B.3.4 Security+ SY0-601 Domain 4: Operations and Incident Response Flashcards
78 questions (plus some of my own)
Which of the following tools can be used to view and modify DNS server information in Linux?
dig
Which command should you use to scan for open TCP ports on your Linux system?
nmap -sT
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram.
Which tool should you use?
Network mapper
You need to enumerate the devices on your network and display the network’s configuration details.
Which of the following utilities should you use?
nmap
You need to check network connectivity from your computer to a remote computer.
Which of the following tools would be the BEST option to use?
ping
Which command should you use to display both listening and non-listening sockets on your Linux system?
netstat -a
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
Nessus
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
Shodan
You need to find the text string New Haven in 100 documents in a folder structure on a Linux server. Which command would you use?
grep
Which of the following BEST describes PuTTy?
Open-source software that is developed and supported by a group of volunteers
!= refers to Not Equal in which scripting language?
Python
Which of the following BEST describes a constant?
Data or a value that does not change
A conditional statement that selects the statements to run depending on whether an expression is true or false is known as which of the following?
If else statement
You would like to simulate an attack on your network so you can test defense equipment and discover vulnerabilities in order to mitigate risk. Which tool would you use to simulate all the packets of an attack?
TCPReplay
Which of the following are network-sniffing tools?
Cain and Abel, Ettercap, and TCPDump
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address.
Which of the following can you use to simplify this process?
Capture filters
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
An attacker has gained access to the administrator’s login credentials. Which type of attack has most likely occurred?
Password cracking
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?
Document what is on the screen
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?
Disconnect the access point from the network
After a security event that involves a breach of physical security, what is the term used for the new measures, incident review, and repairs meant to stop a future incident from occurring?
Recovery
What is the best definition of a security incident?
Violation of a security policy
What is the purpose of audit trails?
To detect security-violating events