CSA exam

CSA exam form

1. Identify the password cracking attempt involving a precomputed dictionary of 1 point

plaintext pessetes and their corresponding hash values to crack the password

Mark only one oval.

Brute force Attack

Dictionary Attack

Syllable Attack

Rainbow Table Attack

2. Which of the following security technology is used to attract and trap people 1 point

who attempt unauthorized or illicit utilization of the host system?

Mark only one oval.

De-Militarized Zone (DMZ)

Firewall

Intrusion Detection System

Honeypot
3. An attacker exploits the logic validation mechanisms of an e commerce 1 point

website. He successfully puncheses product worth $100 for $10 by

modifying the URL exchanged between the dient and the serve

Original URL:

http://www.buyonline.com/product.aspx?profile=2&debt-100
Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10

Identify the attack depicted in the above scenaria

Mark only one oval.

Session Fixation Attack

SQL Injection Attack

Denial-of-Service Attack

Parameter Tampering Attack

4. Which of the following service provides phishing protection and content 1 point

filtering to manage the Internet experience on and off your network

with the acceptable use or compliance policies?

Mark only one oval.

OpenDNS

Malstrom

Apility.io

Blocklist
5. Which of the following event detection techniques uses User and Entity 1 point

Behavior Analytics (UEBA)?

Mark only one oval.

Rule-based detection

Heuristic-based detection

Anomaly-based detection

Signature-based detection

6. Which of the following Windows Event Id will help you monitors file sharing 1 point

across the network?

Mark only one oval.

4625

4624

7045

5140

7. Which of the following is a correct flow of the stages in an incident handling 1 point

and response (H&R) process?

Incident Triage->Eradication->Containment->Incident Recording->Preparation-

>Recovery->Pos Incident Activities

Mark only one oval.

Containment->Incident Recording->Incident Triage->Preparation->Recovery-

>Eradication->PostIncident Activities

Incident Recording->Preparation->Containment->Iincident. Triage->Recovery-

>Eradication->Post Incident Activities

Preparation->Incident Recording->Incident Triage-Containment->Eradication-

>Recovery Incident Activities
8. InfoSystem LLC, a US-based company, is establishing an in-house SOC John 1 point

has been given the responsibility to finalize strategy, policies, and

procedures for the SOC. Identify the job role of John.

Mark only one oval.

Security Analyst-1

Chief Information Security Oficer (CSO)

Security Engineer

Security Analyst-12

9. Wesley is an incident handler in a company named Maddison Tech. One day, 1 point

he was learning techniques for eradicating the insecure

deserialization attacks. What among the following should Wesley avoid from
considering?

Mark only one oval.

Allow serialization fors security-sensitive classes

Deserialization of trusted data must cross a trust boundary

Understand the security permissions given to serialization and deserialization

Validate untrusted input, which is to be serialized to ensure that serialized data

contain only trusted classes

10. Which of the following contains the performance measures, and proper 1 point

project and time management details?

Mark only one oval.

Incident Response Process

Incident Response Tactics

CIncident Response Policy

Incident Response Procedures

11. If the SIEM generates the following four alerts at the same time: 1 point

Mark only one oval.

ILSQL injection attempt alerts

LFirewall blocking traffic from getting into the network alerts

IILData deletion attempt alerts

V.Brute-force attempt alerts

12. Which one of the following is the correct flow for Setting Up a Computer 1 point

Forensics Lab?

Mark only one oval.

Planning and budgeting + Physical location and structural design considerations –

Work area considerations-Human resource considerations- Physical security
recommendations -Forencics lab licensing

Planning and budgeting → Forensis lab licensing → Physical location and

structural design considerations - Work area considerations Physical security
recommendations Human rexure considerations

Planning and budgeting → Physical location and structural design considerations-

Frensis lab licensing → Human resource considerations Work area considerations -
Prysical secunty recommendations

Planning and budgeting → Physical location and structural design considerations -

Forensics lab licensing → Work area considerations Human resource considerations -
Physical secunty recommendations
13. Bonney's system has been compromised by a gruesome malware. 1 point

What is the primary step that is advisable to Bonney in order to contain the
malware incident from spreading?

