A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
A. # tcpdump -i eth0 host 88.143.12.123
B. # tcpdump -i eth0 dst 88.143.12.123
C. # tcpdump -i eth0 host 192.168.10.121
D. # tcpdump -i eth0 src 88.143.12.123
Which of the following is a cybersecurity solution for insider threats to strengthen information protection?
A. Web proxy
B. Data loss prevention (DLP)
C. Anti-malware
D. Intrusion detection system (IDS)
After a security breach, a security consultant is hired to perform a vulnerability assessment for a company's web application. Which of the following tools would the consultant use?
A. Nikto
B. Kismet
C. tcpdump
D. Hydra
An administrator believes that a system on VLAN 12 is Address Resolution Protocol (ARP) poisoning clients on the network. The administrator attaches a system to VLAN 12 and uses Wireshark to capture traffic. After reviewing the capture file, the administrator finds no evidence of ARP poisoning. Which of the following actions should the administrator take next?
A. Clear the ARP cache on their system.
B. Enable port mirroring on the switch.
C. Filter Wireshark to only show ARP traffic.
D. Configure the network adapter to promiscuous mode.
In which of the following attack phases would an attacker use Shodan?
A. Scanning
B. Reconnaissance
C. Gaining access
D. Persistence
A security professional discovers a new ransomware strain that disables antivirus on the endpoint during an infection. Which location would be the BEST place for the security professional to find technical information about this malware?
A. Threat intelligence feeds
B. Computer emergency response team (CERT) press releases
C. Vulnerability databases
D. Social network sites
Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?
A. Active scanning
B. Passive scanning
C. Network enumeration
D. Application enumeration
A common formula used to calculate risk is: _____________ + Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
A. Exploits
B. Security
C. Asset
D. Probability
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
A. Web crawling
B. Distributed denial of service (DDoS) attack
C. Password guessing
D. Phishing
E. Brute force attack
When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
A. Browser logs
B. HTTP logs
C. System logs
D. Proxy logs