While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization's server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
A. cat * | cut –d ‘,’ –f 2,5,7
B. more * | grep
C. diff
D. sort *
A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe. The unknown process is MOST likely:
A. Malware
B. A port scanner
C. A system process
D. An application process
A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?
A. Logs should be synchronized to their local time zone.
B. Logs should be synchronized to a common, predefined time source.
C. Logs should contain the username of the user performing the action.
D. Logs should include the physical location of the action performed.
Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?
A. IPS logs
B. DNS logs
C. SQL logs
D. SSL logs
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members WHERE email = "[email protected]"; DROP TABLE members; ?
Which of the following did the hackers perform?
A. Cleared tracks of [email protected] entries
B. Deleted the entire members table
C. Deleted the email password and login details
D. Performed a cross-site scripting (XSS) attack
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO's account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder's suspicion?
A. Geolocation
B. False positive
C. Geovelocity
D. Advanced persistent threat (APT) activity
An unauthorized network scan may be detected by parsing network sniffer data for:
A. IP traffic from a single IP address to multiple IP addresses.
B. IP traffic from a single IP address to a single IP address.
C. IP traffic from multiple IP addresses to a single IP address.
D. IP traffic from multiple IP addresses to other networks.
A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?
A. grep 20151124 security_log | grep –c “login failure”
B. grep 20150124 security_log | grep "login_failure"
C. grep 20151124 security_log | grep "login"
D. grep 20151124 security_log | grep –c “login”
A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
A. tr -d
B. uniq -c
C. wc -m
D. grep -c
An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following BEST describes what is occurring?
A. The network is experiencing a denial of service (DoS) attack.
B. A malicious user is exporting sensitive data.
C. Rogue hardware has been installed.
D. An administrator has misconfigured a web proxy.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CertNexus exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CFR-310 exam preparations and CertNexus certification application, do not hesitate to visit our Vcedump.com to find your solutions here.