Hotspot Question
A security analyst performs various types of vulnerability scans. You must review the vulnerability scan results to determine the type of scan that was executed and determine if a false positive occurred for each device.
Instructions:
Select the drop option for whether the results were generated from a credentialed scan, non- credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives.
NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time. Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named Webserverlist. Xml. The host list is provided in a file named werbserverlist,text. Which of the fallowing Nmap commands would BEST accomplish this goal?
A)

B)

C)

D)

• A.Option D
• B.Option C
• C.Option A
• D.Option B

Comment: *

Name: *

Email: *

Verification: *

A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

• A.Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
• B.Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
• C.Examine the server logs for further indicators of compromise of a web application.
• D.Run kill -9 1325 to bring the load average down so the server is usable again.

Comment: *

Name: *

Email: *

Verification: *

Which of the following commands would a security analyst use to make a copy of an image for forensics use?

• A.wget
• B.rm
• C.touch
• D.dd

Comment: *

Name: *

Email: *

Verification: *

A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

• A.Tool A is agent based.
• B.Tool B is unauthenticated.
• C.Tool B is agent based.
• D.Tool A is unauthenticated.
• E.Tool A used fuzzing logic to test vulnerabilities.
• F.Tool B utilized machine learning technology.

Comment: *

Name: *

Email: *

Verification: *