During the course of an investigation, an incident responder discovers illegal material on a user’s hard drive. Which of the following is the incident responder’s MOST important next step?
During review of a company’s web server logs, the following items are discovered:
2015-03-01 03:32:11 www.example.com/index.asp?id=-999 or 1=convert(int,@@version)—
2015-03-01 03:35:33 www.example.com/index.asp?id=-999 or 1=convert(int,db_name())—
2015-03-01 03:38:25 www.example.com/index.asp?id=-999 or 1=convert(int,user_name())—
Which of the following is depicted in the log example above?
Customers are reporting issues connecting to a company’s Internet server. Which of the following device logs should a technician review in order to help identify the issue?
Which of the following mitigations will remain intact, regardless of the underlying network protocol?
Which of the following tools can be used to identify open ports and services?
Which of the following describes the MOST important reason for capturing post-attack metadata?
Malicious code that can replicate itself using various techniques is referred to as a:
Which of the following could an attacker use to perpetrate a social engineering attack? (Choose two.)
An alert on user account activity outside of normal business hours returns Windows even IDs 540 and 4624. In which of the following locations will these events be found?
A security analyst discovers a zero-day vulnerability affecting Windows, which has not been publicly identified. The security analyst assumes this vulnerability is present on millions of computer system and feels an obligation to share this information with other security professionals. Which of the following would be the MOST adverse consequences of the analyst sharing this information?
TESTED 13 Sep 2025