An information security specialist is reviewing the following output from a Linux server.

Based on the above information, which of the following types of malware was installed on the server?

• A.Rootkit
• B.Backdoor
• C.Trojan
• D.Ransomware
• E.Logic bomb

Comment: *

Name: *

Email: *

Verification: *

A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant configuration items.
Which of the following BEST describe why this has occurred? (Choose two.)

• A.The incorrect audit file was used
• B.Non-applicable plugins were selected in the scan policy
• C.Privileged-user credentials were used to scan the host
• D.The target host has been compromised
• E.The output of the report contains false positives

Comment: *

Name: *

Email: *

Verification: *

A company's loss control department identifies theft as a recurring loss type over the past year. Based on the department's report, the Chief Information Officer (CIO) wants to detect theft of datacenter equipment. Which of the following controls should be implemented?

• A.Motion detectors
• B.Cameras
• C.Biometrics
• D.Mantraps

Comment: *

Name: *

Email: *

Verification: *

A company is currently using the following configuration:
IAS server with certificate-based EAP-PEAP and MSCHAP
Unencrypted authentication via PAP
A security administrator needs to configure a new wireless setup with the following configurations:
PAP authentication method
PEAP and EAP provide two-factor authentication
Which of the following forms of authentication are being used? (Select two.)

• A.PEAP- MSCHAP
• B.PAP
• C.PEAP
• D.MSCHAP
• E.EAP
• F.EAP-PEAP

Comment: *

Name: *

Email: *

Verification: *

SIMULATION
A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Correct Answer:

See the solution below.
Explanation:
Database server was attacked, actions should be to capture network traffic and Chain of Custody.


IDS Server Log:

Web Server Log:


Database Server Log:

Users PC Log:

Comment: *

Name: *

Email: *

Verification: *