Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider (MSSP).
What kind of SIEM is Robin planning to implement?
Answer : B
What type of event is recorded when an application driver loads successfully in Windows?
Answer : D
Reference: https://www.manageengine.com/network-monitoring/Eventlog_Tutorial_Part_I.html
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10
Identify the attack depicted in the above scenario.
Answer : D
John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.
Which of the following types of threat intelligence did he use?
Answer : D
Which of the following is a default directory in a Mac OS X that stores security-related logs?
Answer : D
John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.
Which of following Splunk query will help him to fetch related logs associated with process creation?
Answer : B
Reference: https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5a3187b4419202f0fb8b2dd1/1513195444728/Windows+Splunk+Logging+Cheat+Sheet+v2.2.pdf
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
Answer : B
Reference: https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/sitedefaults/logfile/
What does the Security Log Event ID 4624 of Windows 10 indicate?
Answer : C
Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4624
Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?
Answer : C
Reference: https://library.educause.edu/topics/policy-and-law/pci-dss
What does the HTTP status codes 1XX represents?
Answer : A
Reference: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#:~:text=1xx%20informational%20response%20–%20the%20request,syntax%20or%20cannot%20be%20fulfilled
In which phase of Lockheed Martin's – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
Answer : C
Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.
Answer : D
Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-july2017.pdf
What does [-n] in the following checkpoint firewall log syntax represents? fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]
Answer : A
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25532
Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?
Answer : A
Reference: https://www.cbtnuggets.com/blog/technology/networking/what-is-a-dhcp-starvation-attack
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.
Answer : B