Valid SY0-701 Dumps shared by ExamDiscuss.com for Helping Passing SY0-701 Exam! ExamDiscuss.com now offer the newest SY0-701 exam dumps, the ExamDiscuss.com SY0-701 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-701 dumps with Test Engine here:
Access SY0-701 Dumps Premium Version
(645 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 63/190
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).
Correct Answer: C,E
To identify the impacted host in a command-and-control (C2) server incident, the following logs should be analyzed:
DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers. Analyzing these logs helps to identify the IP address and port numbers of the communicating host.
Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.
DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers. Analyzing these logs helps to identify the IP address and port numbers of the communicating host.
Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.
- Question List (190q)
- Question 1: Employees located off-site must have access to company resou...
- Question 2: A user is attempting to patch a critical system, but the pat...
- Question 3: An administrator wants to perform a risk assessment without ...
- Question 4: Which of the following definitions best describes the concep...
- Question 5: A small business uses kiosks on the sales floor to display p...
- Question 6: During a SQL update of a database, a temporary field that wa...
- Question 7: Which of the following security concepts is being followed w...
- Question 8: Which of the following is the main consideration when a lega...
- Question 9: Which of the following is the stage in an investigation when...
- Question 10: An external vendor recently visited a company's headquarters...
- Question 11: Which of the following is the best way to securely store an ...
- Question 12: One of a company's vendors sent an analyst a security bullet...
- Question 13: An employee recently resigned from a company. The employee w...
- Question 14: A systems administrator discovers a system that is no longer...
- Question 15: While investigating a possible incident, a security analyst ...
- Question 16: A network manager wants to protect the company's VPN by impl...
- Question 17: Which of the following would best explain why a security ana...
- Question 18: Which of the following architectures is most suitable to pro...
- Question 19: A university employee logged on to the academic server and a...
- Question 20: Which of the following would be the most appropriate way to ...
- Question 21: A company is planning a disaster recovery site and needs to ...
- Question 22: Select the appropriate attack and remediation from each drop...
- Question 23: A security analyst is investigating an application server an...
- Question 24: Which of the following aspects of the data management life c...
- Question 25: During an investigation, an incident response team attempts ...
- Question 26: Which of the following is the most common data loss path for...
- Question 27: A systems administrator is concerned users are accessing ema...
- Question 28: The local administrator account for a company's VPN applianc...
- Question 29: Which of the following involves an attempt to take advantage...
- Question 30: A security operations center determines that the malicious a...
- Question 31: Which of the following practices would be best to prevent an...
- Question 32: A business received a small grant to migrate its infrastruct...
- Question 33: Which of the following control types is AUP an example of?...
- Question 34: A company relies on open-source software libraries to build ...
- Question 35: A security administrator is reissuing a former employee's la...
- Question 36: A security team is setting up a new environment for hosting ...
- Question 37: Which of the following is a reason why a forensic specialist...
- Question 38: A company has begun labeling all laptops with asset inventor...
- Question 39: Which of the following is used to quantitatively measure the...
- Question 40: An IT manager is putting together a documented plan describi...
- Question 41: Which of the following incident response activities ensures ...
- Question 42: A systems administrator receives an alert that a company's i...
- Question 43: In which of the following scenarios is tokenization the best...
- Question 44: Which of the following is a preventive physical security con...
- Question 45: Which of the following threat actors is the most likely to u...
- Question 46: A company recently decided to allow employees to work remote...
- Question 47: A security engineer would like to enhance the use of automat...
- Question 48: An IT manager informs the entire help desk staff that only t...
- Question 49: After reviewing the following vulnerability scanning report:...
- Question 50: Which of the following should an organization focus on the m...
- Question 51: A company wants to track modifications to the code used to b...
- Question 52: Which of the following describes a security alerting and mon...
- Question 53: A financial institution would like to store its customer dat...
- Question 54: A company wants to reduce the time and expense associated wi...
- Question 55: Which of the following is the most relevant reason a DPO wou...
- Question 56: An employee who was working remotely lost a mobile device co...
