Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown: http://www.terabytes.com/process.php./../../../../etc/passwd
A. Directory Traversal Attack
B. SQL Injection Attack
C. Denial-of-Service Attack
D. Form Tampering Attack
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
A. $ tailf /var/log/sys/kern.log
B. $ tailf /var/log/kern.log
C. # tailf /var/log/messages
D. # tailf /var/log/sys/messages
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
A. Rule-based detection
B. Heuristic-based detection
C. Anomaly-based detection
D. Signature-based detection
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs. What does these TTPs refer to?
A. Tactics, Techniques, and Procedures
B. Tactics, Threats, and Procedures
C. Targets, Threats, and Process
D. Tactics, Targets, and Process
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?
A. Windows Event Log
B. Web Server Logs
C. Router Logs
D. Switch Logs
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to answer the question before proceeding to the next one.
A. High
B. Extreme
C. Low
D. Medium
John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?
A. index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..
B. index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
C. index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
D. index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...
What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]
A. Speed up the process by not performing IP addresses DNS resolution in the Log files
B. Display both the date and the time for each log record
C. Display account log records only
D. Display detailed log chains (all the log segments a log record consists of)
Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?
A. File Injection Attacks
B. URL Injection Attacks
C. LDAP Injection Attacks
D. Command Injection Attacks
Which of the following contains the performance measures, and proper project and time management details?
A. Incident Response Policy
B. Incident Response Tactics
C. Incident Response Process
D. Incident Response Procedures