A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output:

Which of the following commands should the administrator run NEXT to further analyze the compromised system?

• A./bin/ls -l /proc/1301/exe
• B.strace /proc/1301
• C.rpm -V openssh-server
• D.kill -9 1301

Comment: *

Name: *

Email: *

Verification: *

A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

• A.Attack vectors
• B.Adversary capability
• C.Diamond Model of Intrusion Analysis
• D.Kill chain
• E.Total attack surface

Comment: *

Name: *

Email: *

Verification: *

A security analyst receives an alert from the SIEM about a possible attack happening on the network The analyst opens the alert and sees the IP address of the suspected server as 192.168.54.66. which is part of the network 192 168 54 0/24. The analyst then pulls all the command history logs from that server and sees the following

Which of the following activities is MOST likely happening on the server?

• A.A MITM attack
• B.Enumeration
• C.A vulnerability scan
• D.Fuzzing

Comment: *

Name: *

Email: *

Verification: *

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.
Which of the following data types are MOST likely at risk of exposure based on this new threat?
(Choose two.)

• A.Corporate financial data
• B.Cardholder data
• C.Personal health information
• D.Intellectual property
• E.Employee records

Comment: *

Name: *

Email: *

Verification: *

A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering the vulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerable application is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code execution to gain privileged access to the system. Which of the following is the BEST course of actions to mitigate this threat?

• A.Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability.
• B.Work with the manufacturer to determine the time frame for the fix.
• C.Block the vulnerable application traffic at the firewall and disable the application services on each computer.
• D.Remove the application and replace it with a similar non-vulnerable application.

Comment: *

Name: *

Email: *

Verification: *