Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?A . $ tailf /var/log/sys/kern.logB . $ tailf /var/log/kern.logC . # tailf /var/log/messagesD . # tailf /var/log/sys/messagesView AnswerAnswer: B Explanation: Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/
Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?
Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?A ....
What does the HTTP status codes 1XX represents?
What does the HTTP status codes 1XX represents?A . Informational messageB . Client errorC . SuccessD . RedirectionView AnswerAnswer: A Explanation: Reference: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#:~:text=1xx%20informational%20response%20C%20the%20request,syntax%20or%20cannot%20be%20fulfilled
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website. Where will Harley find the web server logs, if he wants to investigate them for any anomalies?A . SystemDrive%inetpublogsLogFilesW3SVCNB . SystemDrive%LogFilesinetpublogsW3SVCNC . %SystemDrive%LogFileslogsW3SVCND . SystemDrive% inetpubLogFileslogsW3SVCNView...
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
Bonney's system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?A . Complaint to police in a formal way regarding the incidentB . Turn off the infected machineC . Leave it to the...
What does these TTPs refer to?
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs. What does these TTPs refer to?A . Tactics, Techniques, and ProceduresB . Tactics, Threats, and ProceduresC . Targets, Threats, and ProcessD . Tactics, Targets, and ProcessView AnswerAnswer: A Explanation: Reference: https://www.crest-approved.org/wp-content/uploads/CREST-Cyber-Threat-Intelligence.pdf
What does this event log indicate?
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below. What does this event log indicate?A . Directory Traversal AttackB . XSS AttackC . SQL Injection AttackD . Parameter Tampering AttackView AnswerAnswer: D Explanation: Reference: https://infosecwriteups.com/what-is-parameter-tampering-5b1beb12c5ba
Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?
Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?A . KeywordsB . Task CategoryC . LevelD . SourceView AnswerAnswer: A
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?A . threat_noteB . MagicTreeC . IntelMQD . MalstromView AnswerAnswer: B
What filter should Peter add to the 'show logging' command to get the required output?
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210. What filter should Peter add to the 'show logging' command to get the required output?A . show logging...