Mark only one oval.

Turn off the infected machine

Complain to police in a formal way regarding the incident

Leave it to the network administrators to handle

Call the legal department in the organization and inform about the rodent

14. Daniel is a member of an IRT, which was started recently in a company 1 point

named Mesh Tech. He wanted to find the purpose and scope of the
planned incident response capabilities. What is he looking for?

Mark only one oval.

Incident Response Resources

Incident Response Mission

Incident Response Intelligence

Incident Response Vision

15. What does the HTTP status codes 1XX represents? 1 point

Mark only one oval.

Success

Client error

Redirection

Informational message
16. Which of the following data source will a SOC Analyst use to monitor 1 point

connections to the insecure ports?

Mark only one oval.

Netstat Data

DNS Data

DHCP Data

OIS Data

17. Robin, a SOC engineer in a multinational company, is planning to implement 1 point

a SIEM. He realized that his organization is capable of performing

only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization
required for the SIEM implementation and has to take collection and
aggregation services from a Managed Security Services Provider (MSSP).
What kind of SIEM is Robin planning to implement?

Mark only one oval.

Self-hosted, MSSP Managed

Hybrid Model, Jointly Managed

Self-hosted, Self-Managed

Cloud, Self-Managed

18. In which phase of Lockheed Martin's-Cyber Kill Chain Methodology, adversary 1 point

creates a deliverable malicious payload using an exploit and a backdoor

Mark only one oval.

Weaponization

Delivery

Reconnaissance

Exploitation
19. Which of the following steps of incident handling and response process 1 point

focus on limiting the scope and extent of an incident?

Mark only one oval.

Eradication

CIdentification

Containment

Data Collection

20. Sam, a security analyst with INFOSOL INC, while monitoring and analyzing IIS 1 point

logs, detected an event matching regex

w*((%27%6F%4F%72)()()(%52/c. What does this event log indicate?

Mark only one oval.

SQL InjectionAttack

Directory Traversal Attack

XSS Attack

Parameter Tampering Attack

21. Ray is a SOC analyst in a company named Queens Tech. One Day, Queens 1 point

Tech is affected by a DoS/DDoS attack. For the containment of this

incident, Ray and his team are trying to provide additional bandwidth to the
network devices and increasing the capacity of the servers. What is
Ray and his team doing?

Mark only one oval.

Absorbing the Attack

Diverting the Traffic

Degrading the Services

Blocking the Attacks

22. A type of threat intelligent that find out the information about the attacker by 1 point

misleading them is known as

Mark only one oval.

Operational Intellegence

Counter Intelligence

Detection Threat Intellegence

Threat trending Intelligence

23. What does this event log indicate? 1 point

Mark only one oval.

Directory Traversal Attack

Parameter Tampering Attack

Ox XSS Attack

SQL Injection Attack

24. Charline is working as an L2 SOC Analyst. One day, an LI SOC Analyst 1 point

escalated an incident to her for further investigation and confirmation.

Charline, after a thorough investigation, confirmed the incident and assigned
it with an initial priority. What would be her next action according
to the SOC workflow?

Mark only one oval.

She should formally raise a ticket and forward it to the IRT

She should immediately escalate this sissue to the management

She should immediately contact t o solve the problem t the network administrator
to s

She should communicate this incident to the media immediately

25. Which of the following directory will contain logs related to printer access? 1 point

Mark only one oval.

Var/log/cups/accesslogfile

/var/log/cups/accesslog file

/var/log/cups/Printeraccess_log file

/var/log/cups/Printer_log file

26. Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA 1 point

Firewall logs and came across the following log entry.May 06 2018
21:27:27 asa 1: % ASA-5-11008: User 'enable_15' executed the 'configure
term' command

What does the security level in the above log indicates?

