A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to
internal clients. SMTP traffic should only be allowed to email servers. Which of the following
commands would stop this attack? (Choose two.)
AC
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to
the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following
message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a
short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error!
Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-
Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to accomplish?
B
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also
establishing a connection to IP 88.143.12.123. Which of the following commands should the
administrator use to capture only the traffic between the two hosts?
B
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a
tool that supports piecewise hashing. Which of the following tools should the analyst use?
A
Which of the following is a cybersecurity solution for insider threats to strengthen information
protection?
B
Explanation:
Reference: https://www.techrepublic.com/article/how-to-protect-your-organization-against-insider-
threats/
A security administrator is investigating a compromised host. Which of the following commands
could the investigator use to display executing processes in real time?
B
Explanation:
Reference: https://www.cyberciti.biz/faq/show-all-running-processes-in-linux/
A system administrator identifies unusual network traffic from outside the local network. Which of
the following
is the BEST method for mitigating the threat?
C
Which of the following technologies would reduce the risk of a successful SQL injection attack?
B
Explanation:
Reference: http://www.enterprisenetworkingplanet.com/netsecur/article.php/3866756/10-Ways-to-
Prevent-or- Mitigate-SQL-Injection-Attacks.htm
An incident responder has collected network capture logs in a text file, separated by five or more
data fields.
Which of the following is the BEST command to use if the responder would like to print the file (to
terminal/ screen) in numerical order?
C
Explanation:
Reference: https://kb.iu.edu/d/afjb
Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)
AD
A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there
is little endpoint security implementation on the company’s systems. Which of the following could
be included in an endpoint security solution? (Choose two.)
AB
During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is
processing information and indicating network activity. The investigator is preparing to launch an
investigation to
determine what is happening with this laptop. Which of the following is the MOST appropriate set of
Linux commands that should be executed to conduct the investigation?
B
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the
following tools could the analyst use?
D
After a security breach, a security consultant is hired to perform a vulnerability assessment for a
company’s web application. Which of the following tools would the consultant use?
A
Explanation:
Reference: https://www.scnsoft.com/blog/network-vulnerability-assessment-guide
When performing an investigation, a security analyst needs to extract information from text files in a
Windows operating system. Which of the following commands should the security analyst use?
C