B.3.4 Security+ SY0-601 Domain 4: Operations and Incident Response Flashcards
78 questions (plus some of my own)
Which of the following tools can be used to view and modify DNS server information in Linux?
dig
Which command should you use to scan for open TCP ports on your Linux system?
nmap -sT
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram.
Which tool should you use?
Network mapper
You need to enumerate the devices on your network and display the network’s configuration details.
Which of the following utilities should you use?
nmap
You need to check network connectivity from your computer to a remote computer.
Which of the following tools would be the BEST option to use?
ping
Which command should you use to display both listening and non-listening sockets on your Linux system?
netstat -a
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
Nessus
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
Shodan
You need to find the text string New Haven in 100 documents in a folder structure on a Linux server. Which command would you use?
grep
Which of the following BEST describes PuTTy?
Open-source software that is developed and supported by a group of volunteers
!= refers to Not Equal in which scripting language?
Python
Which of the following BEST describes a constant?
Data or a value that does not change
A conditional statement that selects the statements to run depending on whether an expression is true or false is known as which of the following?
If else statement
You would like to simulate an attack on your network so you can test defense equipment and discover vulnerabilities in order to mitigate risk. Which tool would you use to simulate all the packets of an attack?
TCPReplay
Which of the following are network-sniffing tools?
Cain and Abel, Ettercap, and TCPDump
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address.
Which of the following can you use to simplify this process?
Capture filters
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
An attacker has gained access to the administrator’s login credentials. Which type of attack has most likely occurred?
Password cracking
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?
Document what is on the screen
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?
Disconnect the access point from the network
After a security event that involves a breach of physical security, what is the term used for the new measures, incident review, and repairs meant to stop a future incident from occurring?
Recovery
What is the best definition of a security incident?
Violation of a security policy
What is the purpose of audit trails?
To detect security-violating events
As a security analyst, you suspect a threat actor used a certain tactic and technique to infiltrate your network. Which incident-response framework or approach would you utilize to see if other companies have had the same occurrence and what they did to remedy it?
Mitre Att@ck
What is a Mitre Att@k?
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations
As a security analyst, you have discovered the victims of a malicious attack have several things in common. Which tools would you use to help you identify who might be behind the attacks and prevent potential future victims? (Select two.)
Diamond Model of Intrusion Analysis
Mitre Att@cks
What is the primary goal of business continuity planning?
Maintain business operations with reduced or restricted infrastructure capabilities or resources
When is a BCP or DRP design and development actually completed?
Never
You are in charge of making sure the IT systems of your company survive in case of any type of disaster in any of your locations. Your document should include organizational charts, phone lists, and order of restore. Each business unit should write their own policies and procedures with guidelines from corporate management.
Which of the following documents should you create for this purpose?
Business continuity plan
Which of the following components are the SIEM’s way of letting the IT team know that a pre-established parameter is not within the acceptable range?
Alerts
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred.
Which log type should you check?
System