Mark only one oval.

Warning condition message

Critical condition message

Normal but significant message

Informational message

27. Which of the following framework describes the essential characteristics of 1 point

an organization's security engineering process that must exist to

ensure good security engineering?

Mark only one oval.

SOC-CMM

COBIT

SSE-CMM

ITIL
28. Which of the following command is used to view iptables logs on Ubuntu and 1 point

Debian distributions?

Mark only one oval.

$talif /var/log/kern.log

# talif /var/log/messages

$talif /var/log/sys/kerm.log

#talif /ar/log/sys/messages

29. Which of the following threat intelligence is used by a SIEM for supplying the 1 point

analysts with context and "situational awareness" by using

threat actor TTPs, malware campaigns, tools used by threat actors.

1.Strategic threat intelligence

2. Tactical threat intelligence

3.Operational threat intelligence

4. Technical threat intelligence

Mark only one oval.

1 and 3

2 and 3

1 and 2

3 and 4
30. Which of the following attack can be eradicated by filtering improper XML 1 point

syntax?

Mark only one oval.

Insufficient Logging and Monitoring Attacks

SQL Injection Attacks

Web Services Attacks

CAPTCHA Attacks

31. Which of the following fields in Windows logs defines the type of event 1 point

occurred, such as Correlation Hint, Response Time, SQM, WDI

Context, and so on?

Mark only one oval.

Source

Level

Keywords

Task category

32. Which of the following is a default directory in a Mac OS X that stores 1 point

security-related logs?

Mark only one oval.

/Library/Logs/Sync

/private/var/log

~/Library/Logs

/var/log/cups/access_log
33. Banter is a threat analyst in Christine Group of Industries. As a part of the job, 1 point

he is currently formatting and structuring the raw data. He is at

which stage of the threat intelligence life cycle?

Mark only one oval.

Collection

Analysis and Production

Dissemination and Integration

Processing and Exploitation

34. Identify the type of attack, an attacker is attempting on www.example.com 1 point

website.

Mark only one oval.

Session Attack

Cross-site Scripting Attack

SQL Injection Attack

Denial-of-Service Attack

35. The threat intelligence, which will help you, understand adversary intent and 1 point

make informed decision to ensure appropriate security in

alignment with risk. What kind of threat intelligence described above?

Mark only one oval.

Tactical Threat Intelligence

Functional Threat Intelligence

Strategic Threat Intelligence

Operational Threat Intelligence

36. What does HTTPS Status code 403 represents? 1 point

Mark only one oval.

Not Found Error

Forbidden Error

Internal Server Error

Unauthorized Error

37. Which of the following process refers to the discarding of the packets at the 1 point

routing level without informing the source that the data did not
reach its intended recipient?

Mark only one oval.

Drop Requests

Black Hole Filtering

Load Balancing

Rate Limiting

38. Jane, a security analyst, while analyzing IDS logs, detected an event matching 1 point

Regex
/{{\%3C]|<}{{\%69)|i|{\%49)}{(\%6D)|m|(\%4D))((\%67)|g|(\%47]][^\]*{{%3E]>)/

What does this event log indicate

Mark only one oval.

Directory Traversal Attack

XSS Attack

Parameter Tampering Attack

SQL Injection Attack

39. Which attack works like a dictionary attack, but adds some numbers and 1 point

symbols to the words from the dictionary and tries to crack the
password?

Mark only one oval.

Hybrid Attack

Bruteforc Attack

Birthday Attack

Rainbow Table Attack

40. According to the Risk Matrix table, what will be the risk level when the 1 point

probability of an attack is very high and the impact of that attack is

major?

Mark only one oval.

Low

Medium

Extreme

High

41. Properly applied cyber threat intelligence to the SOC team help them in 1 point

discovering TTPs What does these TTPS refer to?

Mark only one oval.

