312-50 Exam Dumps | An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers,

<< Prev Question Next Question >>

Question 73/350

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

A. The network devices are not all synchronized.

B. Proper chain of custody was not observed while collecting the logs.

C. The attacker altered or erased events from the logs.

D. The security breach was a false positive.

Question List (350q): Question 1: Which of the following ensures that updates to policies, pro...; Question 2: When comparing the testing methodologies of Open Web Applica...; Question 3: Your team has won a contract to infiltrate an organization. ...; Question 4: Low humidity in a data center can cause which of the followi...; Question 5: While checking the settings on the internet browser, a techn...; Question 6: What is the primary drawback to using advanced encryption st...; Question 7: Which NMAP feature can a tester implement or adjust while sc...; Question 8: Which of the following cryptography attack methods is usuall...; Question 9: What type of OS fingerprinting technique sends specially cra...; Question 10: Your company was hired by a small healthcare provider to per...; Question 11: What information should an IT system analysis provide to the...; Question 12: Using Windows CMD, how would an attacker list all the shares...; Question 13: This asymmetry cipher is based on factoring the product of t...; Question 14: Jimmy is standing outside a secure entrance to a facility. H...; Question 15: Which of the following is an example of an asymmetric encryp...; Question 16: Advanced encryption standard is an algorithm used for which ...; Question 17: Which set of access control solutions implements two-factor ...; Question 18: A Certificate Authority (CA) generates a key pair that will ...; Question 19: A hacker is attempting to use nslookup to query Domain Name ...; Question 20: PGP, SSL, and IKE are all examples of which type of cryptogr...; Question 21: To maintain compliance with regulatory requirements, a secur...; Question 22: Which type of access control is used on a router or firewall...; Question 23: Which of the following is a hashing algorithm?...; Question 24: An attacker uses a communication channel within an operating...; Question 25: To send a PGP encrypted message, which piece of information ...; Question 26: Which of the following is an application that requires a hos...; Question 27: Which of the following settings enables Nessus to detect whe...; Question 28: The configuration allows a wired or wireless network interfa...; Question 29: What are the three types of authentication?...; Question 30: What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43...; Question 31: Which of the following is one of the most effective ways to ...; Question 32: Your company performs penetration tests and security assessm...; Question 33: Which method can provide a better return on IT security inve...; Question 34: In the OSI model, where does PPTP encryption take place?...; Question 35: Which tool would be used to collect wireless packet data?...; Question 36: Which of the following is a hardware requirement that either...; Question 37: Which of the following is a protocol specifically designed f...; Question 38: Which of the following types of firewall inspects only heade...; Question 39: Which of the following is the successor of SSL?...; Question 40: A large company intends to use Blackberry for corporate mobi...; Question 41: You are logged in as a local admin on a Windows 7 system and...; Question 42: You work as a Security Analyst for a retail organization. In...; Question 43: A security engineer has been asked to deploy a secure remote...; Question 44: At a Windows Server command prompt, which command could be u...; Question 45: Which of the following incident handling process phases is r...; Question 46: The "gray box testing" methodology enforces what kind of res...; Question 47: Which technical characteristic do Ethereal/Wireshark, TCPDum...; Question 48: When you are getting information about a web server, it is v...; Question 49: Which initial procedure should an ethical hacker perform aft...; Question 50: If an e-commerce site was put into a live environment and th...; Question 51: Which of the following descriptions is true about a static N...; Question 52: A common cryptographical tool is the use of XOR. XOR the fol...; Question 53: It is an entity or event with the potential to adversely imp...; Question 54: Which of the following processes evaluates the adherence of ...; Question 55: A penetration tester is conducting a port scan on a specific...; Question 56: Which of the following tools would be the best choice for ac...; Question 57: Which of the following is the greatest threat posed by backu...; Question 58: Which of the following levels of algorithms does Public Key ...; Question 59: A newly discovered flaw in a software application would be c...; Question 60: ICMP ping and ping sweeps are used to check for active syste...; Question 61: Which type of intrusion detection system can monitor and ale...; Question 62: When you are collecting information to perform a data analys...; Question 63: Which of the following programming languages is most vulnera...; Question 64: This international organization regulates billions of transa...; Question 65: Employees in a company are no longer able to access Internet...; Question 66: Which of the following defines the role of a root Certificat...; Question 67: It is a kind of