Exam 9: Reacting to a Cyber Incident: Analyzing Common Symptoms

Uma wants to figure out how to detect any rogue access points that might be installed around her company's offices. Which of the following might she choose to implement?

Ines is reviewing the network traffic logs and sees what appears to be beaconing. Which of the following best describes the traffic she has noticed?

Hwan, a network administrator, has just overheard a cybersecurity analyst at his company talking about a DDoS attack. He wants to ensure that he notifies the appropriate parties if this type of attack does take place. Which of the following symptoms might indicate a potential DDoS attack?

Calliope is a forensics detective with a law enforcement agency. She discovers that an attacker who has just been caught was using a dead-drop method of controlling the bots in a botnet. Which of the following might have been a clue that the attacker was using this method?

Jaden has received an alert from a system that has identified potential malware on itself. Upon looking through the log files, he sees a list of error messages where an executable tried to write data to a range of memory addresses that did not exist for the system. Which of the following has most likely occurred?

Uziahhas received an alert from a network monitoring system that it has detected a client on the network sending an HTTPS packet once per minute for the past six hours to an external IP address. Which of the following has the system most likely detected?

Barry has just installed Wireshark on a computer in his organization to analyze network traffic. Which of the following will he also most likely need in order to make this configuration work?

Lida has discovered several unauthorized applications on a number of computer systems within her company. Which of the following would have best prevented this scenario from occurring?

Jared has created a field in the database that acts as the backend for an application he has written.The field has been configured to store an 8-bit unsigned number. The field where the user enters information has only been configured to accept numbers, but Jared apparently forgot to add logic to ensure that the user could not enter numbers greater than 255. Which of the following could occur as a result of this oversight?

Ulf has found malware on a couple of computers that has been making remote connections to named pipes. Which of the following is being exploited by this malware?

Ananada is sitting on a train and overhears someone on his phone bragging that he has a massive network of computers at his fingertips that have been compromised with some form of malware. He tells the person on the other end of the call that they can have all these computers attack a target in unison. Which of the following terms might describe the person whose conversation she overheard?

Bartolo sees a notification from a security device on the perimeter of the network that ICMP echo requests have been received for the entire range of IP addresses on the external subnet. Which of the following has been detected?

Phaedra, a cybersecurity analyst, has discovered a number of computers within her company's network that are regularly sending packets to an external IP address for no legitimate reason. Which of the following is the most likely cause of this scenario?

Albrecht has noticed a number of clients on the network attempting to contact the same external IP address at a constant rate of once every five minutes over the past 72 hours. Which of the following might be the cause of his concern?

Belvais performing an audit of the e-mail server when she discovers that one of the accounts is sending a lot of e-mails all day that contain attachments. After a bit more research, she finds that the attachments contain extensive proprietary and confidential information. Which of the following should she consider implementing to prevent a reoccurrence?