An incident responder has collected network capture logs in a text file, separated by five or more data fields. Which of the following is the BEST command to use if the responder would like to print the file (to terminal/screen) in numerical order?
A. cat | tac
B. more
C. sort –n
D. less
A security investigator has detected an unauthorized insider reviewing files containing company secrets. Which of the following commands could the investigator use to determine which files have been opened by this user?
A. ls
B. lsof
C. ps
D. netstat
While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?
A. Expanding access
B. Covering tracks
C. Scanning
D. Persistence
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
A. Reconnaissance
B. Scanning
C. Gaining access
D. Persistence
As part of an organization's regular maintenance activities, a security engineer visits the Internet Storm Center advisory page to obtain the latest list of blacklisted host/network addresses. The security engineer does this to perform which of the following activities?
A. Update the latest proxy access list
B. Monitor the organization's network for suspicious traffic
C. Monitor the organization's sensitive databases
D. Update access control list (ACL) rules for network devices
Which of the following, when exposed together, constitutes PII? (Choose two.)
A. Full name
B. Birth date
C. Account balance
D. Marital status
E. Employment status
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members WHERE email = "[email protected]"; DROP TABLE members; ?
Which of the following did the hackers perform?
A. Cleared tracks of [email protected] entries
B. Deleted the entire members table
C. Deleted the email password and login details
D. Performed a cross-site scripting (XSS) attack
According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
A. 3 months
B. 6 months
C. 1 year
D. 5 years
The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
A. Wireless router
B. Switch
C. Firewall
D. Access point
E. Hub
An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?
A. Internet Message Access Protocol (IMAP)
B. Network Basic Input/Output System (NetBIOS)
C. Database
D. Network Time Protocol (NTP)