A malicious hacker wants to gather guest credentials on a hotel 802.11 network. Which of the following tools is the malicious
hacker going to use to gain access to information found on the hotel network?
A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following
methodologies would BEST address this task?
An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24
network and a user machine at the IP address 10.200.2.5. This user machine at the IP address
10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses
that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the
analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The
affected servers are virtual machines Which of the following is the BEST course of action?
A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?
An organization recently discovered some inconsistencies in the motherboards it received from a vendor. The organization's
security team then provided guidance on how to ensure the authenticity of the motherboards it received from vendors.
Which of the following would be the BEST recommendation for the security analyst to provide'?
A newly appointed Chief Information Security Officer (CISO) has completed a risk assessment review of the organization
and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results
the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data
points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk
factors to senior management? (Select TWO)
While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login
attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user
Company policy allows systems administrators to manage their systems only from the company's internal network using their
assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise?
A Configure /etc/sshd_config to deny root logins and restart the SSHD service.
B. Add a rule on the network IPS to block SSH user sessions
C. Configure /etc/passwd to deny root logins and restart the SSHD service.
D. Reset the passwords for all accounts on the affected system.
E. Add a rule on the perimeter firewall to block the source IP address.
F. Add a rule on the affected system to block access to port TCP/22.
An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication
plans that can be enacted in response to different cybersecurity incident
Which of the following is a benefit of having these communication plans?