QUESTION 45
A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?

QUESTION 46
An organization recently suffered a breach due to a human resources administrator emailing employee names and Social Security numbers to a distribution list. Which of the following tools would help mitigate this risk from recurring?

QUESTION 47
An organization recently suffered a data breach involving a server that had Transmission Control Protocol (TCP) port 1433 inadvertently exposed to the Internet. Which of the following services was vulnerable?

QUESTION 48
Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?

QUESTION 49
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
Tempchill.exe:Powershell.exe -Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep -s 900) } while(1)” Which of the following BEST represents what the attacker was trying to accomplish?

QUESTION 50
Which of the following, when exposed together, constitutes PII? (Choose two.)

QUESTION 51
In which of the following attack phases would an attacker use Shodan?

QUESTION 52
A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
– Running antivirus scans on the affected user machines
– Checking department membership of affected users
– Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
– Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?

QUESTION 53
An attacker intercepts a hash and compares it to pre-computed hashes to crack a password. Which of the following methods has been used?

QUESTION 54
Which of the following is susceptible to a cache poisoning attack?

QUESTION 55
When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?

QUESTION 56
Organizations considered “covered entities” are required to adhere to which compliance requirement?

QUESTION 57
Detailed step-by-step instructions to follow during a security incident are considered:

QUESTION 58
An unauthorized network scan may be detected by parsing network sniffer data for:

QUESTION 59
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?