| A security analyst is investigating a cyber attack that began by compromising one file system through a vulnerability in a custom software application. The attack now appears to be affecting additional file systems under the control of another security authority. Which CVSS v3.0 base exploitability metric score is increased by this attack characteristic? Scope Privileges required Attack complexity User interaction.
Using Tcpdump and Wireshark, a security analyst extracts a downloaded file from a pcap file. The analyst suspects that the file is a virus and wants to know the file type for further examination. Which Linux command can be used to determine the file type? file tail nano ls -l.
What is a feature of an IPS? It can stop malicious packets. It is deployed in offline mode. It has no impact on latency. It is primarily focused on identifying possible incidents.
Which three fields are found in both the TCP and UDP headers? (Choose three.) checksum destination port source port window options sequence number.
During the detection and analysis phase of the NIST incident response process life cycle, which sign category is used to describe that an incident might occur in the future? precursor attrition impersonation indicator.
According to the Cyber Kill Chain model, after a weapon is delivered to a targeted system, what is the next step that a threat actor would take? action on objectives exploitation weaponization installation.
Which NIST-defined incident response stakeholder is responsible for coordinating the incident response with other stakeholders and minimizing the damage of an incident? Human resources IT support The legal department Management.
What is the benefit of a defense-in-depth approach? All network vulnerabilities are mitigated. The need for firewalls is eliminated. Only a single layer of security at the network core is required. The effectiveness of other security measures is not impacted when a security mechanism fails.
Which type of analysis relies on predefined conditions and can analyze applications that only use well-known fixed ports? statistical deterministic log probabilistic.
Which type of analysis relies on different methods to establish the likelihood that a security event has happened or will happen? deterministic statistical log probabilistic.
Which access control model allows users to control access to data as an owner of that data? mandatory access control nondiscretionary access control discretionary access control attribute-based access control.
What are the three impact metrics contained in the CVSS 3.0 Base Metric Group? (Choose three.) confidentiality remediation level integrity attack vector exploit availability.
Which access control model applies the strictest access control and is often used in military and mission critical applications? discretionary mandatory nondiscretionary attribute-based.
Match the security concept to the description. Risk Exploit Vulnerability Threat.
What is the principle behind the nondiscretionary access control model? It applies the strictest access control possible. It allows access decisions to be based on roles and responsibilities of a user within the organization. It allows users to control access to their data as owners of that data. It allows access based on attributes of the object be to accessed.
Match the information security component with the description. Confidentiality Integrity Availability.
Which tool captures full data packets with a command-line interface only? nfdump NBAR2 tcpdump Wireshark.
To which category of security attacks does man-in-the-middle belong? DoS access reconnaissance social engineering.
What is an example of a local exploit? Port scanning is used to determine if the Telnet service is running on a remote server. A threat actor performs a brute force attack on an enterprise edge router to gain illegal access. A buffer overflow attack is launched against an online shopping website and causes a server to crash. A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.
Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials? pivoting traffic substitution resource exhaustion protocol-level misinterpretation.
What are two examples of DoS attacks? (Choose two.) port scanning SQL injection ping of death phishing buffer overflow.
Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs? reconnaissance social engineering denial of service phishing.
A cybersecurity analyst believes that an attacker is announcing a forged MAC address to network hosts in an attempt to spoof the default gateway. Which command could the analyst use on the network hosts to see what MAC address the hosts are using to reach the default gateway? netsat -r route print ipconfig /all arp -a.
Which management system implements systems that track the location and configuration of networked devices and software across an enterprise? risk management vulnerability management configuration management asset management.
Which tool can be used in a Cisco AVC system to analyze and present the application analysis data into dashboard reports? NetFlow NBAR2 Prime IPFIX.
A user successfully logs in to a corporate network via a VPN connection. Which part of the AAA process records that a certain user performed a specific operation at a particular date and time? access accounting authorization authentication.
What is the responsibility of the IT support group when handling a security incident? Coordinate the incident response with other stakeholders and minimize the damage of the incident. Review the incident policies, plans, and procedures for local or federal guideline violations. Perform actions to minimize the effectiveness of the attack and preserve evidence. Perform disciplinary measures if an incident is caused by an employee.
Which Linux program is going to be used when installing an application? X Window System launcher package manager penetration tool.
