Filters
Question type
Study Flashcards

Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.) A) Domain name:iraniansk.com B) Server: nginx C) Hash value: 5f31ab113af08=1597090577 D) filename= Fy.exe E) Content-Type: application/octet-stream Refer to the exhibit. According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)


A) Domain name:iraniansk.com
B) Server: nginx
C) Hash value: 5f31ab113af08=1597090577
D) filename= "Fy.exe"
E) Content-Type: application/octet-stream

F) B) and C)
G) D) and E)

Correct Answer

verifed

verified

A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)


A) Introduce a priority rating for incident response workloads.
B) Provide phishing awareness training for the fill security team.
C) Conduct a risk audit of the incident response workflow.
D) Create an executive team delegation plan.
E) Automate security alert timeframes with escalation triggers.

F) A) and D)
G) B) and E)

Correct Answer

verifed

verified

Which information is provided bout the object file by the "-h" option in the objdump line command objdump -b oasys -m vax -h fu.o ?


A) bfdname
B) debugging
C) help
D) headers

E) B) and C)
F) A) and B)

Correct Answer

verifed

verified

A website administrator has an output of an FTP session that runs nightly to download and unzip files to a local staging server. The download includes thousands of files, and the manual process used to find how many files failed to download is time-consuming. The administrator is working on a PowerShell script that will parse a log file and summarize how many files were successfully downloaded versus ones that failed. Which script will read the contents of the file one line at a time and return a collection of objects?


A) Get-Content-Folder \\Server\FTPFolder\Logfiles\ftpfiles.log | Show-From "ERROR", "SUCCESS"
B) Get-Content -ifmatch \\Server\FTPFolder\Logfiles\ftpfiles.log | Copy-Marked "ERROR", "SUCCESS"
C) Get-Content -Directory \\Server\FTPFolder\Logfiles\ftpfiles.log | Export-Result "ERROR", "SUCCESS"
D) Get-Content -Path \\Server\FTPFolder\Logfiles\ftpfiles.log | Select-String "ERROR", "SUCCESS"

E) All of the above
F) B) and D)

Correct Answer

verifed

verified

Which technique is used to evade detection from security products by executing arbitrary code in the address space of a separate live operation?


A) process injection
B) privilege escalation
C) GPO modification
D) token manipulation

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Refer to the exhibit. What should be determined from this Apache log? A) A module named mod_ssl is needed to make SSL connections. B) The private key does not match with the SSL certificate. C) The certificate file has been maliciously modified D) The SSL traffic setup is improper Refer to the exhibit. What should be determined from this Apache log?


A) A module named mod_ssl is needed to make SSL connections.
B) The private key does not match with the SSL certificate.
C) The certificate file has been maliciously modified
D) The SSL traffic setup is improper

E) A) and B)
F) B) and C)

Correct Answer

verifed

verified

Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs? A) http.request.un matches B) tls.handshake.type ==1 C) tcp.port eq 25 D) tcp.window_size ==0 Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?


A) http.request.un matches
B) tls.handshake.type ==1
C) tcp.port eq 25
D) tcp.window_size ==0

E) A) and C)
F) A) and B)

Correct Answer

verifed

verified

What is the function of a disassembler?


A) aids performing static malware analysis
B) aids viewing and changing the running state
C) aids transforming symbolic language into machine code
D) aids defining breakpoints in program execution

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

A

A security team received an alert of suspicious activity on a user's Internet browser. The user's anti-virus software indicated that the file attempted to create a fake recycle bin folder and connect to an external IP address. Which two actions should be taken by the security analyst with the executable file for further analysis? (Choose two.)


A) Evaluate the process activity in Cisco Umbrella.
B) Analyze the TCP/IP Streams in Cisco Secure Malware Analytics (Threat Grid) .
C) Evaluate the behavioral indicators in Cisco Secure Malware Analytics (Threat Grid) .
D) Analyze the Magic File type in Cisco Umbrella.
E) Network Exit Localization in Cisco Secure Malware Analytics (Threat Grid) .

F) A) and B)
G) C) and D)

Correct Answer

verifed

verified

Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.) A) Block network access to all .shop domains B) Add a SIEM rule to alert on connections to identified domains. C) Use the DNS server to block hole all .shop requests. D) Block network access to identified domains. E) Route traffic from identified domains to block hole. Refer to the exhibit. Which two actions should be taken based on the intelligence information? (Choose two.)


A) Block network access to all .shop domains
B) Add a SIEM rule to alert on connections to identified domains.
C) Use the DNS server to block hole all .shop requests.
D) Block network access to identified domains.
E) Route traffic from identified domains to block hole.

