1)Identify the password cracking attempt involving a precomputed dictionary of plaintext pessetes and their corresponding hash values

to crack
the password.

Brute force Attack

Dictionary Attack

Syllable Attack

Rainbow Table Attack

Answer: Rainbow Table Attack

2) Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?

De-Militarized Zone (DMZ)

Firewall

Honeypot

Intrusion Detection System

Answer: Honeypot

3) Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network
with the acceptable use or compliance policies?

OpenDNS

Malstrom

Apility.io

-Blocklist

Answer: OpenDNS

4) An attacker exploits the logic validation mechanisms of an e commerce website. He successfully puncheses product worth $100 for $10 by
modifying the URL exchanged between the dient and the serve

Original URL: http://www.buyonline.com/product.aspx?profile=2&debt-100

Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10

Identify the attack depicted in the above scenaria

Session Fixation Attack

SQL Injection Attack

Denial-of-Service Attack

Parameter Tampering Attack

Answer: Parameter Tampering Attack

5) Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

Rule-based detection

Heuristic-based detection

Anomaly-based detection

Signature-based detection

Answer: Anomaly-based detection

6) Which of the following Windows Event Id will help you monitors file sharing across the network?
4625

4624

7045

5140

Answer: 5140

7) Which of the following is a correct flow of the stages in an incident handling and response (H&R) process?

Incident Triage->Eradication->Containment->Incident Recording->Preparation->Recovery->Pos Incident Activities

Containment->Incident Recording->Incident Triage->Preparation->Recovery->Eradication->PostIncident Activities

Incident Recording->Preparation->Containment->Iincident. Triage->Recovery->Eradication->Post Incident Activities

Preparation->Incident Recording->Incident Triage-Containment->Eradication->Recovery Incident Activities

Answer: Preparation->Incident Recording->Incident Triage-Containment->Eradication->Recovery post Incident Activities

8) InfoSystem LLC, a US-based company, is establishing an in-house SOC John has been given the responsibility to finalize strategy, policies, and
procedures for the SOC. Identify the job role of John.

Security Analyst-1

Chief Information Security Oficer (CSO)

Security Engineer

Security Analyst-12

Answer: Chief Information Security Oficer (CSO)

9) Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure
deserialization attacks. What among the following should Wesley avoid from considering?

Allow serialization fors security-sensitive classes

Deserialization of trusted data must cross a trust boundary

Understand the security permissions given to serialization and deserialization

Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes

Answer: Allow serialization fors security-sensitive classes

10) Which of the following contains the performance measures, and proper project and time management details?

Incident Response Process

Incident Response Tactics

CIncident Response Policy

Incident Response Procedures

Answer: Incident Response Procedures

11) If the SIEM generates the following four alerts at the same time:

LFirewall blocking traffic from getting into the network alerts

ILSQL injection attempt alerts

IILData deletion attempt alerts

V.Brute-force attempt alerts

Which alert should be given least priority as per effective alert triaging?

• 1
• 4
• 2
• 3
 Answer: Firewall blocking traffic from getting into the network alerts

12) Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

Planning and budgeting + Physical location and structural design considerations – Work area considerations-Human resource considerations-
Physical security recommendations -Forencics lab licensing

Planning and budgeting → Forensis lab licensing → Physical location and structural design

considerations - Work area considerations Physical security recommendations Human rexure considerations

Planning and budgeting → Physical location and structural design considerations- Frensis lab

licensing → Human resource considerations Work area considerations - Prysical secunty

recommendations

Planning and budgeting → Physical location and structural design considerations - Forensics lab

licensing → Work area considerations Human resource considerations - Physical secunty recommendations

Answer: Planning and budgeting + Physical location and structural design considerations – Work area considerations-Human resource
considerations- Physical security recommendations -Forencics lab licensing

13) Bonney's system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Turn off the infected machine

Complain to police in a formal way regarding the incident

Leave it to the network administrators to handle

Call the legal department in the organization and inform about the rodent

Answer: Turn off the infected machine

14) Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

Netstat Data

OIS Data

DHCP Data

DNS Data

Answer: Netstat Data

15) Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the
planned incident response capabilities. What is he looking for?

Incident Response Mission

Incident Response Resources

Incident Response Intelligence

Incident Response Vision

Answer: Incident Response Mission

16) What does the HTTP status codes 1XX represents?

Success

Client error

Redirection

Informational message

Answer: Informational message

17) Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing
only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and
aggregation services from a Managed Security Services Provider (MSSP). What kind of SIEM is Robin planning to implement?

