A technician at a company's retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.
Which of the following is MOST likely causing the issue?

• A.A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.
• B.Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.
• C.A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.
• D.Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.

Comment: *

Name: *

Email: *

Verification: *

During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

• A.Line 1
• B.Line 4
• C.Line 2
• D.Line 3
• E.Line 5
• F.Line 6

Comment: *

Name: *

Email: *

Verification: *

While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Select TWO).

• A.Configure /etc/passwd to deny root logins and restart the SSHD service.
• B.Reset the passwords for all accounts on the affected system.
• C.Add a rule on the perimeter firewall to block the source IP address.
• D.Configure /etc/sshd_config to deny root logins and restart the SSHD service.
• E.Add a rule on the affected system to block access to port TCP/22.
• F.Add a rule on the network IPS to block SSH user sessions

Comment: *

Name: *

Email: *

Verification: *

The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?

• A.Modify the EDR solution to use heuristic analysis techniques for malware.
• B.Reconfigure the EDR solution to perform real-time scanning of all files
• C.Implement an EDR mail module that will rewrite and analyze email links.
• D.Turn on full behavioral analysis to avert an infection
• E.Ensure EDR signatures are updated every day to avert infection.

Comment: *

Name: *

Email: *

Verification: *

A forensic analyst took an image of a workstation that was involved in an incident To BEST ensure the image is not tampered with me analyst should use:

• A.chain of custody.
• B.hashing
• C.a legal hold
• D.backup tapes

Comment: *

Name: *

Email: *

Verification: *