When attempting to determine which system or user is generating excessive web traffic, analysis of which of

the following would provide the BEST results?

A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?

During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?

Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the

following threat motives does this MOST likely represent?

According to company policy, all accounts with administrator privileges should have suffix _ja. While reviewing Windows workstation configurations, a security administrator discovers an account without the suffix in the administrator’s group. Which of the following actions should the security administrator take?

While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?

While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with

archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?

When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?

A security professional discovers a new ransomware strain that disables antivirus on the endpoint during an

infection. Which location would be the BEST place for the security professional to find technical information about this malware?

After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?

It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)

Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?