- Question 57: A security professional discovers a folder containing an emp...
- Question 58: A systems administrator is changing the password policy with...
- Question 59: An organization wants to limit potential impact to its log-i...
- Question 60: A company is implementing a vendor's security tool in the cl...
- Question 61: A cybersecurity incident response team at a large company re...
- Question 62: An administrator at a small business notices an increase in ...
- Question 63: An organization experiences a cybersecurity incident involvi...
- Question 64: Which of the following is a reason environmental variables a...
- Question 65: Which of the following methods would most likely be used to ...
- Question 66: A security consultant needs secure, remote access to a clien...
- Question 67: A company prevented direct access from the database administ...
- Question 68: Which of the following types of identification methods can b...
- Question 69: Which of the following activities should a systems administr...
- Question 70: A company wants to ensure employees are allowed to copy file...
- Question 71: An engineer needs to find a solution that creates an added l...
- Question 72: The security operations center is researching an event conce...
- Question 73: A technician wants to improve the situational and environmen...
- Question 74: A company implemented an MDM policy 10 mitigate risks after ...
- Question 75: A security administrator recently reset local passwords and ...
- Question 76: An organization recently updated its security policy to incl...
- Question 77: Which of the following types of vulnerabilities is primarily...
- Question 78: A bank insists all of its vendors must prevent data loss on ...
- Question 79: A Chief Information Security Officer wants to monitor the co...
- Question 80: Company A jointly develops a product with Company B, which i...
- Question 81: Which of the following strategies should an organization use...
- Question 82: Which of the following is die most important security concer...
- Question 83: A company's web filter is configured to scan the URL for str...
- Question 84: An analyst is reviewing an incident in which a user clicked ...
- Question 85: Which of the following should a security administrator adher...
- Question 86: When trying to access an internal website, an employee repor...
- Question 87: Which of the following can best protect against an employee ...
- Question 88: Which of the following vulnerabilities is associated with in...
- Question 89: Which of the following describes an executive team that is m...
- Question 90: Which of the following steps in the risk management process ...
- Question 91: A security analyst discovers that a large number of employee...
- Question 92: An administrator was notified that a user logged in remotely...
- Question 93: An employee used a company's billing system to issue fraudul...
- Question 94: A company is concerned about the theft of client data from d...
- Question 95: An unexpected and out-of-character email message from a Chie...
- Question 96: An employee fell for a phishing scam, which allowed an attac...
- Question 97: A malicious update was distributed to a common software plat...
- Question 98: Which of the following activities is the first stage in the ...
- Question 99: Which of the following should be used to aggregate log data ...
- Question 100: Which of the following best describes the practice of resear...
- Question 101: A software development manager wants to ensure the authentic...
- Question 102: A security analyst is reviewing logs and discovers the follo...
- Question 103: An administrator has identified and fingerprinted specific f...
- Question 104: An organization would like to calculate the time needed to r...
- Question 105: A systems administrator is concerned about vulnerabilities w...
- Question 106: Which of the following is the first step to take when creati...
- Question 107: A security analyst is reviewing alerts in the SIEM related t...
- Question 108: A company is utilizing an offshore team to help support the ...
- Question 109: An organization is evaluating new regulatory requirements as...
- Question 110: Malware spread across a company's network after an employee ...
- Question 111: A security audit of an organization revealed that most of th...
- Question 112: Which of the following would be the best solution to deploy ...
- Question 113: An organization needs to monitor its users' activities to pr...
- Question 114: During a penetration test, a vendor attempts to enter an una...
- Question 115: An organization is developing a security program that convey...
- Question 116: A systems administrator receives a text message from an unkn...
- Question 117: A systems administrator is redesigning now devices will perf...
- Question 118: A security analyst scans a company's public network and disc...
- Question 119: Which of the following would be most useful in determining w...
- Question 120: After an audit, an administrator discovers all users have ac...
- Question 121: Which of the following activities are associated with vulner...
- Question 122: After a security awareness training session, a user called t...
- Question 123: Which of the following would most likely be used by attacker...
