Valid SY0-701 Dumps shared by ExamDiscuss.com for Helping Passing SY0-701 Exam! ExamDiscuss.com now offer the newest SY0-701 exam dumps, the ExamDiscuss.com SY0-701 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-701 dumps with Test Engine here:
Access SY0-701 Dumps Premium Version
(645 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 16/197
A security analyst is investigating a workstation that is suspected of outbound communication to a command- and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted.
Which of the following logs would the analyst most likely look at next?
Which of the following logs would the analyst most likely look at next?
Correct Answer: B
Since the logs on the endpoint were deleted, the next best option for the analyst is to examine firewall logs.
Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.
* IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.
* ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.
* Windows security logs would have been ideal if they had not been deleted
Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.
* IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.
* ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.
* Windows security logs would have been ideal if they had not been deleted
- Question List (197q)
- Question 1: The Cruel Information Security Officer (CISO) asks a securit...
- Question 2: A company is developing a critical system for the government...
- Question 3: Which of the following roles, according to the shared respon...
- Question 4: An IT security team is concerned about the confidentiality o...
- Question 5: Which of the following is a common source of unintentional c...
- Question 6: A company relies on open-source software libraries to build ...
- Question 7: Various company stakeholders meet to discuss roles and respo...
- Question 8: An employee recently resigned from a company. The employee w...
- Question 9: A security professional discovers a folder containing an emp...
- Question 10: A cybersecurity incident response team at a large company re...
- Question 11: An organization recently updated its security policy to incl...
- Question 12: An enterprise has been experiencing attacks focused on explo...
- Question 13: A financial institution would like to store its customer dat...
- Question 14: A security team is setting up a new environment for hosting ...
- Question 15: Which of the following is best used to detect fraud by assig...
- Question 16: A security analyst is investigating a workstation that is su...
- Question 17: An organization is developing a security program that convey...
- Question 18: Which of the following factors are the most important to add...
- Question 19: A company wants to verify that the software the company is d...
- Question 20: A security analyst is creating base for the server team to f...
- Question 21: A company is required to use certified hardware when buildin...
- Question 22: A security administrator recently reset local passwords and ...
- Question 23: Which of the following security concepts is the best reason ...
- Question 24: Which of the following should a company use to provide proof...
- Question 25: Which of the following are the best security controls for co...
- Question 26: Which of the following would be the greatest concern for a c...
- Question 27: While investigating a recent security breach an analyst find...
- Question 28: Which of the following automation use cases would best enhan...
- Question 29: Which of the following must be considered when designing a h...
- Question 30: An IT security team is concerned about the confidentiality o...
- Question 31: Which of the following is the most effective way to protect ...
- Question 32: A company prevented direct access from the database administ...
- Question 33: A security analyst is assessing several company firewalls. W...
- Question 34: Which of the following describes the process of concealing c...
- Question 35: A company's web filter is configured to scan the URL for str...
- Question 36: Which of the following would a security administrator use to...
- Question 37: A security practitioner completes a vulnerability assessment...
- Question 38: A penetration tester begins an engagement by performing port...
- Question 39: A systems administrator wants to prevent users from being ab...
- Question 40: A security analyst is investigating an application server an...
- Question 41: An IT manager is putting together a documented plan describi...
- Question 42: In which of the following scenarios is tokenization the best...
- Question 43: Two companies are in the process of merging. The companies n...
- Question 44: Which of the following is a type of vulnerability that refer...
- Question 45: Which of the following types of identification methods can b...
- Question 46: A security operations center determines that the malicious a...
- Question 47: Which of the following describes the maximum allowance of ac...
- Question 48: A systems administrator is auditing all company servers to e...
- Question 49: After a security incident, a systems administrator asks the ...
- Question 50: Cadets speaking a foreign language are using company phone n...
- Question 51: An organization implemented cloud-managed IP cameras to moni...
- Question 52: A systems administrator is creating a script that would save...
- Question 53: A company's marketing department collects, modifies, and sto...
- Question 54: Which of the following best describes why me SMS DIP authent...
- Question 55: A company is aware of a given security risk related to a spe...
- Question 56: A security manager created new documentation to use in respo...
- Question 57: A company must ensure sensitive data at rest is rendered unr...
