| Question.76 A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line. Which of the following commands would be the BEST to run to view only active Internet connections? (A) sudo netstat -antu | grep LISTEN | awk ‘{print$5}’ (B) sudo netstat -nlt -p | grep ESTABLISHED (C) sudo netstat -plntu | grep -v Foreign Address (D) sudo netstat -pnut -w | column -t -s $’\w’ (E) sudo netstat -pnut | grep -P ^tcp |
76. Click here to View Answer
Answer: B
Reference:
https://www.codegrepper.com/code-examples/shell/netstat+find+port
| Question.77 During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed? (A) Order of volatility (B) Chain of custody (C) Verification (D) Secure storage |
77. Click here to View Answer
Answer: B
| Question.78 Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement? (A) IaaS (B) SaaS (C) FaaS (D) PaaS |
78. Click here to View Answer
Answer: B
| Question.79 An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform? (A) Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics. (B) Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics. (C) Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics. (D) Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics. |
79. Click here to View Answer
Answer: D
| Question.80 A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following: PAM had not been bypassed. DLP did not trigger any alerts. The antivirus was updated to the most current signatures. Which of the following MOST likely occurred? (A) Exploitation (B) Exfiltration (C) Privilege escalation (D) Lateral movement |
80. Click here to View Answer
Answer: A