malware (malicious software) that criminals ...; Question 68: While using your bank's online servicing you notice the foll...; Question 69: To determine if a software program properly handles a wide r...; Question 70: What is the main advantage that a network-based IDS/IPS syst...; Question 71: What is the benefit of performing an unannounced Penetration...; Question 72: The intrusion detection system at a software development com...; Question 73: An incident investigator asks to receive a copy of the event...; Question 74: What results will the following command yield: 'NMAP -sS -O ...; Question 75: The use of technologies like IPSec can help guarantee the fo...; Question 76: When you are testing a web application, it is very useful to...; Question 77: Which of the following conditions must be given to allow a t...; Question 78: What is the best defense against privilege escalation vulner...; Question 79: The following is part of a log file taken from the machine o...; Question 80: The network administrator contacts you and tells you that sh...; Question 81: Fingerprinting VPN firewalls is possible with which of the f...; Question 82: Which of the following scanning tools is specifically design...; Question 83: A tester has been using the msadc.pl attack script to execut...; Question 84: What is a successful method for protecting a router from pot...; Question 85: Which of the following items of a computer system will an an...; Question 86: Which tool is used to automate SQL injections and exploit a ...; Question 87: Which element of Public Key Infrastructure (PKI) verifies th...; Question 88: Windows file servers commonly hold sensitive files, database...; Question 89: In the software security development life cycle process, thr...; Question 90: Company A and Company B have just merged and each has its ow...; Question 91: Passive reconnaissance involves collecting information throu...; Question 92: A company firewall engineer has configured a new DMZ to allo...; Question 93: Risks = Threats x Vulnerabilities is referred to as the:...; Question 94: A recently hired network security associate at a local bank ...; Question 95: Which of the following resources does NMAP need to be used a...; Question 96: Which solution can be used to emulate computer services, suc...; Question 97: Bluetooth uses which digital modulation technique to exchang...; Question 98: A bank stores and processes sensitive privacy information re...; Question 99: A developer for a company is tasked with creating a program ...; Question 100: A security consultant decides to use multiple layers of anti...; Question 101: What is the way to decide how a packet will move from an unt...; Question 102: How does the Address Resolution Protocol (ARP) work?...; Question 103: An organization hires a tester to do a wireless penetration ...; Question 104: How can a policy help improve an employee's security awarene...; Question 105: Which of the following open source tools would be the best c...; Question 106: A hacker, who posed as a heating and air conditioning specia...; Question 107: After trying multiple exploits, you've gained root access to...; Question 108: Pentest results indicate that voice over IP traffic is trave...; Question 109: What are the three types of compliance that the Open Source ...; Question 110: What is the name of the international standard that establis...; Question 111: The following is a sample of output from a penetration teste...; Question 112: A network administrator received an administrative alert at ...; Question 113: Which of the following is considered the best way to protect...; 1 commentQuestion 114: While performing online banking using a Web browser, a user ...; Question 115: Which of the following statements is TRUE?...; Question 116: How can a rootkit bypass Windows 7 operating system's kernel...; Question 117: Which of the following is considered an acceptable option wh...; Question 118: A company's security policy states that all Web browsers mus...; Question 119: Seth is starting a penetration test from inside the network....; Question 120: An Internet Service Provider (ISP) has a need to authenticat...; Question 121: An ethical hacker for a large security research firm perform...; Question 122: A Security Engineer at a medium-sized accounting firm has be...; Question 123: What is the most common method to exploit the "Bash Bug" or ...; Question 124: What term describes the amount of risk that remains after th...; Question 125: The company ABC recently contracted a new accountant. The ac...; Question 126: You've just been hired to perform a pen test on an organizat...; Question 127: An NMAP scan of a server shows port 25 is open. What risk co...; Question 128: Which mode of IPSec should you use to assure security and co...; Question 129: A penetration tester is hired to do a risk assessment of a c...; Question 130: When utilizing technical assessment methods to assess the se...; Question 131: When an alert rule is matched in a network-based IDS like sn...; Question 132: The use of alert thresholding in an IDS can reduce the volum...; Question 133: Which of the following is a strong post designed to stop a c...; Question 134: You just set up a security system in your network. In what k...; Question 135: A penetration tester is conducting a port scan on a specific...; Question 136: What is one thing a tester can do to ensure that the softwar...; Question 137: Which of the following security operations is used for deter...; Question 138: A consultant