Which of the following technologies would reduce the risk of a successful SQL injection attack?
A. Reverse proxy
B. Web application firewall
C. Stateful firewall
D. Web content filtering
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?
A. nbtstat
B. WinDump
C. fport
D. netstat
A network administrator has determined that network performance has degraded due to excessive use of social media and Internet streaming services. Which of the following would be effective for limiting access to these types of services, without completely restricting access to a site?
A. Whitelisting
B. Web content filtering
C. Network segmentation
D. Blacklisting
Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?
A. Logic bomb
B. Rootkit
C. Trojan
D. Backdoor
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following would be the BEST action to take to plan for this kind of attack in the future?
A. Scanning email server for vulnerabilities
B. Conducting security awareness training
C. Hardening the Microsoft Exchange Server
D. Auditing account password complexity
As part of an organization's regular maintenance activities, a security engineer visits the Internet Storm Center advisory page to obtain the latest list of blacklisted host/network addresses. The security engineer does this to perform which of the following activities?
A. Update the latest proxy access list
B. Monitor the organization's network for suspicious traffic
C. Monitor the organization's sensitive databases
D. Update access control list (ACL) rules for network devices
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?
A. Geolocation
B. False positive
C. Geovelocity
D. Advanced persistent threat (APT) activity
Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?
A. IPS logs
B. DNS logs
C. SQL logs
D. SSL logs
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
A. cat * | cut –d ‘,’ –f 2,5,7
B. more * | grep
C. diff
D. sort *
Organizations considered "covered entities" are required to adhere to which compliance requirement?
A. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. Sarbanes-Oxley Act (SOX)
D. International Organization for Standardization (ISO) 27001
Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)
A. Disk duplicator
B. EnCase
C. dd
D. Forensic Toolkit (FTK)
E. Write blocker
An incident at a government agency has occurred and the following actions were taken:
-Users have regained access to email accounts
-Temporary VPN services have been removed
-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
-
Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
A.
Containment
B.
Post-incident
C.
Recovery
D. Identification
Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
A. Security and evaluating the electronic crime scene.
B. Transporting the evidence to the forensics lab
C. Packaging the electronic device
D. Conducting preliminary interviews
While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)
A. Identifying exposures
B. Identifying critical assets
C. Establishing scope
D. Running scanning tools
E. Installing antivirus software
An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?
A. Internet Message Access Protocol (IMAP)
B. Network Basic Input/Output System (NetBIOS)
C. Database
D. Network Time Protocol (NTP)