Valid SY0-701 Dumps shared by ExamDiscuss.com for Helping Passing SY0-701 Exam! ExamDiscuss.com now offer the newest SY0-701 exam dumps, the ExamDiscuss.com SY0-701 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-701 dumps with Test Engine here:
Access SY0-701 Dumps Premium Version
(645 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 94/144
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).
Correct Answer: C,E
To identify the impacted host in a command-and-control (C2) server incident, the following logs should be analyzed:
* DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
* Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers.
Analyzing these logs helps to identify the IP address and port numbers of the communicating host.
* Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.
* DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
* Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers.
Analyzing these logs helps to identify the IP address and port numbers of the communicating host.
* Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.
- Question List (144q)
- Question 1: The CIRT is reviewing an incident that involved a human reso...
- Question 2: An organization wants a third-party vendor to do a penetrati...
- Question 3: The management team notices that new accounts that are set u...
- Question 4: A company decided to reduce the cost of its annual cyber ins...
- Question 5: A newly appointed board member with cybersecurity knowledge ...
- Question 6: An organization is struggling with scaling issues on its VPN...
- Question 7: Select the appropriate attack and remediation from each drop...
- Question 8: A security analyst and the management team are reviewing the...
- Question 9: A systems administrator is working on a solution with the fo...
- Question 10: Employees in the research and development business unit rece...
- Question 11: A cyber operations team informs a security analyst about a n...
- Question 12: Sine a recent upgrade (o a WLAN infrastructure, several mobi...
- Question 13: During a recent breach, employee credentials were compromise...
- Question 14: Which of the following is the most likely to be used to docu...
- Question 15: A security engineer needs to configure an NGFW to minimize t...
- Question 16: After conducting a vulnerability scan, a systems administrat...
- Question 17: Various stakeholders are meeting to discuss their hypothetic...
- Question 18: Which of the following must be considered when designing a h...
- Question 19: Which of the following would be best suited for constantly c...
- Question 20: An external vendor recently visited a company's headquarters...
- Question 21: A systems administrator is creating a script that would save...
- Question 22: A customer has a contract with a CSP and wants to identify w...
- Question 23: A security engineer is implementing FDE for all laptops in a...
- Question 24: Which of the following should be used to ensure an attacker ...
- Question 25: An employee receives a text message that appears to have bee...
- Question 26: Which of the following is used to add extra complexity befor...
- Question 27: A security audit of an organization revealed that most of th...
- Question 28: Which of the following roles, according to the shared respon...
- Question 29: Which of the following risk management strategies should an ...
- Question 30: Which of the following is a primary security concern for a c...
- Question 31: An engineer moved to another team and is unable to access th...
- Question 32: A security analyst finds a rogue device during a monthly aud...
- Question 33: A penetration tester begins an engagement by performing port...
- Question 34: Which of the following vulnerabilities is exploited when an ...
- Question 35: Which of the following is the most common data loss path for...
- Question 36: While investigating a possible incident, a security analyst ...
- Question 37: A company hired a security manager from outside the organiza...
- Question 38: Which of the following is the most likely outcome if a large...
- Question 39: An administrator needs to perform server hardening before de...
- Question 40: A company needs to provide administrative access to internal...
- Question 41: Which of the following would be the best ways to ensure only...
- Question 42: An analyst is reviewing an incident in which a user clicked ...
- Question 43: Which of the following best describe why a process would req...
- Question 44: Which of the following best describes configuring devices to...
- Question 45: Which of the following is required for an organization to pr...
- Question 46: A website user is locked out of an account after clicking an...
- Question 47: A business received a small grant to migrate its infrastruct...
- Question 48: A financial institution would like to store its customer dat...
- Question 49: A company's legal department drafted sensitive documents in ...
- Question 50: A company's marketing department collects, modifies, and sto...
- Question 51: A software developer released a new application and is distr...
- Question 52: A company is required to use certified hardware when buildin...
- Question 53: Which of the following is die most important security concer...
- Question 54: A software development manager wants to ensure the authentic...
- Question 55: While investigating a recent security breach an analyst find...
- Question 56: Which of the following security control types does an accept...
- Question 57: Which of the following enables the use of an input field to ...
- Question 58: An organization is adopting cloud services at a rapid pace a...
- Question 59: Which of the following provides the details about the terms ...
- Question 60: A technician needs to apply a high-priority patch to a produ...
- Question 61: An IT manager is increasing the security capabilities of an ...
- Question 62: The Chief Information Security Officer wants to put security...
- Question 63: A new vulnerability enables a type of malware that allows th...
- Question 64: The Chief Information Security Officer of an organization ne...
- Question 65: A company is expanding its threat surface program and allowi...
- Question 66: Which of the following penetration testing teams is focused ...