has been hired by the V.P. of a large financial...; Question 139: You have successfully gained access to a linux server and wo...; Question 140: You have compromised a server on a network and successfully ...; Question 141: To reduce the attack surface of a system, administrators sho...; Question 142: How is sniffing broadly categorized?...; Question 143: Session splicing is an IDS evasion technique in which an att...; Question 144: An engineer is learning to write exploits in C++ and is usin...; Question 145: A company has hired a security administrator to maintain and...; Question 146: What is the process of logging, recording, and resolving eve...; Question 147: Which of the following describes the characteristics of a Bo...; Question 148: After gaining access to the password hashes used to protect ...; Question 149: Ricardo wants to send secret messages to a competitor compan...; Question 150: While conducting a penetration test, the tester determines t...; Question 151: An NMAP scan of a server shows port 69 is open. What risk co...; Question 152: When does the Payment Card Industry Data Security Standard (...; Question 153: Which type of scan is used on the eye to measure the layer o...; Question 154: Which of the following lists are valid data-gathering activi...; Question 155: What is the best description of SQL Injection?...; Question 156: You are using NMAP to resolve domain names into IP addresses...; Question 157: A hacker has managed to gain access to a Linux host and stol...; Question 158: Which of the following is optimized for confidential communi...; Question 159: Initiating an attack against targeted businesses and organiz...; Question 160: Which of the following is the least-likely physical characte...; Question 161: An attacker gains access to a Web server's database and disp...; Question 162: Which type of scan measures a person's external features thr...; Question 163: What does a firewall check to prevent particular ports and a...; Question 164: A hacker is attempting to see which IP addresses are current...; Question 165: > NMAP -sn 192.168.11.200-215 The NMAP command above perf...; Question 166: An Intrusion Detection System (IDS) has alerted the network ...; Question 167: During a wireless penetration test, a tester detects an acce...; Question 168: You have several plain-text firewall logs that you must revi...; Question 169: Which of the following describes the characteristics of a Bo...; Question 170: Which of the following is designed to identify malicious att...; Question 171: Which of the following is a detective control?...; Question 172: In order to show improvement of security over time, what mus...; Question 173: A security policy will be more accepted by employees if it i...; Question 174: A penetration tester was hired to perform a penetration test...; Question 175: A network security administrator is worried about potential ...; Question 176: If the final set of security controls does not eliminate all...; Question 177: How does an operating system protect the passwords used for ...; Question 178: Which of the following techniques will identify if computer ...; Question 179: The company ABC recently discovered that their new product w...; Question 180: Eve stole a file named secret.txt, transferred it to her com...; Question 181: Craig received a report of all the computers on the network ...; Question 182: Which of the following is a design pattern based on distinct...; Question 183: A security analyst is performing an audit on the network to ...; Question 184: WPA2 uses AES for wireless data encryption at which of the f...; Question 185: During a penetration test, a tester finds that the web appli...; Question 186: You've gained physical access to a Windows 2008 R2 server wh...; Question 187: What is the main reason the use of a stored biometric is vul...; Question 188: The security concept of "separation of duties" is most simil...; Question 189: Which NMAP command combination would let a tester scan every...; Question 190: International Organization for Standardization (ISO) standar...; Question 191: env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' What ...; Question 192: Which property ensures that a hash function will not produce...; Question 193: If executives are found liable for not properly protecting t...; Question 194: Which of the following is an advantage of utilizing security...; Question 195: Which statement is TRUE regarding network firewalls preventi...; Question 196: Which regulation defines security and privacy controls for F...; Question 197: A computer science student needs to fill some information in...; Question 198: You are performing information gathering for an important pe...; Question 199: An attacker is trying to redirect the traffic of a small off...; Question 200: Which of the following is a low-tech way of gaining unauthor...; Question 201: On a Linux device, which of the following commands will star...; Question 202: The fundamental difference between symmetric and asymmetric ...; Question 203: Which vital role does the U.S. Computer Security Incident Re...; Question 204: Which command line switch would be used in NMAP to perform o...; Question 205: Smart cards use which protocol to transfer the certificate i...; Question 206: Which of the following tools will scan a network to perform ...; Question 207: SOAP services use which technology to format information?...; Question 208: An IT security engineer notices that the company's web serve...; Question 209: Which cipher