An incident response team is recommending changes after analyzing a recent compromise in which:
✑ a large number of events and logs were involved;
✑ team members were not able to identify the anomalous behavior and escalate it in a timely manner;
✑ several network systems were affected as a result of the latency in detection;
✑ security engineers were able to mitigate the threat and bring systems back to a stable state; and
✑ the issue reoccurred shortly after and systems became unstable again because the correct information was not gathered during the initial identification phase.
Which two recommendations should be made for improving the incident response process? (Choose two.)
Answer : CE
Which information is provided bout the object file by the "-h" option in the objdump line command objdump ""b oasys ""m vax ""h fu.o?
Answer : D
Reference:
https://sourceware.org/binutils/docs/binutils/objdump.html
A threat actor attempts to avoid detection by turning data into a code that shifts numbers to the right four times. Which anti-forensics technique is being used?
Answer : C
Reference:
https://www.vadesecure.com/en/malware-analysis-understanding-code-obfuscation-techniques/#:~:text=Obfuscation%20of%20character%20strings%
20is,data%20when%20the%20code%20executes
.
Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?
Answer : A
Reference:
https://attack.mitre.org/techniques/T1055/
Refer to the exhibit. An HR department submitted a ticket to the IT helpdesk indicating slow performance on an internal share server. The helpdesk engineer checked the server with a real-time monitoring tool and did not notice anything suspicious. After checking the event logs, the engineer noticed an event that occurred 48 hour prior. Which two indicators of compromise should be determined from this information? (Choose two.)
Answer : AD
Which magic byte indicates that an analyzed file is a pdf file?
Answer : C
An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?
Answer : D
Refer to the exhibit. What do these artifacts indicate?
Answer : A
Refer to the exhibit. According to the SNORT alert, what is the attacker performing?
Answer : C
Refer to the exhibit. Which type of code created the snippet?
Answer : A
DRAG DROP -
Drag and drop the cloud characteristic from the left onto the challenges presented for gathering evidence on the right.
Select and Place:
Answer :
Refer to the exhibit. A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event?
Answer : C
Refer to the exhibit. Which two actions should be taken as a result of this information? (Choose two.)
Answer : AB
Refer to the exhibit. What should be determined from this Apache log?
Answer : D
DRAG DROP -
Drag and drop the steps from the left into the order to perform forensics analysis of infrastructure networks on the right.
Select and Place:
Answer :
Reference:
https://subscription.packtpub.com/book/networking_and_servers/9781789344523/1/ch01lvl1sec12/network-forensics-investigation-methodology
Have any questions or issues ? Please dont hesitate to contact us