Tactics, Threats, and Procedures

Tactics, Techniques, and Procedures

Tactics, Targets, and Process

Targets, Threats, and Process

42. In which log collection mechanism, the system or application sends log 1 point

records either on the local disk or over the network.

Mark only one oval.

signature-based

push-based

pull-based

rule-based

43. Which of the following formula is used to calculate the EPS of the 1 point

organization?

Mark only one oval.

EPS = number of correlated events/time in seconds

EPS = average number of correlated events/time in seconds

EPS = number of normalized events/time in seconds

EPS = number of security events/time in seconds

44. Which of the following formula represents the risk levels? 1 point

Mark only one oval.

Level of risk = Consequence x Severity

Level of risk = Consequence x Likelihood

Level of risk = Consequence x Impact

Level of risk = = Consequence x Asset Value

45. Which of the following is a Threat Intelligence Platform? 1 point

Mark only one oval.

SolarWinds MS

Apility.io

Keepnote

TC Complete

46. What type of event is recorded when an application diriver loads successfully 1 point

in Windows?

Mark only one oval.

Success Audit

Error

Warning

Information

47. Which of the following is a set of standard guidelines for ongoing 1 point

development, enhancement, storage,dissemination and implementation of

security standards for account data protection?

Mark only one oval.

FISMA

PCI-DSS

CHIPAA

DARPA
48. According to the forensics investigation process, what is the next step 1 point

carried out right after collecting the evidence?

Mark only one oval.

Call Organizational Disciplinary Team

Send it to the nearby police station

Create a Chain of Custody Document

Set a Forensic lab

49. John as a SOC analyst is worried about the amount of Tor traffic hitting the 1 point

network. He wants to prepare a dashborad in the SIEM to get a

graph to identify the locations from where the TOR traffic is coming. Which of
the following data source will he use to prepare the dashboard?

Mark only one oval.

IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

DNS/Web Server logs with IP addresses

Apache/ Web Server logs with IP addresses and Host Name

DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName

resolution.

50. Which of the following Windows features is used to enable Security Auditing 1 point

in Windows?

Mark only one oval.

Bitlocker

Local Group Policy Editor

Windows Firewall

Windows Defender
51. Which of the following threat intelligence helps cyber security professionals 1 point

such as security operations managers, network operations center

and incident responders to understand how the adversaries are expected to
perform the attack on the organization, a along with the attack
vectors? technical capabilities and the t s and goals of the attacker

Mark only one oval.

Analytical Threat Intelligence

Operational Threat Intelligence

Tactical Threat Intelligence

Strategic Threat Intelligence

52. Which of the following tool can be used to filter web requests associated with 1 point

the SQL Injection attack?

Mark only one oval.

ZAP proxy

UrlScan

Nmap

Hydra

53. Which of the following attack can be eradicated by converting all non- 1 point

alphanumeric characters to HTML character entities before displaying

the user input in search engines and forums?

Mark only one oval.

Web Services Attacks

Session Management Attacks

XSS Attacks

Broken Access Control Attacks

54. Which of the following formula represents the risk? 1 point

Mark only one oval.

Risk = Likelihood x Severity x Asset Value

Risk = Likelihood x Impact x Severity

Risk = Likelihood x Consequence x Severity

10 Risk = Likelihood x Impact x Asset Value

55. John, a threat analyst at GreenTech Solutions, wants to gather information 1 point

about specific threats against the organization. He started

collecting information from various sources, such as humans, social media,
chat room, and so on, and created a report that contains malicious
activity.

Which of the following types of threat intelligence did he use?

Mark only one oval.

Operational Threat Intelligence

Strategic Threat Intelligence

Tactical Threat Intelligence

Technical Threat Intelligence

56. What does [-n] in the following checkpoint firewall log syntax represents? 1 point

fw log [-f [-t]] [-n] [-1] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b
starttime endtime] [u unification_scheme_file] [-m
unification_mode(initial|semijraw)] [-a] [-k (alert_name|jall] [-9] [logfile]

Mark only one oval.