encrypts the plain text digit (bit or byte) one...; Question 210: The Open Web Application Security Project (OWASP) testing me...; Question 211: Which protocol and port number might be needed in order to s...; Question 212: What two conditions must a digital signature meet?...; Question 213: What technique is used to perform a Connection Stream Parame...; Question 214: John the Ripper is a technical assessment tool used to test ...; Question 215: While performing data validation of web content, a security ...; Question 216: Which of these options is the most secure procedure for stor...; Question 217: A consultant is hired to do physical penetration testing at ...; Question 218: Which of the following is not a Bluetooth attack?...; Question 219: Which of the following tools is used to detect wireless LANs...; Question 220: The Heartbleed bug was discovered in 2014 and is widely refe...; Question 221: When analyzing the IDS logs, the system administrator notice...; Question 222: How do employers protect assets with security policies perta...; Question 223: What is the most secure way to mitigate the theft of corpora...; Question 224: Which of the following describes a component of Public Key I...; Question 225: During a penetration test, the tester conducts an ACK scan u...; Question 226: Which of the following business challenges could be solved b...; Question 227: A hacker searches in Google for filetype:pcf to find Cisco V...; Question 228: A certified ethical hacker (CEH) completed a penetration tes...; Question 229: A security analyst in an insurance company is assigned to te...; Question 230: Some passwords are stored using specialized encryption algor...; Question 231: A regional bank hires your company to perform a security ass...; Question 232: A security engineer is attempting to map a company's interna...; Question 233: Nation-state threat actors often discover vulnerabilities an...; Question 234: Which of the following is a preventive control?...; Question 235: What statement is true regarding LM hashes?...; Question 236: You have compromised a server and successfully gained a root...; Question 237: A pentester gains access to a Windows application server and...; Question 238: One way to defeat a multi-level security solution is to leak...; Question 239: Which of the following problems can be solved by using Wires...; Question 240: Which of the following can the administrator do to verify th...; Question 241: Which of the following is an example of two factor authentic...; Question 242: Which of the following examples best represents a logical or...; Question 243: Which method of password cracking takes the most time and ef...; Question 244: What is a "Collision attack" in cryptography?...; Question 245: A network administrator discovers several unknown files in t...; Question 246: When setting up a wireless network, an administrator enters ...; Question 247: What is the main disadvantage of the scripting languages as ...; Question 248: Which of the following items is unique to the N-tier archite...; Question 249: Which of the following is a symmetric cryptographic standard...; Question 250: How can rainbow tables be defeated?...; Question 251: Which of the following network attacks takes advantage of we...; Question 252: The purpose of a __________ is to deny network access to loc...; Question 253: When creating a security program, which approach would be us...; Question 254: You have successfully comprised a server having an IP addres...; Question 255: Which of the following can take an arbitrary length of input...; Question 256: What is the main difference between a "Normal" SQL Injection...; Question 257: Which of the following is an example of IP spoofing?...; Question 258: Which of the following is a client-server tool utilized to e...; Question 259: During a penetration test, a tester finds a target that is r...; Question 260: An attacker changes the profile information of a particular ...; Question 261: You have successfully compromised a machine on the network a...; Question 262: A tester has been hired to do a web application security tes...; Question 263: You have successfully gained access to your client's interna...; Question 264: One advantage of an application-level firewall is the abilit...; Question 265: Which of the following does proper basic configuration of sn...; Question 266: A company has publicly hosted web applications and an intern...; Question 267: What is the role of test automation in security testing?...; Question 268: A medium-sized healthcare IT business decides to implement a...; Question 269: Which security strategy requires using several, varying meth...; Question 270: Jesse receives an email with an attachment labeled "Court_No...; Question 271: Which of the following types of firewalls ensures that the p...; Question 272: Which statement best describes a server type under an N-tier...; Question 273: Least privilege is a security concept that requires that a u...; Question 274: During a security audit of IT processes, an IS auditor found...; Question 275: When using Wireshark to acquire packet capture on a network,...; Question 276: Which of the following algorithms provides better protection...; Question 277: A certified ethical hacker (CEH) is approached by a friend w...; Question 278: What is the correct PCAP filter to capture all TCP traffic g...; Question 279: An attacker has installed a RAT on a host. The attacker want...; Question 280: An attacker has been successfully modifying the purchase