- Question 67: A company prevented direct access from the database administ...
- Question 68: Which of the following best describes why me SMS DIP authent...
- Question 69: A data administrator is configuring authentication for a Saa...
- Question 70: An organization plans to expand its operations international...
- Question 71: A company would like to provide employees with computers tha...
- Question 72: An enterprise is trying to limit outbound DNS traffic origin...
- Question 73: An organization implemented cloud-managed IP cameras to moni...
- Question 74: A recent penetration test identified that an attacker could ...
- Question 75: After a security awareness training session, a user called t...
- Question 76: Which of the following describes effective change management...
- Question 77: A company that is located in an area prone to hurricanes is ...
- Question 78: A systems administrator is changing the password policy with...
- Question 79: Which of the following is the most likely to be included as ...
- Question 80: A company is planning to set up a SIEM system and assign an ...
- Question 81: An organization disabled unneeded services and placed a fire...
- Question 82: A security team is setting up a new environment for hosting ...
- Question 83: Which of the following is the primary purpose of a service t...
- Question 84: An organization wants to ensure the integrity of compiled bi...
- Question 85: A company is discarding a classified storage array and hires...
- Question 86: Which of the following is most likely associated with introd...
- Question 87: Which of the following has been implemented when a host-base...
- Question 88: A spoofed identity was detected for a digital certificate. W...
- Question 89: An administrator notices that several users are logging in f...
- Question 90: A security administrator identifies an application that is s...
- Question 91: A visitor plugs a laptop into a network jack in the lobby an...
- Question 92: Which of the following is classified as high availability in...
- Question 93: An administrator must replace an expired SSL certificate. Wh...
- Question 94: An organization experiences a cybersecurity incident involvi...
- Question 95: An employee recently resigned from a company. The employee w...
- Question 96: A U.S.-based cloud-hosting provider wants to expand its data...
- Question 97: Which of the following is the best way to consistently deter...
- Question 98: An administrator was notified that a user logged in remotely...
- Question 99: Which of the following can be used to identify potential att...
- Question 100: Which of the following is an algorithm performed to verify t...
- Question 101: A newly identified network access vulnerability has been fou...
- Question 102: During a recent company safety stand-down, the cyber-awarene...
- Question 103: A company is planning to set up a SIEM system and assign an ...
- Question 104: Client files can only be accessed by employees who need to k...
- Question 105: The Chief Information Security Officer (CISO) at a large com...
- Question 106: A company is utilizing an offshore team to help support the ...
- Question 107: Which of the following describes a security alerting and mon...
- Question 108: A new employee logs in to the email system for the first tim...
- Question 109: While considering the organization's cloud-adoption strategy...
- Question 110: A security manager is implementing MFA and patch management....
- Question 111: Which of the following security concepts is being followed w...
- Question 112: An organization wants to limit potential impact to its log-i...
- Question 113: An organization is required to maintain financial data recor...
- Question 114: Which of the following would be used to detect an employee w...
- Question 115: Which of the following would best explain why a security ana...
- Question 116: A security administrator is configuring fileshares. The admi...
- Question 117: A systems administrator set up a perimeter firewall but cont...
- Question 118: An employee in the accounting department receives an email c...
- Question 119: An organization has too many variations of a single operatin...
- Question 120: A security team created a document that details the order in...
- Question 121: Which of the following tasks is typically included in the BI...
- Question 122: Which of the following data roles is responsible for identif...
- Question 123: During a security incident, the security operations team ide...
- Question 124: Which of the following is the most effective way to protect ...
- Question 125: A company's web filter is configured to scan the URL for str...
- Question 126: An organization would like to store customer data on a separ...
- Question 127: A security administrator needs a method to secure data in an...
- Question 128: A network manager wants to protect the company's VPN by impl...
- Question 129: A user is attempting to patch a critical system, but the pat...
- Question 130: Which of the following describes an executive team that is m...
- Question 131: An organization recently updated its security policy to incl...
- Question 132: Which of the following security controls is most likely bein...
- Question 133: Which of the following should a security operations center u...
- Question 134: Which of the following considerations is the most important ...
- Question 135: A systems administrator would like to deploy a change to a p...
- Question 136: An administrator is reviewing a single server's security log...
- Question 137: An administrator finds that all user workstations and server...
- Question 138: Which of the following best describe a penetration test that...
- Question 139: A user would like to install software and features that are ...
- Question 140: A Chief Information Security Officer (CISO) wants to explici...
- Question 141: Which of the following would be most useful in determining w...
- Question 142: A company most likely is developing a critical system for th...
- Question 143: A company purchased cyber insurance to address items listed ...
- Question 144: An employee fell for a phishing scam, which allowed an attac...