- Question 124: You are security administrator investigating a potential inf...
- Question 125: A systems administrator notices that one of the systems crit...
- Question 126: An IT manager is increasing the security capabilities of an ...
- Question 127: Which of the following best represents an application that d...
- Question 128: An organization wants to improve the company's security auth...
- Question 129: An administrator is installing an SSL certificate on a new s...
- Question 130: An analyst is evaluating the implementation of Zero Trust pr...
- Question 131: A security administrator observed the following in a web ser...
- Question 132: Which of the following exercises should an organization use ...
- Question 133: While conducting a business continuity tabletop exercise, th...
- Question 134: Which of the following is most likely associated with introd...
- Question 135: Which of the following would a security administrator use to...
- Question 136: A growing organization, which hosts an externally accessible...
- Question 137: A systems administrator needs to ensure the secure communica...
- Question 138: Various stakeholders are meeting to discuss their hypothetic...
- Question 139: A network administrator wants to ensure that network traffic...
- Question 140: The Chief Information Security Officer wants to put security...
- Question 141: An organization disabled unneeded services and placed a fire...
- Question 142: During a SQL update of a database, a temporary field used as...
- Question 143: Which of the following tasks is typically included in the BI...
- Question 144: During a recent company safety stand-down, the cyber-awarene...
- Question 145: Which of the following is the best way to provide secure rem...
- Question 146: A legal department must maintain a backup from all devices t...
- Question 147: Which of the following is used to protect a computer from vi...
- Question 148: A company is required to use certified hardware when buildin...
- Question 149: Which of the following topics would most likely be included ...
- Question 150: The security team at a large global company needs to reduce ...
- Question 151: A security analyst is creating base for the server team to f...
- Question 152: Which of the following provides the details about the terms ...
- Question 153: A company is in the process of migrating to cloud-based serv...
- Question 154: A security officer is implementing a security awareness prog...
- Question 155: A technician needs to apply a high-priority patch to a produ...
- Question 156: The Chief Information Security Officer (CISO) at a large com...
- Question 157: Which of the following is a benefit of vendor diversity?...
- Question 158: Which of the following is a type of vulnerability that refer...
- Question 159: Which of the following would most likely be deployed to obta...
- Question 160: Which of the following methods to secure credit card data is...
- Question 161: While reviewing logs, a security administrator identifies th...
- Question 162: A visitor plugs a laptop into a network jack in the lobby an...
- Question 163: Which of the following consequences would a retail chain mos...
- Question 164: Which of the following would be best suited for constantly c...
- Question 165: An organization is required to provide assurance that its co...
- Question 166: Which of the following automation use cases would best enhan...
- Question 167: Which of the following data states applies to data that is b...
- Question 168: An employee emailed a new systems administrator a malicious ...
- Question 169: Which of the following can a security director use to priori...
- Question 170: Which of the following activities should be performed first ...
- Question 171: Security controls in a data center are being reviewed to ens...
- Question 172: Which of the following should a security operations center u...
- Question 173: An organization is adopting cloud services at a rapid pace a...
- Question 174: Which of the following security measures is required when us...
- Question 175: Which of the following is a common data removal option for c...
- Question 176: Which of the following teams combines both offensive and def...
- Question 177: A security analyst is investigating a workstation that is su...
- Question 178: Which of the following describes the reason root cause analy...
- Question 179: During a security incident, the security operations team ide...
- Question 180: After a recent vulnerability scan, a security engineer needs...
- Question 181: Which of the following best describe a penetration test that...
- Question 182: An organization has a new regulatory requirement to implemen...
- Question 183: Which of the following allows an exploit to go undetected by...
- Question 184: A company must ensure sensitive data at rest is rendered unr...
- Question 185: Which of the following are the best security controls for co...
- Question 186: A security analyst is reviewing logs to identify the destina...
- Question 187: A new employee logs in to the email system for the first tim...
- Question 188: An enterprise security team is researching a new security ar...
- Question 189: Which of the following is a feature of a next-generation SIE...
- Question 190: A security analyst is evaluating a SaaS application that the...