pri...; Question 281: During a blackbox pen test you attempt to pass IRC traffic o...; Question 282: A Network Administrator was recently promoted to Chief Secur...; Question 283: Which of the following is the structure designed to verify a...; Question 284: Which type of antenna is used in wireless communication?...; Question 285: Which of the following techniques does a vulnerability scann...; Question 286: How can telnet be used to fingerprint a web server?...; Question 287: Which of the following is a command line packet analyzer sim...; Question 288: Which of the following parameters enables NMAP's operating s...; Question 289: Which of the following is a common Service Oriented Architec...; Question 290: It is a vulnerability in GNU's bash shell, discovered in Sep...; Question 291: Which of the following is assured by the use of a hash?...; Question 292: Which of the statements concerning proxy firewalls is correc...; Question 293: Which tool allows analysts and pen testers to examine links ...; Question 294: A computer technician is using a new version of a word proce...; Question 295: In Risk Management, how is the term "likelihood" related to ...; Question 296: You are performing a penetration test. You achieved access v...; Question 297: A security consultant is trying to bid on a large contract t...; Question 298: A new wireless client is configured to join a 802.11 network...; Question 299: Which system consists of a publicly available set of databas...; Question 300: A circuit level gateway works at which of the following laye...; Question 301: You are tasked to perform a penetration test. While you are ...; Question 302: Which United States legislation mandates that the Chief Exec...; Question 303: Which of the following tools performs comprehensive tests ag...; Question 304: This tool is an 802.11 WEP and WPA-PSK keys cracking program...; Question 305: Which of the following parameters describe LM Hash (see exhi...; Question 306: Diffie-Hellman (DH) groups determine the strength of the key...; Question 307: This phase will increase the odds of success in later phases...; Question 308: A penetration tester is attempting to scan an internal corpo...; Question 309: Which of the following programs is usually targeted at Micro...; Question 310: Which of the following is a characteristic of Public Key Inf...; Question 311: A botnet can be managed through which of the following?...; Question 312: It is a regulation that has a set of guidelines, which shoul...; Question 313: From the two screenshots below, which of the following is oc...; Question 314: An attacker has captured a target file that is encrypted wit...; Question 315: Which Open Web Application Security Project (OWASP) implemen...; Question 316: Which of the following processes of PKI (Public Key Infrastr...; Question 317: A pentester is using Metasploit to exploit an FTP server and...; Question 318: The chance of a hard drive failure is once every three years...; Question 319: Which of the following is a component of a risk assessment?...; Question 320: Which of the following statements regarding ethical hacking ...; Question 321: Perspective clients want to see sample reports from previous...; Question 322: A hacker is attempting to see which ports have been left ope...; Question 323: Which results will be returned with the following Google sea...; Question 324: A company is using Windows Server 2003 for its Active Direct...; Question 325: An attacker sniffs encrypted traffic from the network and is...; Question 326: Which of the following identifies the three modes in which S...; Question 327: Firewalk has just completed the second phase (the scanning p...; Question 328: Which of the following is a primary service of the U.S. Comp...; Question 329: The Open Web Application Security Project (OWASP) is the wor...; Question 330: A company's Web development team has become aware of a certa...; Question 331: Which tool can be used to silently copy files from USB devic...; Question 332: Which of the following tools can be used for passive OS fing...; Question 333: During a recent security assessment, you discover the organi...; Question 334: The "white box testing" methodology enforces what kind of re...; Question 335: Which of the following is a component of a risk assessment?...; Question 336: A technician is resolving an issue where a computer is unabl...; Question 337: Which of the following tools is used to analyze the files pr...; Question 338: While testing the company's web applications, a tester attem...; Question 339: Which type of security document is written with specific ste...; Question 340: Which of the following guidelines or standards is associated...; Question 341: It is a short-range wireless communication technology intend...; Question 342: When you return to your desk after a lunch break, you notice...; Question 343: A hacker has successfully infected an internet-facing server...; Question 344: If a tester is attempting to ping a target that exists but r...; Question 345: Which of the following network attacks relies on sending an ...; Question 346: You are attempting to man-in-the-middle a session. Which pro...; Question 347: Which security control role does encryption meet?...; Question 348: In 2007, this wireless security algorithm was rendered usele...; Question 349: Which command lets a tester enumerate alive systems in a cla...; Question 350: A hacker was able to sniff packets on a company's wireless n...

Question 73/350

LEAVE A REPLY

Download PDF File