DRAG DROP
Drag and drop the cloud characteristic from the left onto the challenges presented for gathering evidence on the right.
Select and Place:
DRAG DROP
Drag and drop the capabilities on the left onto the Cisco security solutions on the right.
Select and Place:
What is the steganography anti-forensics technique?
A. hiding a section of a malicious file in unused areas of a file
B. changing the file header of a malicious file to another file type
C. sending malicious files over a public network by encapsulation
D. concealing malicious files in ordinary or unsuspecting places
Refer to the exhibit. Which type of code is being used?
A. Shell
B. VBScript
C. BASH
D. Python
What is the function of a disassembler?
A. aids performing static malware analysis
B. aids viewing and changing the running state
C. aids transforming symbolic language into machine code
D. aids defining breakpoints in program execution
Refer to the exhibit. Which two determinations should be made about the attack from the Apache access logs? (Choose two.)
A. The attacker used r57 exploit to elevate their privilege.
B. The attacker uploaded the word press file manager trojan.
C. The attacker performed a brute force attack against word press and used sql injection against the backend database.
D. The attacker used the word press file manager plugin to upoad r57.php.
E. The attacker logged on normally to word press admin page.
An attacker embedded a macro within a word processing file opened by a user in an organization's legal department. The attacker used this technique to gain access to confidential financial data. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)
A. controlled folder access
B. removable device restrictions
C. signed macro requirements
D. firewall rules creation
E. network access control
Refer to the exhibit. Which encoding technique is represented by this HEX string?
A. Unicode
B. Binary
C. Base64
D. Charcode
Which information is provided bout the object file by the "-h" option in the objdump line command objdump 璪 oasys 璵 vax 環 fu.o?
A. bfdname
B. debugging
C. help
D. headers
An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?
A. An engineer should check the list of usernames currently logged in by running the command $ who | cut –d’ ‘ -f1| sort | uniq
B. An engineer should check the server's processes by running commands ps -aux and sudo ps -a.
C. An engineer should check the services on the machine by running the command service -status-all.
D. An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/log/apache2/access.log.
Refer to the exhibit. According to the SNORT alert, what is the attacker performing?
A. brute-force attack against the web application user accounts
B. XSS attack against the target webserver
C. brute-force attack against directories and files on the target webserver
D. SQL injection attack against the target webserver
Refer to the exhibit. What should be determined from this Apache log?
A. A module named mod_ssl is needed to make SSL connections.
B. The private key does not match with the SSL certificate.
C. The certificate file has been maliciously modified
D. The SSL traffic setup is improper
A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file's behavior. Which logs should be reviewed next to evaluate this file further?
A. email security appliance
B. DNS server
C. Antivirus solution
D. network device
Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)
A. Domain name:iraniansk.com
B. Server: nginx
C. Hash value: 5f31ab113af08=1597090577
D. filename= "Fy.exe"
E. Content-Type: application/octet-stream
Refer to the exhibit. A company that uses only the Unix platform implemented an intrusion detection system. After the initial configuration, the number of alerts is overwhelming, and an engineer needs to analyze and classify the alerts. The highest number of alerts were generated from the signature shown in the exhibit. Which classification should the engineer assign to this event?
A. True Negative alert
B. False Negative alert
C. False Positive alert
D. True Positive alert