Self-hosted, MSSP Managed

Self-hosted, Self-Managed

Hybrid Model, Jointly Managed

Cloud, Self-Managed

Answer: Cloud, Self-Managed

18) In which phase of Lockheed Martin's-Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a
backdoor?

Weaponization

Delivery

Reconnaissance

Exploitation

Answer: Weaponization

19) Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

Eradication

CIdentification

Containment

Data Collection

Answer: Containment

20) Sam, a security analyst with INFOSOL INC, while monitoring and analyzing IIS logs, detected an event matching regex

w*((%27%6F%4F%72)()()(%52/c. What does this event log indicate?

SQL InjectionAttack

Directory Traversal Attack

XSS Attack

Parameter Tampering Attack

Answer: SQL InjectionAttack

21) Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
%SystemDrive%\LogFiles\logs|W3SVCN

SystemDrive%\inetpub\logs\LogFiles|W3SVCN

SystemDrive%\LogFiles\inetpub\logs\W3SVCN

SystemDrive%\inetpubl LogFiles\logs\W3SVCN

Answer: SystemDrive%\inetpub\logs\LogFiles|W3SVCN

22) Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this
incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers. What is
Ray and his team doing?

Absorbing the Attack

Diverting the Traffic

Degrading the Services

Blocking the Attacks

Answer: Absorbing the Attack

23) A type of threat intelligent that find out the information about the attacker by misleading them is known as

Operational Intellegence

Counter Intelligence

Detection Threat Intellegence

Threat trending Intelligence

Answer: Counter Intelligence

24) What does this event log indicate?

Directory Traversal Attack

Parameter Tampering Attack

Ox XSS Attack

SQL Injection Attack

Answer: Parameter Tampering Attack

25) Charline is working as an L2 SOC Analyst. One day, an LI SOC Analyst escalated an incident to her for further investigation and confirmation.
Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority. What would be her next action according
to the SOC workflow?

She should formally raise a ticket and forward it to the IRT

She should immediately escalate this sissue to the management

She should immediately contact t o solve the problem t the network administrator to s

She should communicate this incident to the media immediately

Answer: She should formally raise a ticket and forward it to the IRT

26) Which of the following directory will contain logs related to printer access?

Var/log/cups/accesslogfile

Var/log/cups/access_logfile

/var/log/cups/Printeraccess_log file

/var/log/cups/Printer_log file

Answer: Var/log/cups/access_logfile

27) Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry.May 06 2018
21:27:27 asa 1: % ASA-5-11008: User 'enable_15' executed the 'configure term' command

What does the security level in the above log indicates?

Warning condition message

Critical condition message

Normal but significant message

Informational message

Answer: Warning condition message

28) Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to
ensure good security engineering?

SOC-CMM

COBIT

SSE-CMM

ITIL

Answer: SSE-CMM

29) Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

$talif /var/log/kern.log

# talif /var/log/messages

$talif /var/log/sys/kerm.log

#talif /ar/log/sys/messages

Answer: $talif /var/log/kern.log

30) Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using
threat actor TTPs, malware campaigns, tools used by threat actors.

1.Strategic threat intelligence

2. Tactical threat intelligence

3.Operational threat intelligence

4. Technical threat intelligence

land 3

2 and 3

land 2

3 and 4

Answer: 2 and 3

31) Which of the following attack can be eradicated by filtering improper XML syntax?

Insufficient Logging and Monitoring Attacks

SQL Injection Attacks

Web Services Attacks

CAPTCHA Attacks

Answer: Web Services Attacks

32) Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI
Context, and so on?

Source

Level

Keywords

Task Category

Answer: Keywords

33) Which of the following is a default directory in a Mac OS X that stores security-related logs?

/Library/Logs/Sync

/private/var/log

~/Library/Logs

/var/log/cups/access_log

Answer: /private/var/log

34) Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data. He is at
which stage of the threat intelligence life cycle?

Collection

Analysis and Production

Dissemination and Integration

Processing and Exploitation

Answer: Processing and Exploitation

35) Identify the type of attack, an attacker is attempting on www.example.com website.

Session Attack

Cross-site Scripting Attack

SQL Injection Attack

Denial-of-Service Attack

Answer: Cross-site Scripting Attack

36) The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in
alignment with risk. What kind of threat intelligence described above?

Tactical Threat Intelligence

Functional Threat Intelligence

Strategic Threat Intelligence

Operational Threat Intelligence

Answer: Strategic Threat Intelligence

37) What does HTTPS Status code 403 represents?