F) A) and B)
G) B) and D)

Correct Answer

verifed

verified

A scanner detected a malware-infected file on an endpoint that is attempting to beacon to an external site. An analyst has reviewed the IPS and SIEM logs but is unable to identify the file's behavior. Which logs should be reviewed next to evaluate this file further?


A) email security appliance
B) DNS server
C) Antivirus solution
D) network device

E) B) and D)
F) A) and D)

Correct Answer

verifed

verified

An attacker embedded a macro within a word processing file opened by a user in an organization's legal department. The attacker used this technique to gain access to confidential financial data. Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)


A) controlled folder access
B) removable device restrictions
C) signed macro requirements
D) firewall rules creation
E) network access control

F) C) and E)
G) D) and E)

Correct Answer

verifed

verified

A,C

Refer to the exhibit. A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event? A) DNS spoofing; encrypt communication protocols B) SYN flooding, block malicious packets C) ARP spoofing; configure port security D) MAC flooding; assign static entries Refer to the exhibit. A security analyst notices unusual connections while monitoring traffic. What is the attack vector, and which action should be taken to prevent this type of event?


A) DNS spoofing; encrypt communication protocols
B) SYN flooding, block malicious packets
C) ARP spoofing; configure port security
D) MAC flooding; assign static entries

E) None of the above
F) All of the above

Correct Answer

verifed

verified

An "unknown error code" is appearing on an ESXi host during authentication. An engineer checks the authentication logs but is unable to identify the issue. Analysis of the vCenter agent logs shows no connectivity errors. What is the next log file the engineer should check to continue troubleshooting this error?


A) /var/log/syslog.log
B) /var/log/vmksummary.log
C) var/log/shell.log
D) var/log/general/log

E) None of the above
F) B) and C)

Correct Answer

verifed

verified

Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console?


A) Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console? A) B) C) D)
B) Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console? A) B) C) D)
C) Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console? A) B) C) D)
D) Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console? A) B) C) D)

E) B) and C)
F) None of the above

Correct Answer

verifed

verified

A

Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream? A) It is redirecting to a malicious phishing website, B) It is exploiting redirect vulnerability C) It is requesting authentication on the user site. D) It is sharing access to files and printers. Refer to the exhibit. An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL. What should be determined about the SMB traffic from this stream?


A) It is redirecting to a malicious phishing website,
B) It is exploiting redirect vulnerability
C) It is requesting authentication on the user site.
D) It is sharing access to files and printers.

E) C) and D)
F) A) and C)

Correct Answer

verifed

verified

Refer to the exhibit. Which encoding technique is represented by this HEX string? A) Unicode B) Binary C) Base64 D) Charcode Refer to the exhibit. Which encoding technique is represented by this HEX string?


A) Unicode
B) Binary
C) Base64
D) Charcode

E) A) and B)
F) B) and C)

Correct Answer

verifed

verified

An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?


A) An engineer should check the list of usernames currently logged in by running the command $ who | cut -d' ' -f1| sort | uniq An engineer should check the list of usernames currently logged in by running the command $ who | cut -d' ' -f1| sort | uniq
B) An engineer should check the server's processes by running commands ps -aux and sudo ps -a . An engineer should check the server's processes by running commands ps -aux and sudo ps -a .
C) An engineer should check the services on the machine by running the command service -status-all . An engineer should check the services on the machine by running the command service -status-all
D) An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/log/apache2/access.log . An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/log/apache2/access.log

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

A security team receives reports of multiple files causing suspicious activity on users' workstations. The file attempted to access highly confidential information in a centralized file server. Which two actions should be taken by a security analyst to evaluate the file in a sandbox? (Choose two.)


A) Inspect registry entries
B) Inspect processes.
C) Inspect file hash.
D) Inspect file type.
E) Inspect PE header.

F) All of the above
G) A) and B)

Correct Answer

verifed

verified

Refer to the exhibit. What is the IOC threat and URL in this STIX JSON snippet? A) malware; 'http://x4z9arb.cn/4712/' B) malware; x4z9arb backdoor C) x4z9arb backdoor; http://x4z9arb.cn/4712/ D) malware; malware--162d917e-766f-4611-b5d6-652791454fca E) stix; 'http://x4z9arb.cn/4712/' Refer to the exhibit. What is the IOC threat and URL in this STIX JSON snippet?


