- Email support@dumps4free.com
An incident investigator asks to receive a copy of the event from all firewalls, prosy servers,
and Intrusion Detection Systems (IDS) on the network of an organization that has
experienced a possible breach of security. When the investigator attempts to correlate the
information in all of the logs the sequence of many of the logged events do not match up.
What is the most likely cause?
A.
The network devices are not all synchronized
B.
The securitybreach was a false positive.
C.
The attack altered or erased events from the logs.
D.
Proper chain of custody was not observed while collecting the logs.
The attack altered or erased events from the logs.
You are performing a penetration test. You achieved access via a bufferoverflow exploit
and you proceed to find interesting data, such as files with usernames and passwords. You
find a hidden folder that has the administrator’s bank account password and login
information for the administrator’s bitcoin account.
What should you do?
A.
Do not transfer the money but steal the bitcoins.
B.
Report immediately to the administrator.
C.
Transfer money from the administrator’s account to another account.
D.
Do not report it and continue the penetration test.
Report immediately to the administrator.
Port scanning can be used as part of a technical assessment to determine network
vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted
system.
If a scanned port is open, what happens?
A.
The port will ignore the packets.
B.
The port will send an RST.
C.
The port will send an ACK.
D.
The port will send a SYN.
The port will ignore the packets.
You’ve just been hired to perform a pentest on an organization that has been subjected to
a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to
totally eliminate risk.
What is one of the first thing you should to when the job?
A.
Start the wireshark application to start sniffing network traffic.
B.
Establish attribution to suspected attackers.
C.
Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to
acceptable levels.
D.
Interview all employees in the company to rule out possible insider threats.
Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to
acceptable levels.
Which of the following describes the characteristics of a Boot Sector Virus?
A.
Overwrites the original MBR and only executes the new virus code
B.
Modifies directory table entries so that directory entries point to the virus code instead of
the actual program
C.
Moves the MBR to another location on the hard disk and copies itself to the original
location of the MBR
D.
Moves the MBR to another location on the RAM and copies itself to the original location
of the MBR
Moves the MBR to another location on the hard disk and copies itself to the original
location of the MBR
| Page 5 out of 25 Pages |
| Previous |