Not Found Error

Forbidden Error

Internal Server Error

Unauthorized Error

Answer: Forbidden Error

38) Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not
reach its intended recipient?

Drop Requests

Black Hole Filtering

Load Balancing

Rate Limiting

Answer: Black Hole Filtering

39) Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex
/{{\%3C]|<}{{\%69)|i|{\%49)}{(\%6D)|m|(\%4D))((\%67)|g|(\%47]][^\]*{{%3E]>)/
What does this event log indicates?

Directory Traversal Attack

XSS Attack

Parameter Tampering Attack

SQL Injection Attack

Answer: XSS Attack

40) Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the
password?

Hybrid Attack

Bruteforc Attack

Birthday Attack

Rainbow Table Attack

Answer: Hybrid Attack

41) According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high and the impact of that attack is
major?

Low

Medium

Extreme

High

Answer: extreme

42) Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs What does these TTPS refer to?

Tactics, Threats, and Procedures

Tactics, Techniques, and Procedures

Tactics, Targets, and Process

Targets, Threats, and Process

Answer: Tactics, Techniques, and Procedures

43) In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

signature-based

push-based

pull-based

rule-based

Answer: push-based
44) Which of the following formula is used to calculate the EPS of the organization?

EPS = number of correlated events/time in seconds

EPS = average number of correlated events/time in seconds

EPS = number of normalized events/time in seconds

EPS = number of security events/time in seconds

Answer: EPS = number of security events/time in seconds

45) Which of the following formula represents the risk levels?

Level of risk = Consequence x Severity

Level of risk = Consequence x Likelihood

Level of risk = Consequence x Impact

Level of risk = = Consequence x Asset Value

Answer: Level of risk = Consequence x Likelihood

46) Which of the following is a Threat Intelligence Platform?

SolarWinds MS

Apility.io

Keepnote

TC Complete

Answer: SolarWinds MS

47) What type of event is recorded when an application diriver loads successfully in Windows?

Success Audit

Error

Warning

Information

Answer: Information

48) Which of the following is a set of standard guidelines for ongoing development, enhancement, storage,dissemination and implementation of
security standards for account data protection?

FISMA

PCI-DSS
CHIPAA

DARPA

Answer: PCI-DSS

49) According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

Call Organizational Disciplinary Team

Send it to the nearby police station

Create a Chain of Custody Document

Set a Forensic lab

Answer: Create a Chain of Custody Document

50) John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashborad in the SIEM to get a
graph to identify the locations from where the TOR traffic is coming. Which of the following data source will he use to prepare the dashboard?

IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

DNS/Web Server logs with IP addresses

Apache/ Web Server logs with IP addresses and Host Name

DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

Answer: DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

51) Which of the following Windows features is used to enable Security Auditing in Windows?

Bitlocker

Local Group Policy Editor

Windows Firewall

Windows Defender

Answer: Local Group Policy Editor

52) Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center
and incident responders to understand how the adversaries are expected to perform the attack on the organization, a along with the attack
vectors? technical capabilities and the t s and goals of the attackers

Analytical Threat Intelligence

Operational Threat Intelligence

Tactical Threat Intelligence

Strategic Threat Intelligence

Answer: Tactical Threat Intelligence

53) Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

ZAP proxy

UrlScan
Nmap

Hydra

Answer: UrlScan

54) Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying
the user input in search engines and forums?

Web Services Attacks

Session Management Attacks

XSS Attacks

Broken Access Control Attacks

Answer: XSS Attacks

55) Which of the following formula represents the risk?

Risk = Likelihood x Severity x Asset Value

Risk = Likelihood x Impact x Severity

Risk = Likelihood x Consequence x Severity

10 Risk = Likelihood x Impact x Asset Value

Answer: Risk = Likelihood x Consequence x Severity

56) John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started
collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious
activity.

Which of the following types of threat intelligence did he use?

Operational Threat Intelligence

Strategic Threat Intelligence

Tactical Threat Intelligence

Technical Threat Intelligence

Answer; Operational Threat Intelligence

57) What does [-n] in the following checkpoint firewall log syntax represents?

fw log [-f [-t]] [-n] [-1] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [u unification_scheme_file] [-m
unification_mode(initial|semijraw)] [-a] [-k (alert_name|jall] [-9] [logfile]

Display detailed log chains (all the log segments a log record consists of)

Speed up the process by not performing IP addresses DNS resolution in the Log files

Display both the date and the time for each log record

Display account log records only

Answer: Speed up the process by not performing IP addresses DNS resolution in the Log files
58) According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is
major?

