A cybersecurity expert assigned to be the IT manager of a middle-sized company discovers that there is little endpoint security implementation on the company’s systems. Which of the following could be included in an endpoint security solution? (Choose two.)
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are
MOST important for log integrity? (Choose two.)
Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)
A security engineer is setting up security information and event management (SIEM). Which of the following log sources should the engineer include that will contain indicators of a possible web server compromise? (Choose two.)
A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST
likely used by the analyst for the initial discovery?
An incident handler is assigned to initiate an incident response for a complex network that has been affected
by malware. Which of the following actions should be taken FIRST?
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
Which of the following is an automated password cracking technique that uses a combination of uppercase and lowercase letters, 0-9 numbers, and special characters?
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After
reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)
According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?