these image files?
After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?
It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
A system administrator pulls records from a database that only requires the use of their general user vs. domain admin account. Use of the general user account demonstrates which of the following concepts?
In a Linux operating system, what kind of information does a /var/log/daemon.log file contain?
Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?
Organizations considered “covered entities” are required to adhere to which compliance requirement?
An automatic vulnerability scan has been performed. Which is the next step of the vulnerability assessment process?
DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.
TESTED 01 May 2025