Display detailed log chains (all the log segments a log record consists of)

Speed up the process by not performing IP addresses DNS resolution in the Log
files

Display both the date and the time for each log record

Display account log records only

57. Which of the following data source can be used to detect the traffic 1 point

associated with Bad Bot User-Agents?

Mark only one oval.

Switch Log

Router Logs

Web Server Logs

Windows Event Log

58. Which of the following factors determine the choice of SIEM architecture? 1 point

Mark only one oval.

Network Topology

DHCP Configuration

DNS Configuration

SMTP Configuration
59. What does Windows event ID 4740 indicate? 1 point

Mark only one oval.

A user account was created.

A user account was enabled.

A user account was locked out.

A user account was disabled.

60. What is the process of monitoring and capturing all data packets passing 1 point

through a given network using different tools?

Mark only one oval.

Network Sniffing

DNS Footprinting

Port Scanning

Network Scanning

61. An attacker, in an attempt to exploit the vulnerability in the dynamically 1 point

generated welcome page, Inserted code at the end of the company's

URL as follows:

http://technosoft.com.com/<script>alert("WARNING: The application has

encountered an error");</script>

Identify the attack demonstrated in the above scenario.

Mark only one oval.

Session Attack

Denial-of-Service Attack

Cross-site Scripting Attack

SQL Injection Attack

62. Identify the event severity level in Windows logs for the events that are not 1 point

necessarily significant, but may indicate a possible future

problem.

Mark only one oval.

Warning

Error

Information

Failure Audit

63. Identify the attack when an attacker by several trial and error can read the 1 point

contents of a password file present in the restricted etc folder just

by manipulating the URL in the browser as shown:

http://www.terabytes.com/process.php./././././etc/passwd

Mark only one oval.

Denial-of-Service Attack

SQL Injection Attack

Directory Traversal Attack

Form Tampering Attack

64. Which encoding replaces unusual ASCII characters with "%" followed by the 1 point

character's two-digit ASCII code expressed in hexadecimal?

Mark only one oval.

Unicode Encoding

URL Encoding

Base64 Encoding

UTF Encoding
65. Emmanuel is working as a SOC analyst in a company named Tobey Tech. The 1 point

manager of Tobey Tech recently recruited an Incident Response

Team (IRT) for his company. In the process of collaboration with the IRT,
Emmanuel just escalated an incident to the escalated by Emmanuel? IRT.
What is the first step that the IRT will do to the incident

Mark only one oval.

Incident Prioritization

Incident. Analysis and Validation

Incident Classification

Incident Recording

66. The Syslog message severity levels are labelled from level 0 to level 7. What 1 point

does level 0 indicate?

Mark only one oval.

Debugging

Alert

Notification

Emergency

67. Which of the following technique protects from flooding attacks originated 1 point

from the valid prefixes (IP addresses) so that they can be traced to
its true source?

Mark only one oval.

Ingress Filtering

Rate Limiting

Throttling

Egress Filtering
68. An organization is implementing and deploying the SIEM with following 1 point

capabilities. What kind of SIEM deployment architecture the

organization is planning to implement?

Mark only one oval.

Cloud, MSSP Managed

Self-hosted, Jointly Managed

Self-hosted, Self-Managed

Self-hosted, MSSP Managed

69. Which of the following attack inundates DHCP servers with fake DHCP 1 point

requests to exhaust all available IP

addresses

Mark only one oval.

DHCP Starvation Attack

DHCP Spoofing Attack

DHCP Cache Poisoning

DHCP Port Stealing

70. What does the Security Log Event ID 4624 of Windows 10 indicate? 1 point

Mark only one oval.

New process executed

An account was successfully logged on

A share was assessed

Service added to the endpoint

71. Which of the following command is used to enable logging in iptables? 1 point

Mark only one oval.

