A SOC analyst has been tasked with checking all files in every employee home directory for any mention of a new product code named PitViper. Which of the following commands will return all requested data?

Which of the following tools can be used to identify open ports and services?

A security analyst for a financial services firm is monitoring blogs and reads about a zero-day vulnerability being exploited by a little-known group of hackers. The analyst wishes to independently validate and corroborate the blog’s posting. Whichof the following sources of information will provide the MOST credible supporting threat intelligence in this situation?

Which of the following resources BEST supports malware analysis?

Which of the following describes the MOST important reason for capturing post-attack metadata?

An incident responder notices many entries in an apache access log file that contain semicolons. Which of the following attacks is MOST likely being attempted?

During the identification phase, it is discovered that port 23 is being used maliciously. Which of the following system hardening techniques should be used to remediate the issue?

An attacker has exfiltrated the SAM file from a Windows workstation. Which of the following attacks is MOST likely being perpetrated?

During review of a company’s web server logs, the following items are discovered:

2015-03-01 03:32:11 www.example.com/index.asp?id=-999 or 1=convert(int,@@version)—

2015-03-01 03:35:33 www.example.com/index.asp?id=-999 or 1=convert(int,db_name())—

2015-03-01 03:38:25 www.example.com/index.asp?id=-999 or 1=convert(int,user_name())—

Which of the following is depicted in the log example above?

Which of the following is the reason that out-of-band communication is used during a security incident?

A suspicious laptop is found in a datacenter. The laptop is on and processing data, although there is no application open on the screen. Which of the following BEST describes a Windows tool and technique that an investigator should use to analyze the laptop’s RAM for working applications?

As part of an incident response effort, data has been collected and analyzed, and a malware infection has been contained. Which of the following is the NEXT step the incident response team should take within the incident response process?

While a network administrator is monitoring the company network, an unknown local IP address is starting to release high volumes of anonymous traffic to an unknown external IP address. Which of the following would indicate to the network administrator potential compromise?

Customers are reporting issues connecting to a company’s Internet server. Which of the following device logs should a technician review in order to help identify the issue?

The incident response team needs to track which user last connected to a specific Windows domain controller. Which of the following is the BEST way to identify that specific user?