1) A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are described in the photo. The company wants to purchase one SSL certificate that will work for all existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements? a) SAN b) Wildcard c) Extended validation d) Self-signed 2) A user contacts the help desk to report the following in the photo described. Which of the following attack vectors was MOST likely used in this scenario? a) Rogue access point b) Evil twin c) DNS poisoning d) ARP poisoning 3) A security analyst receives a SIEM alert that someone logged into the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log described in the photo. Which of the following can the security analyst conclude? a) A replay attack is being conducted against the application. b) An injection attack is being conducted against a user authentication system. c) A service account password may have been changed, resulting in continuous failed logins within the application. d) A credentialed vulnerability scanner attack is testing several CVEs against the application. 4) An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the are included in the photo. Which of the following solutions would meet the requirements? a) OAuth 2.0 b) Secure Enclave c) A privileged access management system d) An OpenID Connect authenication system 5) A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation. An incident responder learns the following information described in the photo. Which of the following is the MOST likely root cause? a) HTTPS sessions are being downgraded to insecure cipher suites b) The SSL inspection proxy is feeding events to a compromised SIEM c) The payment providers are insecurely processing credit card charges d) The adversary has not yet established a presence on the guest WiFi network 6) A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events described in the upper portion of the photo. To better understand what is going on, the analyst runs a command and receives the following output described in the bottom portion of the photo. Based on the analyst's findings, which of the following attacks is being executed? a) Credential harvesting b) Keylogger c) Brute-force d) Spraying 7) A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message described in the photo. Which of the following network attacks is the researcher MOST likely experiencing? a) MAC cloning b) Evil twin c) Man-in-the-middle d) ARP poisoning 8) A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs into the router, runs a command, and receives the following output described in the photo. Which of the following is the router experiencing? a) DDoS attack b) Memory leak c) Buffer overflow d) Resource exhaustion 9) A network Administrator was provided the following output from a vulnerability scan described in the photo. The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise. Which of the following plugin IDs should be remediated FIRST? a) 10 b) 11 c) 12 d) 13 e) 14 10) A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output described in the photo. When examining the PCAP associated with the event, the security administrator finds the following information described in the photo. Which of the following actions should the security administrator take? a) Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic. b) Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events. c) Implement a host-based firewall rule to block future events of this type from occuring. d) Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts. 11) A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat -an command to discover if the web seerver is up and listening. The analyst receives the following output described in the photo. Which of the following types of attack is the analyst seeing? a) Buffer overflow b) Domain hijacking c) Denial of service d) ARP poisoning 12) A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat. (PHOTO). Given the file contents and the system's issues, which of the following types of malware is present? a) Rootkit b) Logic bomb c) Worm d) Virus 13) A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry described in the photo. Which of the following security technologies is MOST likely being configured? a) Application whitelisting b) HIDS c) Data execution prevention d) Removable media control 14) A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output described in the photo. Which of the following attacks does the analyst MOST likely see in this packet capture? a) Session replay b) Evil twin c) Bluejacking d) ARP poisoning 15) A security administrator checks the table of a network switch, which shows the following output described in the photo. Which of the following is happening to this switch? a) MAC Flooding b) DNS poisoning c) MAC cloning d) ARP poisoning 16) A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, while reviewing logs and tool output, the analyst sees the following (PHOTO). Which of the following attacks has occurred? a) IP conflict b) Pass-the-hash c) MAC flooding d) Directory traversal e) ARP poisoning 17) A security analyst is reviewing the following attack log output (PHOTO). Which of the following types of attacks does this MOST likely represent? a) Rainbow table b) Brute-force c) Password-spraying d) Dictionary 18) During an incident response, a security analyst observes the following log entry on the web server (PHOTO). Which of the following BEST describes the type of attack the analyst is experiencing? a) SQL injection b) Cross-site scripting c) Pass-the-hash d) Directory Traversal 19) A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message (PHOTO). Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected? a) Pass-the-hash b) Buffer overflow c) Cross-site scripting d) Session replay

Security + (W/ Pictures)

Edetabel

Visuaalne stiil

Valikud

Vaheta malli

Kas taastada automaatselt salvestatud ?