High

Low

Medium

Extreme

Answer: High

59) Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

Switch Log

Router Logs

Web Server Logs

Windows Event Log

Answer: Web Server Logs

60) Which of the following factors determine the choice of SIEM architecture?

Network Topology

DHCP Configuration

DNS Configuration

SMTP Configuration

Answer: Network Topolog

61) What does Windows event ID 4740 indicate?

A user account was created.

A user account was enabled.

A user account was locked out.

A user account was disabled.

Answer: A user account was locked out.

62) What is the process of monitoring and capturing all data packets passing through a given network using different tools?

Network Sniffing

DNS Footprinting

Port Scanning

Network Scanning

Answer: Network Sniffing

63) An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, Inserted code at the end of the company's
URL as follows: http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>

Identify the attack demonstrated in the above scenario.

Session Attack

Denial-of-Service Attack

Cross-site Scripting Attack

SQL Injection Attack

Answer: Cross-site Scripting Attack

64) Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future
problem.

Warning

Error

Information

Failure Audit

Answer: Warning

65) Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just
by manipulating the URL in the browser as shown: http://www.terabytes.com/process.php./././././etc/passwd

Denial-of-Service Attack

SQL Injection Attack

Directory Traversal Attack

Form Tampering Attack

Answer: Directory Traversal Attack

66) Which encoding replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

Unicode Encoding

URL Encoding

Base64 Encoding

UTF Encoding

Answer: URL Encoding

67) Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response
Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the escalated by Emmanuel? IRT.
What is the first step that the IRT will do to the incident

Incident Prioritization

Incident. Analysis and Validation

Incident Classification

Incident Recording

Answer: Incident. Analysis and Validation

68) The Syslog message severity levels are labelled from level 0 to level 7. What does level 0 indicate?

Debugging

Alert

Notification

Emergency

Answer: Emergency

69) Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to
its true source?

Ingress Filtering

Rate Limiting

Throttling

Egress Filtering

Answer: Ingress Filtering

70) An organization is implementing and deploying the SIEM with following capabilities. What kind of SIEM deployment architecture the
organization is planning to implement?

Cloud, MSSP Managed

Self-hosted, Jointly Managed

Self-hosted, Self-Managed

Self-hosted, MSSP Managed

Answer: Self-hosted, Self-Managed

71) Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP

addresses?

DHCP Starvation Attack

DHCP Spoofing Attack

DHCP Cache Poisoning

DHCP Port Stealing

Answer: DHCP Starvation Attack

72) What does the Security Log Event ID 4624 of Windows 10 indicate?

New process executed

An account was successfully logged on

A share was assessed

Service added to the endpoint

Answer: An account was successfully logged on

73) Which of the following command is used to enable logging in iptables?

$iptables -B OUTPUT - LOG

$iptables -A OUTPUT-JLOG

$iptables -A INPUT-JLOG

$iptables -B INPUT-JLOG

Answer: $iptables -A INPUT-JLOG

74) An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest
of the SIEM functions must be managed by an MSSP. Which SIEM deployment architecture will the organization adopt?

Self-hosted, Jointly Managed

Self-hosted, Self-Managed

Self-hosted, MSSP Managed

Cloud, MSSP Managed

Answer: Self-hosted, MSSP Managed

75) Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or
malicious traffic never leaves the internal network?

Throttling

Ingress Filtering

Rate Limiting

Egress Filtering

Answer: Egress Filtering

76) David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events. This
type of incident is categorized into?

True Positive Incidents

False positive Incidents

True Negative Incidents

False Negative Incidents

Answer: False Negative Incidents

77) Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

File Injection Attacks

LDAP Injection Attacks

SQL Injection Attacks

Command Injection Attacks

Answer: Command Injection Attacks

78) Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during
incident response process?

Maistrom

threat note

MagicTree

IntelMQ

Answer: MagicTree

79) Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

Man-In-Middle Attack

DoS Attack

Reconnaissance Attack

Ransomware Attack

Answer: Reconnaissance Attack

80) John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following
Splunk query will help him to fetch related logs associated with process creation?

index=windows LogName=Security EventCode=4678 NOT (Account_Name="$).

index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$)...

index=windows LogName=Security EventCode=5688 NOT (Account_Name="5

index=windows LogName=Security EventCode=4688 NOT (Account_Name="$)...

Answer: index=windows LogName=Security EventCode=4688 NOT (Account_Name="$)...

