Quiz Summary
0 of 50 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 50 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the quiz, but hey, you have unlimited access.😎
Practice makes you perfect! 👊 -
Congratulations! 🥳
You have passed the quiz successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 50
1. Question
A security analyst is analyzing a log file and notices an unusual pattern of failed login attempts to an employee’s account. Upon further investigation, the analyst discovers that the employee’s credentials have been compromised. Which of the following BEST describes the analysis technique used in this scenario?
CorrectIncorrect -
Question 2 of 50
2. Question
You are a security analyst for a financial institution and are analyzing log data to identify any trends or anomalies that could indicate a security breach. After analyzing the logs, you notice a sudden increase in outbound network traffic from a specific workstation. What type of analysis are you performing?
CorrectIncorrect -
Question 3 of 50
3. Question
A security analyst has discovered a new type of malware on an endpoint. After performing some initial analysis, the analyst has decided to perform reverse engineering on the malware to gather additional information. Which of the following is a potential benefit of reverse engineering in this scenario?
CorrectIncorrect -
Question 4 of 50
4. Question
A security analyst is analyzing a memory dump from an endpoint that was compromised in a recent cyber attack. The analyst suspects that the attacker may have loaded malicious code into memory. Which of the following memory analysis techniques would be the MOST appropriate to determine if this is the case?
CorrectIncorrect -
Question 5 of 50
5. Question
A security analyst is tasked with monitoring an organization’s endpoints for any suspicious activity. The analyst notices that a system is exhibiting unusual behavior, and upon further investigation, determines that it is the result of a newly installed software. Which of the following techniques can the analyst use to identify known-good behavior of the new software?
CorrectIncorrect -
Question 6 of 50
6. Question
A company has implemented a security monitoring solution that collects endpoint data from across the organization’s network. The system generates alerts for anomalous behavior that deviates from a baseline of known-good behavior. An alert is generated for a user who is attempting to access files outside their normal working hours. Which of the following actions should be taken in response to the alert?
CorrectIncorrect -
Question 7 of 50
7. Question
A security analyst is analyzing endpoint data and notices a suspicious process attempting to execute a buffer overflow attack. The analyst suspects that the process may be trying to exploit a vulnerability in the system. Which of the following exploit techniques is the process MOST likely attempting to use?
CorrectIncorrect -
Question 8 of 50
8. Question
A company has noticed an unusual spike in outbound network traffic from a user’s endpoint. The IT security team suspects that the user’s computer may be compromised with a rootkit malware that has evaded traditional antivirus software. As part of the investigation, the team analyzes the system and application behavior to determine any exploit techniques used by the malware. Which of the following data points should they look for to identify exploit techniques?
CorrectIncorrect -
Question 9 of 50
9. Question
A security analyst is tasked with analyzing endpoint user behavior to identify any suspicious activity. Which of the following UEBA techniques would be MOST useful in this scenario?
CorrectIncorrect -
Question 10 of 50
10. Question
A security analyst is tasked with monitoring the network traffic of an organization. During analysis, the analyst notices a large number of DNS requests being made to a suspicious URL. Which of the following actions should the analyst take FIRST to further investigate this activity?
CorrectIncorrect -
Question 11 of 50
11. Question
A security team is investigating an incident in which an employee’s workstation was compromised with malware. During analysis, the team discovers that the malware was downloaded from a particular domain name. Which of the following steps should the team take to help prevent future incidents?
CorrectIncorrect -
Question 12 of 50
12. Question
A security analyst is investigating a network incident where an unknown device is communicating with an external IP address. The analyst needs to identify the source IP address, destination IP address, port number, and protocol. Which of the following techniques will the analyst use to analyze the network traffic?
CorrectIncorrect -
Question 13 of 50
13. Question
A security analyst is investigating a network incident where a large volume of network traffic is generated by a single IP address. The analyst needs to determine the type of traffic and the associated ports. Which of the following techniques will the analyst use to analyze the network traffic?
CorrectIncorrect -
Question 14 of 50
14. Question
A security analyst is reviewing a packet capture to investigate a potential malware infection. They notice that some of the traffic is using an unusual protocol that they do not recognize. Which of the following steps should the analyst take to investigate the protocol?
CorrectIncorrect -
Question 15 of 50
15. Question
You are a security analyst for a large retail company, and you have been tasked with analyzing the event logs for the company’s point-of-sale (POS) system. After reviewing the logs, you notice several failed login attempts and a sudden spike in sales at an unusual time. What type of attack may be occurring based on this data analysis?
CorrectIncorrect -
Question 16 of 50
16. Question
As a security analyst for a healthcare organization, you have been asked to review the event logs for the organization’s electronic health record (EHR) system. You notice that there are several entries indicating a large number of patient records were accessed by a single user in a short period of time. What type of analysis should you perform to determine if this activity is suspicious?