Refer to the exhibit. Which security issue would a cybersecurity analyst use the displayed tool? ARP cache poisoning DNS attack TCP attack malware.
Which approach is intended to prevent exploits that target Syslog? Use a VPN between a Syslog client and the Syslog server. Use Syslog-ng. Use a Linux-based server. Create an ACL that permits only TCP traffic to the Syslog server.
What is the result of a DHCP starvation attack? Clients receive IP address assignments from a rogue DHCP server. Legitimate clients are unable to lease IP addresses The IP addresses assigned to legitimate clients are hijacked. The attacker provides incorrect DNS and default gateway information to clients.
Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? A DoS attack has been launched against the network. The computers are subject to a reconnaissance attack. A virus has infected the computers. An access attack has occurred.
A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe? trust exploitation port redirection
reconnaissance denial of service.
Which two technologies are primarily used on peer-to-peer networks? (Choose two.) Darknet Snort Bitcoin BitTorrent Wireshark.
What are two elements that form the PRI value in a syslog message? (Choose two.) facility severity header hostname timestamp.
Which term is used for describing automated queries that are useful for adding efficiency to the cyberoperations workflow? cyber kill chain playbook rootkit chain of custody.
Which two options are security best practices that help mitigate BYOD risks? (Choose two.) Decrease the wireless antenna gain level. Only turn on Wi-Fi when using the wireless network. Use wireless MAC address filtering. Only allow devices that have been approved by the corporate IT team. Keep the device OS and software updated. Use paint that reflects wireless signals and glass that prevents the signals from going outside the building.
What is an essential function of SIEM? forwarding traffic and physical layer errors to an analysis device providing 24×7 statistics on packets flowing through a Cisco router or multilayer switch monitoring traffic and comparing it against the configured rules providing reporting and analysis of security events.
Which statement describes the Cyber Kill Chain? It identifies the steps that adversaries must complete to accomplish their goals. It specifies common TCP/IP protocols used to fight against cyberattacks. It is a set of metrics designed to create a way to describe security incidents in a structured and repeatable way. It uses the OSI model to describe cyberattacks at each of the seven layers.
Why does a worm pose a greater threat than a virus poses? Worms are more network-based than viruses are. Worms are not detected by antivirus programs. Worms run within a host program. Worms directly attack the network devices.
Refer to the exhibit. A network security specialist is issuing the tail command to monitor the Snort alert in real time. Which option should be used in the command line to watch the file for changes? -c -q -f *n.
What is the most common use of the Diffie-Helman algorithm in communications security? to secure the exchange of keys used to encrypt data to create password hashes for secure authentication to encrypt data for secure e-commerce communications to provide routing protocol authentication between routers.
In threat intelligence communications, which sharing standard is a specification for an application layer protocol that allows communication of cyberthreat intelligence over HTTPS? Trusted automated exchange of indicator information (TAXII) Structured threat information expression (STIX) Common vulnerabilities and exposures (CVE) Automated indicator sharing (AIS).
Which schema or model allows security professionals to enter data about a particular incident, such as victim demographics, incident description, discovery method and response, and impact assessment, and share that data with the security community anonymously? Diamond Cyber Kill Chain CSIRT VERIS.
A PC user issues the netstat command without any options. What is displayed as the result of this command? a historical list of successful pings that have been sent a local routing table a network connection and usage report a list of all established active TCP connections.
A law office uses a Linux host as the firewall device for the network. The IT administrator is configuring the firewall iptables to block pings from Internet devices to the Linux host. Which iptables chain should be modified to achieve the task? INTERNET INPUT OUTPUT FORWARD.
Which statement describes the state of the administrator and guest accounts after a user installs Windows desktop version to a new computer? By default, both the administrator and guest accounts are enabled. By default, both the administrator and guest accounts are disabled. By default, the administrator account is enabled but the guest account is disabled. By default, the guest account is enabled but the administrator account is disabled.
Which two characteristics describe a virus? (Choose two.) Malware that executes arbitrary code and installs copies of itself in memory. A self-replicating attack that is independently launched. Malware that relies on the action of a user or a program to activate. Program code specifically designed to corrupt memory in network devices. Malicious code that can remain dormant before executing an unwanted action.
Which type of events should be assigned to categories in Sguil? true positive false positive true negative false negative.
What information does an Ethernet switch examine and use to forward a frame? destination MAC address destination IP address source MAC address source IP address.