Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

An incident responder is asked to create a disk image of a compromised Linux server. Which of the following commands should be used to do this?

A.

dd

B.

Isof

C.

gzip

D.

fdisk

E.

mbr

Full Access
Question # 5

During an investigation on Windows 10 system, a system administrator needs to analyze Windows event logs related to CD/DVD-burning activities. In which of the following paths will the system administrator find these logs?

A.

\Windows\Systems32\winevt\logs\System.evt

B.

\Windows\System32\winevt\Logs\System.evtx

C.

\Windows\Systems\winevt\Evtlogs\System.evtx

D.

\Windows\System\winevt\Logs\System.evt

Full Access
Question # 6

Which of the following is an automated password cracking technique that uses a combination of upper and lower case letters, 0-9 numbers, and special characters?

A.

Dictionary attack

B.

Password guessing

C.

Brute force attack

D.

Rainbow tables

Full Access
Question # 7

An attacker performs reconnaissance on a Chief Executive Officer (CEO) using publicity available resources to gain access to the CEO’s office. The attacker was in the CEO’s office for less than five minutes, and the attack left no traces in any logs, nor was there any readily identifiable cause for the exploit. The attacker in then able to use numerous credentials belonging to the CEO to conduct a variety of further attacks. Which of the following types of exploit is described?

A.

Pivoting

B.

Malicious linking

C.

Whaling

D.

Keylogging

Full Access
Question # 8

The Chief Information Officer (CIO) of a company asks the incident responder to update the risk management plan. Which of the following methods can BEST help the incident responder identify the risks that require in-depth analysis?

A.

Qualitative analysis

B.

Targeted risk analysis

C.

Non-targeted risk analysis

D.

Quantitative analysis

Full Access
Question # 9

An incident responder notices many entries in an apache access log file that contain semicolons. Which of the following attacks is MOST likely being attempted?

A.

SQL injection

B.

Remote file inclusion

C.

Account brute force

D.

Cross-site scripting

Full Access
Question # 10

An incident responder is asked to work with the IT department to address patch management issues with the company servers. Which of the following is the BEST source for the incident responder to obtain the CVEs for the latest industry-recognized patches?

A.

Vulnerabilities database

B.

Intelligence feeds

C.

Security journals

D.

Security blogs

Full Access
Question # 11

An attacker has decided to attempt a brute force attack on a UNIX server. In order to accomplish this, which of the following steps must be performed?

A.

Exfiltrate the shadow and SAM, run unshadow, and then runa password cracking utility on the output file.

B.

Exfiltrate the shadow and passwd, and then run a password cracking utility on both files.

C.

Exfiltrate the shadow and SAM, and then run a password cracking utility on both files.

D.

Exfiltrate the shadowand passwd, run unshadow, and then run a password cracking utility on the output file.

Full Access
Question # 12

An organization’s public information website has been defaced. The incident response team is actively engaged in the following actions:

- Installing patches on the web server

- Turning off unnecessary services on web server

- Adding new ACL rules to the WAF

- Changing all passwords on web server accounts

Which of the following incident response phases is the team MOST likely conducting?

A.

Respond

B.

Recover

C.

Contain

D.

Identify

Full Access
Question # 13

An alert has been triggered identifying a new application running on a Windows server. Which of the following tools can be used to identify the application? (Choose two.)

A.

traceroute

B.

nbstat

C.

Hex editor

D.

Task manager

E.

Process explorer

Full Access
Question # 14

To redact or obfuscate sensitive data, a company requires its name be changed throughout a port-incident report. Using a Linux sed command, which of the following will replace the company’s name with “Acme”?

A.

/Orange/Acme/g

B.

s/Acme/Orange/g

C.

/Acme/Orange/g

D.

s/Orange/Acme/g

Full Access
Question # 15

Which of the following technologies is used as mitigation to XSS attacks?

A.

Intrusion prevention

B.

Proxy filtering

C.

Web application firewall

D.

Intrusion detection

Full Access