CorrectIncorrect -
Question 17 of 50
17. Question
A security analyst has been tasked with reviewing syslog logs for suspicious activity on a company’s network. Upon analyzing the logs, the analyst notices an abnormal amount of traffic to an external IP address during off-hours. The analyst suspects that a compromised system is communicating with a Command and Control (C2) server. Which of the following would be the BEST course of action for the analyst to take?
CorrectIncorrect -
Question 18 of 50
18. Question
A security analyst has been tasked with reviewing syslog logs from a company’s web server. The analyst notices that there are multiple attempts to access the server using common web application attack techniques. However, the logs do not show any successful attacks. Which of the following would be the MOST likely reason for this?
CorrectIncorrect -
Question 19 of 50
19. Question
A security analyst has been tasked to review the firewall logs of a company’s network. The analyst is trying to determine if any unauthorized access or malicious activities have occurred. The analyst notices several outbound connections to an IP address that is known to be associated with a known malicious website. Which of the following is the BEST course of action for the analyst to take?
CorrectIncorrect -
Question 20 of 50
20. Question
A security analyst is reviewing the firewall logs and notices several failed login attempts from a single IP address within a short period of time. The analyst suspects a potential brute-force attack. Which of the following is the BEST course of action for the analyst to take?
CorrectIncorrect -
Question 21 of 50
21. Question
A security analyst is reviewing the logs of a web application firewall (WAF) and notices several entries that indicate a potential DDoS attack. The entries show multiple requests from different IP addresses that are targeting a specific page of the application. What type of DDoS attack is being carried out in this scenario?
CorrectIncorrect -
Question 22 of 50
22. Question
You are a security analyst at a financial institution and you notice unusual traffic patterns in the network logs. Upon further investigation, you find that the logs show several attempts to connect to a known malicious IP address. Which of the following log sources would be MOST helpful in determining the origin of the connection attempts?
CorrectIncorrect -
Question 23 of 50
23. Question
A company recently deployed an IDS/IPS system to monitor their network traffic. The security analyst is reviewing the logs and noticed that there have been several alerts related to port scanning. The analyst wants to investigate further to identify the source of the scans. Which of the following is the MOST appropriate action for the analyst to take?
CorrectIncorrect -
Question 24 of 50
24. Question
A security analyst has been tasked with assessing the impact of a recent security incident that affected the company’s HR database. During the investigation, it was discovered that the attacker gained access to the database through a phishing email. The analyst needs to determine the extent of the impact on the organization and its employees. Which of the following is the BEST approach for the analyst to take?
CorrectIncorrect -
Question 25 of 50
25. Question
A security team is investigating a ransomware attack that has affected multiple endpoints within the organization. The team needs to determine whether the attack is a localized incident or if it poses a threat to the entire organization. Which of the following would be the BEST approach for the team to take?
CorrectIncorrect -
Question 26 of 50
26. Question
A company experiences a major cyber attack that has brought down its primary web application. The company’s incident response team is conducting an impact analysis to determine the severity of the attack. They have identified that the application must be restored within the next hour to prevent significant financial loss. What type of impact analysis is the team conducting?
CorrectIncorrect -
Question 27 of 50
27. Question
A company has been hit by a ransomware attack that has affected its critical business operations. The incident response team is conducting an impact analysis to determine the extent of the damage and the impact on the organization’s operations. What type of impact analysis is the team conducting?
CorrectIncorrect -
Question 28 of 50
28. Question
A security analyst is reviewing logs in a SIEM solution and notices a large number of failed login attempts on a critical server. The analyst decides to create a new rule in the SIEM solution to detect any future failed login attempts on this server. Which of the following is the BEST approach for creating this rule?
CorrectIncorrect -
Question 29 of 50
29. Question
A security analyst has been tasked with creating a new rule in the organization’s SIEM to detect potential unauthorized access attempts on a critical system. Which of the following statements correctly describes the process of rule writing in a SIEM system?
CorrectIncorrect -
Question 30 of 50
30. Question
During a routine SIEM review, an analyst notices that a particular IP address has been flagged multiple times for suspicious activity. The IP address is not a part of the organization’s network but is frequently attempting to establish connections with various systems. Which of the following is the BEST action for the analyst to take?
CorrectIncorrect -
Question 31 of 50
31. Question
A security analyst is reviewing the SIEM dashboard and notices a significant increase in failed login attempts for a particular user account. Which of the following is the MOST likely cause of this activity?
CorrectIncorrect -
Question 32 of 50
32. Question
A security analyst is investigating a suspected data breach and needs to search through logs to identify any malicious activity. Which of the following queries is BEST suited for a string search to identify potential indicators of compromise?
