Chat with AI
Deck 9: Reacting to a Cyber Incident: Analyzing Common Symptoms
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/15
Play
Full screen (f)
Deck 9: Reacting to a Cyber Incident: Analyzing Common Symptoms
1
Ines is reviewing the network traffic logs and sees what appears to be beaconing. Which of the following best describes the traffic she has noticed?
A) This is normal network traffic that is sent between routers and switches on the network.
B) The traffic is most likely internal communications between malware-infected computers.
C) Beacons are another name for DNS queries, which is a normal type of traffic on the network.
D) The traffic is most likely being sent to a command and control server.
A) This is normal network traffic that is sent between routers and switches on the network.
B) The traffic is most likely internal communications between malware-infected computers.
C) Beacons are another name for DNS queries, which is a normal type of traffic on the network.
D) The traffic is most likely being sent to a command and control server.
The traffic is most likely being sent to a command and control server.
2
Hwan, a network administrator, has just overheard a cybersecurity analyst at his company talking about a DDoS attack. He wants to ensure that he notifies the appropriate parties if this type of attack does take place. Which of the following symptoms might indicate a potential DDoS attack?
A) A large constant spike in bandwidth consumption
B) HTTP packets being sent once per minute to the same destination IP address from an internal host
C) A consistent stream of packets from one client to another that just recently started
D) The discovery of several unknown services running on a couple of the servers
A) A large constant spike in bandwidth consumption
B) HTTP packets being sent once per minute to the same destination IP address from an internal host
C) A consistent stream of packets from one client to another that just recently started
D) The discovery of several unknown services running on a couple of the servers
A large constant spike in bandwidth consumption
3
Albrecht has noticed a number of clients on the network attempting to contact the same external IP address at a constant rate of once every five minutes over the past 72 hours. Which of the following might be the cause of his concern?
A) The computers are currently taking part in a DDoS attack against the destination IP address.
B) The computers may have formed a distributed computing configuration that allows them to work as a single command and control system.
C) The computers may be infected with malware that has made them part of a botnet.
D) The computers are performing a port scan against a victim computer.
A) The computers are currently taking part in a DDoS attack against the destination IP address.
B) The computers may have formed a distributed computing configuration that allows them to work as a single command and control system.
C) The computers may be infected with malware that has made them part of a botnet.
D) The computers are performing a port scan against a victim computer.
The computers may be infected with malware that has made them part of a botnet.
4
Bartolo sees a notification from a security device on the perimeter of the network that ICMP echo requests have been received for the entire range of IP addresses on the external subnet. Which of the following has been detected?
A) Port scan
B) Ping sweep
C) Dedicated probe
D) Hyperthreading
A) Port scan
B) Ping sweep
C) Dedicated probe
D) Hyperthreading
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
5
Belvais performing an audit of the e-mail server when she discovers that one of the accounts is sending a lot of e-mails all day that contain attachments. After a bit more research, she finds that the attachments contain extensive proprietary and confidential information. Which of the following should she consider implementing to prevent a reoccurrence?
A) Buffer filtering
B) DLP
C) PoS
D) Access point probe
A) Buffer filtering
B) DLP
C) PoS
D) Access point probe
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
6
Ulf has found malware on a couple of computers that has been making remote connections to named pipes. Which of the following is being exploited by this malware?
A) USB
B) DLP
C) C&C
D) SMB
A) USB
B) DLP
C) C&C
D) SMB
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
7
Uziahhas received an alert from a network monitoring system that it has detected a client on the network sending an HTTPS packet once per minute for the past six hours to an external IP address. Which of the following has the system most likely detected?
A) Ping sweep
B) Snitching
C) Beaconing
D) Port scanning
A) Ping sweep
B) Snitching
C) Beaconing
D) Port scanning
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
8
Jared has created a field in the database that acts as the backend for an application he has written.The field has been configured to store an 8-bit unsigned number. The field where the user enters information has only been configured to accept numbers, but Jared apparently forgot to add logic to ensure that the user could not enter numbers greater than 255. Which of the following could occur as a result of this oversight?
A) Space overflow
B) Decimal overflow
C) Integer overflow
D) Buffer overflow
A) Space overflow
B) Decimal overflow
C) Integer overflow
D) Buffer overflow
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
9
Jaden has received an alert from a system that has identified potential malware on itself. Upon looking through the log files, he sees a list of error messages where an executable tried to write data to a range of memory addresses that did not exist for the system. Which of the following has most likely occurred?
A) Space overflow
B) Decimal overflow
C) Integer overflow
D) Buffer overflow
A) Space overflow
B) Decimal overflow
C) Integer overflow
D) Buffer overflow
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
10
Ananada is sitting on a train and overhears someone on his phone bragging that he has a massive network of computers at his fingertips that have been compromised with some form of malware. He tells the person on the other end of the call that they can have all these computers attack a target in unison. Which of the following terms might describe the person whose conversation she overheard?
A) Bot herder
B) Zombie
C) Shepherd
D) Alien wrangler
A) Bot herder
B) Zombie
C) Shepherd
D) Alien wrangler
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
11
Calliope is a forensics detective with a law enforcement agency. She discovers that an attacker who has just been caught was using a dead-drop method of controlling the bots in a botnet. Which of the following might have been a clue that the attacker was using this method?
A) Reading log files that contained constant encrypted communications from the attacker's IP address to some of the identified bots
B) Finding a directional antenna and Wi-Fi setup that allowed the bot herder to beam communications directly to the target computers
C) Finding devices that the attacker had hidden on multiple victims' company networks
D) Finding an e-mail account with multiple saved drafts that were never sent but contained instructions the bots were to follow
A) Reading log files that contained constant encrypted communications from the attacker's IP address to some of the identified bots
B) Finding a directional antenna and Wi-Fi setup that allowed the bot herder to beam communications directly to the target computers
C) Finding devices that the attacker had hidden on multiple victims' company networks
D) Finding an e-mail account with multiple saved drafts that were never sent but contained instructions the bots were to follow
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
12
Phaedra, a cybersecurity analyst, has discovered a number of computers within her company's network that are regularly sending packets to an external IP address for no legitimate reason. Which of the following is the most likely cause of this scenario?
A) Telnet relay
B) Alien colony
C) Botnet
D) Zombie herd
A) Telnet relay
B) Alien colony
C) Botnet
D) Zombie herd
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
13
Barry has just installed Wireshark on a computer in his organization to analyze network traffic. Which of the following will he also most likely need in order to make this configuration work?
A) Port mirroring
B) BPDU guard
C) Portfast
D) Trunk port
A) Port mirroring
B) BPDU guard
C) Portfast
D) Trunk port
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
14
Uma wants to figure out how to detect any rogue access points that might be installed around her company's offices. Which of the following might she choose to implement?
A) Dedicated probe
B) RFID antenna
C) RF scanner
D) Waypoint
A) Dedicated probe
B) RFID antenna
C) RF scanner
D) Waypoint
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
15
Lida has discovered several unauthorized applications on a number of computer systems within her company. Which of the following would have best prevented this scenario from occurring?
A) Greenlist
B) Whitelist
C) Blacklist
D) Graylist
A) Greenlist
B) Whitelist
C) Blacklist
D) Graylist
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