$iptables -B OUTPUT - LOG

$iptables -A OUTPUT-JLOG

$iptables -A INPUT-JLOG

$iptables -B INPUT-JLOG

72. An organization wants to implement a SIEM deployment architecture. 1 point

However, they have the capability to do only log collection and the rest
of the SIEM functions must be managed by an MSSP. Which SIEM
deployment architecture will the organization adopt?

Mark only one oval.

Self-hosted, Jointly Managed

Self-hosted, Self-Managed

Self-hosted, MSSP Managed

Cloud, MSSP Managed

73. Which of the following technique involves scanning the headers of IP packets 1 point

leaving a network to make sure that the unauthorized or

malicious traffic never leaves the internal network?

Mark only one oval.

Throttling

Ingress Filtering

Rate Limiting

Egress Filtering
74. David is a SOC analyst in Karen Tech. One day an attack is initiated by the 1 point

intruders but David was not able to find any suspicious events. This
type of incident is categorized into?

Mark only one oval.

True Positive Incidents

False positive Incidents

True Negative Incidents

False Negative Incidents

75. Which of the following attack can be eradicated by using a safe API to avoid 1 point

the use of the interpreter entirely?

Mark only one oval.

File Injection Attacks

LDAP Injection Attacks

SQL Injection Attacks

Command Injection Attacks

76. Which of the following is a report writing tool that will help incident handlers 1 point

to generate efficient reports on detected incidents during

incident response process?

Mark only one oval.

Maistrom

threat note

MagicTree

IntelMQ
77. Identify the attack, where an attacker tries to discover all the possible 1 point

information about a target network before launching a further attack.

Mark only one oval.

Man-In-Middle Attack

DoS Attack

Reconnaissance Attack

Ransomware Attack

78. John, SOC analyst wants to monitor the attempt of process creation activities 1 point

from any of their Windows endpoints. Which of following

Splunk query will help him to fetch related logs associated with process
creation?

Mark only one oval.

index=windows LogName=Security EventCode=4678 NOT (Account_Name="$).

index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$)...

index=windows LogName=Security EventCode=5688 NOT (Account_Name="5

index=windows LogName=Security EventCode=4688 NOT (Account_Name="$)...

79. John, a SOC analyst, while monitoring and analyzing Apache web server logs, 1 point

identified an event log matching

Regex /(\.](%(%25)2E)(\.|(%(%25)2E)(V|(%\(%25)2F}\\{%(%25)5C)/i.

What does this event log indicate?

Mark only one oval.

SQL Injection Attack

XSS Attack

Directory Traversal Attack

Parameter Tampering Attack

80. Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the 1 point

router logs of the company and wanted to check the logs that are
generated by access control list numbered 210. What filter should Peter add
to the 'show logging' command to get the required output?

Mark only one oval.

show logging | forward 210

show logging | access 210

show logging | include 210

show logging | route 210

81. Which of the following are the responsibilities of SIEM Agents? 1 point

1.Collecting data received from various devices sending data to SIEM before
forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM
before forwarding it to engine. the central
3.Co-relating data received from various devices sending data to SIEM before
forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before
forwarding it to the central engine.

Mark only one oval.

2 and 3

1 and 4

3 and 1

1 and 2
82. Which of the following attacks causes sudden changes in file extensions or 1 point

increase in file renames at rapid speed?

Mark only one oval.

DHCP starvation Attack

Ransomware Attack

File Injection Attack

DoS Attack

83. What is the correct sequence of SOC Workflow? 1 point

Mark only one oval.

Collect, Ingest, Validate, Document, Report, Respond

Collect, Respond, Validate, Ingest, Report, Document

Collect, Ingest, Document, Validate, Report, Respond

Collect, Ingest, Validate, Report, Respond, Document

84. Mike is an incident handler for PNP Infosystems Inc. One day, there was a 1 point

ticket raised regarding a critical incident and Mike was assigned to

handle the incident. During the process of incident handling, at one stage, he
has performed incident analysis and validation to check whether
the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

Mark only one oval.