81) John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching

Regex /(\.](%(%25)2E)(\.|(%(%25)2E)(V|(%\(%25)2F}\\{%(%25)5C)/i. What does this event log indicate?

SQL Injection Attack

XSS Attack

Directory Traversal Attack

Parameter Tampering Attack

Answer: Directory Traversal Attack

82) Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are
generated by access control list numbered 210. What filter should Peter add to the 'show logging' command to get the required output?

show logging | forward 210

show logging | access 210

show logging | include 210

show logging | route 210

Answer: show logging | include 210

83) Which of the following are the responsibilities of SIEM Agents?

1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.

2.Normalizing data received from various devices sending data to SIEM before forwarding it to engine. the central

3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.

4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

2 and 3

1 and 4

3 and 1

1 and 2

Answer: 1 and 2

84) Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

DHCP starvation Attack

Ransomware Attack

File Injection Attack

DoS Attack

Answer: Ransomware Attack

85) What is the correct sequence of SOC Workflow?

Collect, Ingest, Validate, Document, Report, Respond

Collect, Respond, Validate, Ingest, Report, Document

Collect, Ingest, Document, Validate, Report, Respond

Collect, Ingest, Validate, Report, Respond, Document

Answer: Collect, Ingest, Validate, Report, Respond, Document

86) Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to
handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether
the incident is a true incident or a false positive.

Identify the stage in which he is currently in.

Incident Triag

Incident Disclosure

Incident Recording and Assignment

Post-Incident Activities

Answer: Incident Triag

87) Which of the following can help you eliminate the burden of investigating false positives?

Keeping default rules

Not trusting the security devices

Ingesting the context data

Treating every alert as high level

Answer: Ingesting the context data

88) Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

/etc/ossim/siem/server/reputation/data

/etc/siem/ossim/server/reputation.data

/etc/ossim/server/reputation.data

/etc/ossim/reputation

Answer: /etc/ossim/server/reputation.data

89) Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file

File Injection Attacks

Command Injection Attacks

LDAP Injection Attacks

URL Injection Attacks

Answer: File Injection Attacks

90) Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

What does this event log indicate?

XSS Attack

Directory Traversal Attack

Parameter Tampering Attack

SQL Injection Attack

Answer: SQL Injection Attack

91) Which of the log storage method arranges event logs in the form of a circular buffer?

FIFO

LIFO

wrapping

non-wrapping

Answer: wrapping

92) Identify the attack in which the attacker exploits a target system through publicly known but still unpatched vulnerabilities.

DNS Poisoning Attack

DHCP Starvation

Zero-Day Attack

Slow DoS Attack

Answer: Zero-Day Attack

93) Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

4660

4656

4657

4663

Answer: 4656
94) Which of the following tool is used to recover from web application incident?

Smoothwall SWG

Symantec Secure Web Gateway

Proxy Workbench

CrowdStrike Falcon™ Orchestrator

Answer: CrowdStrike Falcon™ Orchestrator

95) Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/wtmp.

What Chloe is looking at?

Error log

Login records

System boot log

General message and system-related stuff

Answer: Login records

96) Which of the following stage executed after identifying the required event sources?

Validating the event source against monitoring requirement

Implementing and Testing the Use Case

Identifying the monitoring Requirements

Defining Rule for the Use Case

Answer: Validating the event source against monitoring requirement

97) Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat
intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning,
asset identification, threat reports, and intelligence buy-in.

Which one of the follwing component he should include in the above threat intelligent strategy plan to make it effective?

Threat trending

Threat buy-in

Threat boosting

Threat pivoting

Answer: threat trending

98) Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads. What does this Indicate?

Concurrent VPN Connections Attempt

DNS Exfiltration Attempt

Covering Tracks Attempt

DHCP Starvation Attempt

Answer: DNS Exfiltration Attempt

99) Identify the HTTP status codes that represents the server error.

2XX

1XX

5XX

4XX

Answer: 5XX

100) In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

Eradication

Systems Recovery

Evidence Gathering

Evidence Handling

Answer: Eradication

101) 41) According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack
is major?

Medium

Low

High

extreme

Answer:Medium

102) Which of the following formula represents the risk?

Risk = Likelihood x Consequence x Severity

Risk = Likelihood x Impact x Asset Value

Risk = Likelihood x Impact x Severity

Risk = Likelihood x Severity XA x Asset Value

Answer: Risk = Likelihood x Impact x Asset Value

103) Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

SQL Injection Attack

Directory Traversal Attack

OXSS Attack

Parameter Tampering Attack

Answer:SQl injection attack