CorrectIncorrect -
Question 33 of 50
33. Question
A security analyst is reviewing the IDS/IPS logs and noticed that there have been several alerts related to a specific host on the network. The alerts indicate that the host is attempting to communicate with a known malicious IP address. The analyst wants to identify the source of the traffic and take appropriate action. Which of the following is the MOST appropriate action for the analyst to take?
CorrectIncorrect -
Question 34 of 50
34. Question
You are an analyst in a security operations center (SOC) and you are tasked with investigating a potential security incident. You have been given a log file containing thousands of entries related to the event. Which of the following queries will be MOST effective in identifying the relevant entries?
CorrectIncorrect -
Question 35 of 50
35. Question
You are analyzing web server logs to identify potential brute force attacks on user accounts. You notice a pattern of multiple login attempts with different usernames originating from the same IP address within a short time period. Which of the following queries will help you identify these potential brute force attacks?
CorrectIncorrect -
Question 36 of 50
36. Question
A company suspects that an employee is stealing data and transferring it to an external device. The security team needs to identify any unauthorized file transfers on the company’s network. Which of the following queries will help them accomplish this task?
CorrectIncorrect -
Question 37 of 50
37. Question
A security analyst is investigating a possible data breach on a server. They suspect that a malicious script was used to exfiltrate sensitive data. Which of the following queries will help the analyst identify the script used?
CorrectIncorrect -
Question 38 of 50
38. Question
In a security monitoring scenario, an analyst wants to filter the output of a command and use it as input for another command. Which technique would be MOST appropriate to achieve this?
CorrectIncorrect -
Question 39 of 50
39. Question
A security analyst is investigating a potential security incident and wants to search for all instances of the keyword “password” in the log files. Which command can be used to search for the keyword in all log files within a directory?
CorrectIncorrect -
Question 40 of 50
40. Question
You work as a security analyst for a large corporation. One of your colleagues has received an email with a malicious attachment that appears to be a document. The email contains a link that takes the user to a fake login page. What is the BEST approach to analyze this email?
CorrectIncorrect -
Question 41 of 50
41. Question
You are a cybersecurity analyst for a financial institution. A user has reported receiving an email that contained a suspicious attachment. After reviewing the email header, you determine that the email originated from an external source and contains a known malicious payload. What tool can be used to analyze the malicious payload?
CorrectIncorrect -
Question 42 of 50
42. Question
A company has implemented Domain Keys Identified Mail (DKIM) to prevent email spoofing. However, some employees are still receiving suspicious emails claiming to be from internal email addresses. Which of the following should be checked to determine if the emails are legitimate?
CorrectIncorrect -
Question 43 of 50
43. Question
An organization is experiencing a large volume of phishing emails sent to its employees. The organization has implemented Domain Keys Identified Mail (DKIM) to prevent email spoofing, but some emails are still getting through. Which of the following could be causing this issue?
CorrectIncorrect -
Question 44 of 50
44. Question
A company’s email administrator has received reports of spoofed emails being sent from the company’s domain. The administrator wants to implement DMARC to prevent these emails from being delivered. Which of the following actions should the administrator take?
CorrectIncorrect -
Question 45 of 50
45. Question
A security analyst is reviewing email logs and notices that multiple email messages from a specific domain are being marked as spam by the company’s email filter. The analyst suspects that the domain’s DMARC record is not properly configured. Which of the following tools should the analyst use to verify the DMARC record?
CorrectIncorrect -
Question 46 of 50
46. Question
In analyzing e-mail traffic logs, a security analyst notices a large number of inbound e-mails with spoofed sender addresses. Which of the following techniques can the analyst use to verify the authenticity of the sender’s domain?
CorrectIncorrect -
Question 47 of 50
47. Question
A company’s security analyst is reviewing e-mail logs and notices that a large number of e-mails are being marked as spam. The analyst determines that many of these e-mails are originating from a known spammer’s domain. Which of the following techniques could the analyst use to block these e-mails from being received by the company’s e-mail servers?
CorrectIncorrect -
Question 48 of 50
48. Question
In a phishing email analysis, which of the following is the best indicator of a potential phishing attack?
CorrectIncorrect -
Question 49 of 50
49. Question
A user reports receiving a suspicious email claiming to be from their bank. The email contains a link to a website that looks like the bank’s website, but the URL is different. Which of the following should be the FIRST step in analyzing this email?
CorrectIncorrect -
Question 50 of 50
50. Question
A security analyst notices suspicious activity originating from an employee’s email account. Upon further investigation, the analyst discovers that the employee’s email account has been forwarding all incoming and outgoing emails to an external email address without the employee’s knowledge. What type of email threat is this an example of?
CorrectIncorrect