Pre-Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

Which of the following Windows Event Id will help you monitors file sharing across the network?

A.

7045

B.

4625

C.

5140

D.

4624

Full Access
Question # 5

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?

NOTE: It is mandatory to answer the question before proceeding to the next one.

A.

High

B.

Extreme

C.

Low

D.

Medium

Full Access
Question # 6

Identify the type of attack, an attacker is attempting on www.example.com website.

A.

Cross-site Scripting Attack

B.

Session Attack

C.

Denial-of-Service Attack

D.

SQL Injection Attack

Full Access
Question # 7

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

A.

Planning and budgeting –> Physical location and structural design considerations –> Work area considerations –> Human resource considerations –> Physical security recommendations –> Forensics lab licensing

B.

Planning and budgeting –> Physical location and structural design considerations–> Forensics lab licensing –> Human resource considerations –> Work area considerations –> Physical security recommendations

C.

Planning and budgeting –> Forensics lab licensing –> Physical location and structural design considerations –> Work area considerations –> Physical security recommendations –> Human resource considerations

D.

Planning and budgeting –> Physical location and structural design considerations –> Forensics lab licensing –>Work area considerations –> Human resource considerations –> Physical security recommendations

Full Access
Question # 8

Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

A.

Dictionary Attack

B.

Rainbow Table Attack

C.

Bruteforce Attack

D.

Syllable Attack

Full Access
Question # 9

A type of threat intelligent that find out the information about the attacker by misleading them is known as

.

A.

Threat trending Intelligence

B.

Detection Threat Intelligence

C.

Operational Intelligence

D.

Counter Intelligence

Full Access
Question # 10

What does the Security Log Event ID 4624 of Windows 10 indicate?

A.

Service added to the endpoint

B.

A share was assessed

C.

An account was successfully logged on

D.

New process executed

Full Access
Question # 11

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.

What does this indicate?

A.

Concurrent VPN Connections Attempt

B.

DNS Exfiltration Attempt

C.

Covering Tracks Attempt

D.

DHCP Starvation Attempt

Full Access
Question # 12

Which of the following tool is used to recover from web application incident?

A.

CrowdStrike FalconTM Orchestrator

B.

Symantec Secure Web Gateway

C.

Smoothwall SWG

D.

Proxy Workbench

Full Access
Question # 13

Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

A.

Hybrid Attack

B.

Bruteforce Attack

C.

Rainbow Table Attack

D.

Birthday Attack

Full Access
Question # 14

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

A.

DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

B.

IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C.

DNS/ Web Server logs with IP addresses.

D.

Apache/ Web Server logs with IP addresses and Host Name.

Full Access
Question # 15

Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

A.

File Injection Attacks

B.

URL Injection Attacks

C.

LDAP Injection Attacks

D.

Command Injection Attacks

Full Access
Question # 16

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

A.

Rate Limiting

B.

Egress Filtering

C.

Ingress Filtering

D.

Throttling

Full Access
Question # 17

Which of the following attack can be eradicated by filtering improper XML syntax?

A.

CAPTCHA Attacks

B.

SQL Injection Attacks

C.

Insufficient Logging and Monitoring Attacks

D.

Web Services Attacks

Full Access
Question # 18

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

A.

threat_note

B.

MagicTree

C.

IntelMQ

D.

Malstrom

Full Access
Question # 19

Which encoding replaces unusual ASCII characters with "%" followed by the character’s two-digit ASCII code expressed in hexadecimal?

A.

Unicode Encoding

B.

UTF Encoding

C.

Base64 Encoding

D.

URL Encoding

Full Access
Question # 20

Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

A.

Containment

B.

Data Collection

C.

Eradication

D.

Identification

Full Access
Question # 21

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

A.

DoS Attack

B.

Man-In-Middle Attack

C.

Ransomware Attack

D.

Reconnaissance Attack

Full Access
Question # 22

Which of the following factors determine the choice of SIEM architecture?

A.

SMTP Configuration

B.

DHCP Configuration

C.

DNS Configuration

D.

Network Topology

Full Access
Question # 23

Which of the following directory will contain logs related to printer access?

A.

/var/log/cups/Printer_log file

B.

/var/log/cups/access_log file

C.

/var/log/cups/accesslog file

D.

/var/log/cups/Printeraccess_log file

Full Access
Question # 24

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.

Original URL: http://www.buyonline.com/product.aspx?profile=12 &debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12 &debit=10

Identify the attack depicted in the above scenario.

A.

Denial-of-Service Attack

B.

SQL Injection Attack

C.

Parameter Tampering Attack

D.

Session Fixation Attack

Full Access
Question # 25

If the SIEM generates the following four alerts at the same time:

I.Firewall blocking traffic from getting into the network alerts

II.SQL injection attempt alerts

III.Data deletion attempt alerts

IV.Brute-force attempt alerts

Which alert should be given least priority as per effective alert triaging?

A.

III

B.

IV

C.

II

D.

I

Full Access
Question # 26

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

A.

/etc/ossim/reputation

B.

/etc/ossim/siem/server/reputation/data

C.

/etc/siem/ossim/server/reputation.data

D.

/etc/ossim/server/reputation.data

Full Access
Question # 27

Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider (MSSP).

What kind of SIEM is Robin planning to implement?

A.

Self-hosted, Self-Managed

B.

Self-hosted, MSSP Managed

C.

Hybrid Model, Jointly Managed

D.

Cloud, Self-Managed

Full Access
Question # 28

Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

A.

Ransomware Attack

B.

DoS Attack

C.

DHCP starvation Attack

D.

File Injection Attack

Full Access
Question # 29

What does Windows event ID 4740 indicate?

A.

A user account was locked out.

B.

A user account was disabled.

C.

A user account was enabled.

D.

A user account was created.

Full Access
Question # 30

Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:

May 06 2018 21:27:27 asa 1: %ASA -5 – 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?

A.

Warning condition message

B.

Critical condition message

C.

Normal but significant message

D.

Informational message

Full Access