When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

Further analysis shows these users never logged in to the server. Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

• A.A rainbow tables attack was used to compromise the accounts. The analyst should recommend that future password hashes contains a salt.
• B.A password spraying attack was used to compromise the passwords. The analyst should recommend that all users receive a unique password.
• C.A phishing attack was used to compromise the account. The analyst should recommend users install endpoint protection to disable phishing links.
• D.A rogue LDAP server is installed on the system and is connecting passwords. The analyst should recommend wiping and reinstalling the server.

Comment: *

Name: *

Email: *

Verification: *

Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient.
Which of the following controls would have MOST likely prevented this incident?

• A.SSO
• B.DLP
• C.WAF
• D.VDI

Comment: *

Name: *

Email: *

Verification: *

When reviewing network traffic, a security analyst detects suspicious activity:

Based on the log above, which of the following vulnerability attacks is occurring?

• A.ShellShock
• B.DROWN
• C.Zeus
• D.Heartbleed
• E.POODLE

Comment: *

Name: *

Email: *

Verification: *

The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading Which of the following should be the NEXT step in this incident response?

• A.Send a sample of the malware to the antivirus vendor and request urgent signature creation.
• B.Compile a list of loCs so the IPS can be updated to halt the spread.
• C.Begin deploying the new anti-malware on all uninfected systems.
• D.Enable an ACL on all VLANs to contain each segment

Comment: *

Name: *

Email: *

Verification: *

A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

• A.Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
• B.Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
• C.Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
• D.Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried

Comment: *

Name: *

Email: *

Verification: *