×
Detail Form
We will send your result on your email id and phone no. please fill detail
1.
During a malware outbreak, a security analyst has been asked to capture network traffic in hourly increments for analysis by the incident response team. Which of the following tcpdump commands would generate hourly pcap files?
2.
From a compromised system, an attacker bypasses a proxy server and sends a large amount of data to a remote location. A security analyst is tasked with finding the conduit that was used by the attacker to bypass the proxy. Which of the following Windows tools should be used to find the conduit?
3.
An attack was performed on a company's web server, disabling the company's website. The incident response team's investigation produced the following:
1. Presence of malicious code installed on employees' workstations.
2. Excessive UDP datagrams sent to a single address.
3. Web server received excessive UDP datagrams from multiple internal hosts.
4. Network experienced high traffic after 3:00 pm.
5. Employee workstations sent large traffic bursts when employees accessed the internal timecard application.
Which of the following BEST describes the attack tool used to perform the attack?
1. Presence of malicious code installed on employees' workstations.
2. Excessive UDP datagrams sent to a single address.
3. Web server received excessive UDP datagrams from multiple internal hosts.
4. Network experienced high traffic after 3:00 pm.
5. Employee workstations sent large traffic bursts when employees accessed the internal timecard application.
Which of the following BEST describes the attack tool used to perform the attack?
4.
An organization needs to determine of any systems on its network (10.0.25.0/24) have web services running on port 80 or 443. Which of the following is the BEST command to do this?
5.
A suspicious laptop is found in a datacenter. The laptop is on and processing data, although there is no application open on the screen. Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop's RAM for working applications?
6.
A system administrator needs to analyze a PCAP file on a Linux workstation where the use of GUI-based applications is restricted. Which of the following command line tools can the administrator use to analyze the PCAP?
7.
Malicious code that can replicate itself using various techniques is referred to as a:
8.
While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?
9.
A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?
10.
Log review shows that large amounts of data are being sent to an IP address unassociated with the company. Which of the following migration techniques should be implemented?