Question 26
A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets:
Which of the following traffic patterns or data would be MOST concerning to the security analyst?
Question 27
A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the
scan, several network services are disabled and production is affected. Which of the following sources
would be used to evaluate which network service was interrupted?
Question 28
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?
Question 29
A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?
Question 30
A threat intelligence analyst who works for a financial services firm received this report:
"There has been an effective waterhole campaign residing at
www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector." The analyst ran a query and has assessed that this traffic has been seen on the network.
Which of the following actions should the analyst do NEXT? (Select TWO).