Multiple Choice
An engineer received a call to assist with an ongoing DDoS attack. The Apache server is being targeted, and availability is compromised. Which step should be taken to identify the origin of the threat?
A) An engineer should check the list of usernames currently logged in by running the command $ who | cut -d' ' -f1| sort | uniq An engineer should check the list of usernames currently logged in by running the command $ who | cut -d' ' -f1| sort | uniq
B) An engineer should check the server's processes by running commands ps -aux and sudo ps -a . An engineer should check the server's processes by running commands ps -aux and sudo ps -a .
C) An engineer should check the services on the machine by running the command service -status-all . An engineer should check the services on the machine by running the command service -status-all
D) An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/log/apache2/access.log . An engineer should check the last hundred entries of a web server with the command sudo tail -100 /var/log/apache2/access.log
Correct Answer:
Verified
Correct Answer:
Verified
Q13: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q14: A security team is discussing lessons learned
Q15: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q16: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q17: A security team received an alert of
Q19: A website administrator has an output of
Q20: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q21: Which magic byte indicates that an analyzed
Q22: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q23: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the