- Question 58: An organization would like to store customer data on a separ...
- Question 59: Which of the following allows a systems administrator to tun...
- Question 60: A company needs to provide administrative access to internal...
- Question 61: You are security administrator investigating a potential inf...
- Question 62: An employee fell for a phishing scam, which allowed an attac...
- Question 63: Which of the following most accurately describes the order i...
- Question 64: A security administrator is addressing an issue with a legac...
- Question 65: A company wants to track modifications to the code used to b...
- Question 66: A company is changing its mobile device policy. The company ...
- Question 67: Security controls in a data center are being reviewed to ens...
- Question 68: Which of the following explains why an attacker cannot easil...
- Question 69: A security analyst needs to propose a remediation plan 'or e...
- Question 70: Which of the following would be the most appropriate way to ...
- Question 71: Which of the following best describes why me SMS DIP authent...
- Question 72: A small business uses kiosks on the sales floor to display p...
- Question 73: Which of the following control types is AUP an example of?...
- Question 74: Which of the following should an organization focus on the m...
- Question 75: Company A jointly develops a product with Company B, which i...
- Question 76: An organization disabled unneeded services and placed a fire...
- Question 77: A company recently decided to allow employees to work remote...
- Question 78: While troubleshooting a firewall configuration, a technician...
- Question 79: Which of the following is a type of vulnerability that invol...
- Question 80: Which of the following considerations is the most important ...
- Question 81: Which of the following is most likely associated with introd...
- Question 82: A security analyst needs to propose a remediation plan 'or e...
- Question 83: A company is planning to set up a SIEM system and assign an ...
- Question 84: Which of the following examples would be best mitigated by i...
- Question 85: Which of the following data roles is responsible for identif...
- Question 86: Which of the following can be used to identify potential att...
- Question 87: The security operations center is researching an event conce...
- Question 88: Which of the following is a reason why a forensic specialist...
- Question 89: After reviewing the following vulnerability scanning report:...
- Question 90: Which of the following alert types is the most likely to be ...
- Question 91: Which of the following threat actors would most likely defac...
- Question 92: Which of the following should be used to aggregate log data ...
- Question 93: Several employees received a fraudulent text message from so...
- Question 94: Which of the following are cases in which an engineer should...
- Question 95: A growing company would like to enhance the ability of its s...
- Question 96: A security consultant needs secure, remote access to a clien...
- Question 97: A new vulnerability enables a type of malware that allows th...
- Question 98: A systems administrator is working on a solution with the fo...
- Question 99: Employees in the research and development business unit rece...
- Question 100: A company is developing a business continuity strategy and n...
- Question 101: A security analyst discovers that a large number of employee...
- Question 102: Which of the following would be most useful in determining w...
- Question 103: A security analyst learns that an attack vector, used as par...
- Question 104: Which of the following best describe a penetration test that...
- Question 105: An administrator notices that several users are logging in f...
- Question 106: After a security awareness training session, a user called t...
- Question 107: A systems administrator is looking for a low-cost applicatio...
- Question 108: The Chief Information Security Officer (CISO) at a large com...
- Question 109: An important patch for a critical application has just been ...
- Question 110: Which of the following would be the best way to handle a cri...
- Question 111: A business needs a recovery site but does not require immedi...
- Question 112: A security manager is implementing MFA and patch management....
- Question 113: Which of the following data roles is responsible for identif...
- Question 114: Which of the following is the most likely to be included as ...
- Question 115: Which of the following best describe a penetration test that...
- Question 116: A systems administrate wants to implement a backup solution....
- Question 117: A client asked a security company to provide a document outl...
- Question 118: A cyber operations team informs a security analyst about a n...
- Question 119: A security analyst reviews domain activity logs and notices ...
- Question 120: Which of the following is prevented by proper data sanitizat...
- Question 121: A company is concerned about weather events causing damage t...
- Question 122: Which of the following tools can assist with detecting an em...
- Question 123: Which of the following is the final step of the modem respon...
- Question 124: A network administrator deployed a DNS logging tool that tog...
- Question 125: The Chief Information Security Officer wants to put security...
- Question 126: A company is discarding a classified storage array and hires...
- Question 127: Which of the following is used to add extra complexity befor...
- Question 128: Which of the following is the best way to provide secure rem...
