200-201 Exam Question 111

During a quarterly vulnerability scan, a security analyst discovered unused uncommon ports open and in a listening state. Further investigation showed that the unknown application was communicating with an external IP address on an encrypted channel. A deeper analysis revealed a command and control communication on an infected server. At which step of the Cyber Kill Chain was the attack detected?
  • 200-201 Exam Question 112

    An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?
  • 200-201 Exam Question 113

    An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
    Which kind of evidence is this IP address?
  • 200-201 Exam Question 114

    Drag and drop the event term from the left onto the description on the right.

    200-201 Exam Question 115

    Refer to the exhibit.

    Which alert is identified from this packet capture?