A) malware; 'http://x4z9arb.cn/4712/'
B) malware; x4z9arb backdoor
C) x4z9arb backdoor; http://x4z9arb.cn/4712/
D) malware; malware--162d917e-766f-4611-b5d6-652791454fca
E) stix; 'http://x4z9arb.cn/4712/'

F) A) and C)
G) D) and E)

Correct Answer

verifed

verified

Showing 1 - 20 of 25

Related Exams

Exam 1

Supporting Cisco Data Center System Devices (DCTECH)

128 Questions

Exam 2

Cisco Certified Technician Routing & Switching (RSTECH)

48 Questions

Exam 3

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

141 Questions

Exam 4

Cisco Certified Network Associate (CCNA)

411 Questions

Exam 5

Managing Industrial Networks with Cisco Networking Technologies (IMINS)

36 Questions

Exam 6

DevNet Associate (DEVASC)

134 Questions

Exam 8

Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

114 Questions

Exam 9

Implementing Cisco SD-WAN Solutions (ENSDWI)

147 Questions

Exam 10

Designing Cisco Enterprise Networks (ENSLD)

109 Questions

Exam 11

Designing Cisco Enterprise Wireless Networks (300-425 ENWLSD)

106 Questions

Exam 12

Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)

101 Questions

Exam 13

Automating Cisco Enterprise Solutions (ENAUTO)

84 Questions

Exam 14

Implementing Cisco Service Provider Advanced Routing Solutions (SPRI)

74 Questions

Exam 15

Implementing Cisco Service Provider VPN Services (SPVI)

49 Questions

Exam 16

Designing Cisco Data Center Infrastructure (DCID)

73 Questions

Exam 17

Troubleshooting Cisco Data Center Infrastructure (DCIT)

84 Questions

Exam 18

Implementing Cisco Application Centric Infrastructure (DCACI)

101 Questions

Exam 19

Configuring Cisco MDS 9000 Series Switches (DCSAN)

65 Questions

Exam 20

Implementing Cisco Application Centric Infrastructure - Advanced

36 Questions

Exam 21

Automating Cisco Data Center Solutions (DCAUTO)

36 Questions

Exam 22

Securing Networks with Cisco Firepower (300-710 SNCF)

65 Questions

Exam 23

Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

130 Questions

Exam 24

Securing Email with Cisco Email Security Appliance (300-720 SESA)

65 Questions

Exam 25

Securing the Web with Cisco Web Security Appliance (300-725 SWSA)

75 Questions

Exam 26

Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

49 Questions

Exam 27

Automating Cisco Security Solutions (SAUTO)

75 Questions

Exam 28

Implementing Cisco Collaboration Applications (CLICA)

39 Questions

Exam 29

Implementing Cisco Advanced Call Control and Mobility Services (CLASSM)

86 Questions

Exam 30

Implementing Cisco Collaboration Cloud and Edge Solutions

90 Questions

Exam 31

Implementing Cisco Collaboration Conferencing

65 Questions

Exam 32

Automating Cisco Collaboration Solutions (CLAUTO)

27 Questions

Exam 33

Implementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS)

66 Questions

Exam 34

Developing Solutions Using Cisco IoT and Edge Platforms (DEVIOT)

33 Questions

Exam 35

Developing Applications for Cisco Webex and Webex Devices (DEVWBX)

41 Questions

Exam 36

Performing CyberOps Using Core Security Technologies (CBRCOR)

37 Questions

Exam 37

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

106 Questions

Exam 38

Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

260 Questions

Exam 39

Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

116 Questions

Exam 40

Implementing and Operating Cisco Security Core Technologies

208 Questions

Exam 41

Implementing Cisco Collaboration Core Technologies (CLCOR)

213 Questions

Exam 42

Developing Applications using Cisco Core Platforms and APIs (DEVCOR)

131 Questions

Exam 43

CCDE Design Written

145 Questions

Exam 44

Deploying Cisco Unified Contact Center Express

660 Questions

Exam 45

Cisco Meraki Solutions Specialist

101 Questions

Exam 46

Securing Cisco Networks with Sourcefire FireAMP Endpoints

24 Questions

Exam 47

Designing Cisco Unified Contact Center Enterprise (UCCED)

227 Questions

Exam 48

Implementing and Supporting Cisco Unified Contact Center Enterprise (UCCEIS)

55 Questions

Exam 49

Cisco Collaboration SaaS Authorization Exam

47 Questions

Exam 50

Cisco Security Architecture for System Engineers

56 Questions

Exam 51

Adopting The Cisco Business Architecture Approach (DTBAA)

239 Questions

Exam 52

Cisco Customer Success Manager (CSM)

44 Questions

Exam 53

Mastering The Cisco Business Architecture Discipline (DTBAD)

36 Questions

Show Answer