- Question 129: Which of the following is used to quantitatively measure the...
- Question 130: Which of the following is die most important security concer...
- Question 131: Two companies are in the process of merging. The companies n...
- Question 132: Which of the following is the most likely outcome if a large...
- Question 133: An enterprise is trying to limit outbound DNS traffic origin...
- Question 134: During the onboarding process, an employee needs to create a...
- Question 135: Which of the following environments utilizes a subset of cus...
- Question 136: A spoofed identity was detected for a digital certificate. W...
- Question 137: Which of the following is the first step to take when creati...
- Question 138: A systems administrator receives the following alert from a ...
- Question 139: A company is planning a disaster recovery site and needs to ...
- Question 140: A company is implementing a vendor's security tool in the cl...
- Question 141: An administrator is Investigating an incident and discovers ...
- Question 142: Which of the following is a common source of unintentional c...
- Question 143: After a recent vulnerability scan, a security engineer needs...
- Question 144: An organization implemented cloud-managed IP cameras to moni...
- Question 145: Which of the following teams combines both offensive and def...
- Question 146: An IT manager is increasing the security capabilities of an ...
- Question 147: Which of the following can best protect against an employee ...
- Question 148: Which of the following is used to validate a certificate whe...
- Question 149: A company requires hard drives to be securely wiped before s...
- Question 150: Which of the following threat vectors is most commonly utili...
- Question 151: A security engineer is working to address the growing risks ...
- Question 152: An enterprise is trying to limit outbound DNS traffic origin...
- Question 153: Client files can only be accessed by employees who need to k...
- Question 154: A systems administrator works for a local hospital and needs...
- Question 155: Which of the following is most likely associated with introd...
- Question 156: Which of the following is a primary security concern for a c...
- Question 157: An administrator at a small business notices an increase in ...
- Question 158: The Cruel Information Security Officer (CISO) asks a securit...
- Question 159: A company is utilizing an offshore team to help support the ...
- Question 160: A security engineer is installing an IPS to block signature-...
- Question 161: The application development teams have been asked to answer ...
- Question 162: An employee in the accounting department receives an email c...
- Question 163: Which of the following is an algorithm performed to verify t...
- Question 164: A company's legal department drafted sensitive documents in ...
- Question 165: A company wants to get alerts when others are researching an...
- Question 166: Which of the following has been implemented when a host-base...
- Question 167: Which of the following involves an attempt to take advantage...
- Question 168: Which of the following strategies should an organization use...
- Question 169: An organization is adopting cloud services at a rapid pace a...
- Question 170: A security manager is implementing MFA and patch management....
- Question 171: While investigating a possible incident, a security analyst ...
- Question 172: An IT manager informs the entire help desk staff that only t...
- Question 173: Which of the following describes a security alerting and mon...
- Question 174: After a recent ransomware attack on a company's system, an a...
- Question 175: A business uses Wi-Fi with content filleting enabled. An emp...
- Question 176: An administrator must replace an expired SSL certificate. Wh...
- Question 177: An organization's internet-facing website was compromised wh...
- Question 178: After an audit, an administrator discovers all users have ac...
- Question 179: An organization experiences a cybersecurity incident involvi...
- Question 180: Which of the following can a security director use to priori...
- Question 181: A software developer would like to ensure. The source code c...
- Question 182: A security engineer is working to address the growing risks ...
- Question 183: Which of the following is the best reason to complete an aud...
- Question 184: Which of the following security concepts is accomplished whe...
- Question 185: The application development teams have been asked to answer ...
- Question 186: A cybersecurity incident response team at a large company re...
- Question 187: A security analyst receives alerts about an internal system ...
- Question 188: Which of the following should a security administrator adher...
- Question 189: Which of the following security control types does an accept...
- Question 190: A visitor plugs a laptop into a network jack in the lobby an...
- Question 191: Which of the following is the best way to consistently deter...
- Question 192: A technician wants to improve the situational and environmen...
- Question 193: The management team notices that new accounts that are set u...
- Question 194: The local administrator account for a company's VPN applianc...
- Question 195: A systems administrator is redesigning now devices will perf...
- Question 196: Which of the following allows for the attribution of message...
- Question 197: While conducting a business continuity tabletop exercise, th...