Incident Triag

Incident Disclosure

Incident Recording and Assignment

Post-Incident Activities
85. Which of the following can help you eliminate the burden of investigating 1 point

false positives?

Mark only one oval.

Keeping default rules

Not trusting the security devices

Ingesting the context data

Treating every alert as high level

86. Where will you find the reputation IP database, if you want to monitor traffic 1 point

from known bad IP reputation using OSSIM SIEM?

Mark only one oval.

/etc/ossim/siem/server/reputation/data

/etc/siem/ossim/server/reputation.data

/etc/ossim/server/reputation.data

/etc/ossim/reputation

87. Which of the following attack can be eradicated by disabling of 1 point

"allow_url_fopen and allow_url_include" in the php.ini file

Mark only one oval.

File Injection Attacks

Command Injection Attacks

LDAP Injection Attacks

URL Injection Attacks

88. Rinni, SOC analyst, while monitoring IDS logs detected events shown in the 1 point

figure below.
What does this event log indicate?

Mark only one oval.

XSS Attack

Directory Traversal Attack

Parameter Tampering Attack

SQL Injection Attack

89. Which of the log storage method arranges event logs in the form of a circular 1 point

buffer?

Mark only one oval.

FIFO

LIFO

Wrapping

Non-wrapping

90. Identify the attack in which the attacker exploits a target system through 1 point

publicly known but still unpatched vulnerabilities.

Mark only one oval.

DNS Poisoning Attack

DHCP Starvation

Zero-Day Attack

Slow DoS Attack

91. Which of the following Windows event is logged every time when a user tries 1 point

to access the "Registry" key?

Mark only one oval.

4660

4656

4657

4663

92. Which of the following tool is used to recover from web application incident? 1 point

Mark only one oval.

Smoothwall SWG

Symantec Secure Web Gateway

Proxy Workbench

CrowdStrike Falcon™ Orchestrator

93. Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is 1 point

investigating files at /var/log/wtmp.

What Chloe is looking at?

Mark only one oval.

Error log

Login records

System boot log

General message and system-related stuff

94. Which of the following stage executed after identifying the required event 1 point

sources?

Mark only one oval.

Validating the event source against monitoring requirement

Implementing and Testing the Use Case

Identifying the monitoring Requirements

Defining Rule for the Use Case

95. Shawn is a security manager working at Lee Inc Solution. His organization 1 point

wants to develop threat intelligent strategy plan. As a part of threat

intelligent strategy plan, he suggested various components, such as threat
intelligence requirement analysis, intelligence and collection planning,
asset identification, threat reports, and intelligence buy-in.

Which one of the follwing component he should include in the above threat
intelligent strategy plan to make it effective?

Mark only one oval.

Threat trending

Threat buy-in

Threat boosting

Threat pivoting

96. Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL 1 point

payloads. What does this Indicate?

Mark only one oval.

Concurrent VPN Connections Attempt

DNS Exfiltration Attempt

Covering Tracks Attempt

DHCP Starvation Attempt

97. Identify the HTTP status codes that represents the server error. 1 point

Mark only one oval.

2XX

1XX

5XX

4XX

98. In which of the following incident handling and response stages, the root 1 point

cause of the incident must be found from the forensic results?

Mark only one oval.

Eradication

Systems Recovery

Evidence Gathering

Evidence Handling

99. According to the Risk Matrix table, what will be the risk level when the 1 point

probability of an attack is very low and the impact of that attack

is major?

Mark only one oval.

Medium

Low

High

Extreme
100. Jony, a security analyst, while monitoring IIS logs, identified events shown in 1 point

the figure below.

What does this event log indicate?

Mark only one oval.

SQL Injection Attack

Directory Traversal Attack

OXSS Attack

Parameter Tampering Attack

This content is neither created nor endorsed by Google.

Forms