black_manul
-
Pytanie z
A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?
-
A. hping
-
B. Wireshark
-
C. PowerShell
-
D. netstat
Correct Wrong
-
-
Pytanie z
An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?
-
A. hping3 -S compcia.org -p 80
-
B. nc -1 -v comptia.crg -p 80
-
C. nmap comptia.org -p 80 -sv
-
D. nslookup -port«80 comptia.org
Correct Wrong
-
-
Pytanie z
An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?
-
A. Nmap
-
B. CURL
-
C. Neat
-
D. Wireshark
Correct Wrong
-
-
Pytanie z
Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?
-
A. nmap
-
B. tracert
-
C. ping
-
D. ssh
Correct Wrong
-
-
Pytanie z
A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?
-
A. head -500 www. compt ia.com | grep /logfiles/messages
-
B. cat /logfiles/messages I tail -500 www.comptia.com
-
C. tail -500 /logfiles/messages I grep www.cornptia.com
-
D. grep -500 /logfiles/messages I cat www.comptia.cctn
Correct Wrong
-
-
Pytanie z
A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files’ activity against known threats. Which of the following should the security operations center implement?
-
A. theHarvester
-
B. Nessus
-
C. Cuckoo
-
D. Sn1per
Correct Wrong
-
-
Pytanie z
A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?
-
A. openssl
-
B. hping
-
C. netcat
-
D. tcpdump
Correct Wrong
-
-
Pytanie z
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?
-
A. Nmap
-
B. Wireshark
-
C. Autopsy
-
D. DNSEnum
Correct Wrong
-
-
Pytanie z
A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the BEST application for the analyst to use?
-
A. theHarvester
-
B. Cuckoo
-
C. Nmap
-
D. Nessus
Correct Wrong
-
-
Pytanie z
Which of the following examples would be best mitigated by input sanitization?
-
A. „<"script">alert”(„Warning!”) ;”<"/script">„
-
B. nmap -p- 10.11.1.130
-
C. Email message: „Click this link to get your free gift card.”
-
D. Browser message: „Your connection is not private
Correct Wrong
-
GIPHY App Key not set. Please check settings