SY0-601 Exam Question 291
During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the nsk that the adversary would notice any changes?
SY0-601 Exam Question 292
A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to implement a high availability pair to:
SY0-601 Exam Question 293
An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication?
SY0-601 Exam Question 294
Which of the following is an example of transference of risk?
SY0-601 Exam Question 295
Ransomware will most likely render the web server unusable and must be isolated for forensic investigation.
This will leave the only option to start a new web server from scratch and restore the last full backup, plus any differential or incremental backups which are sure to be clean from ransomware (if available).
DRAG DROP -A security engineer is setting up passwordless authentication for the first time.INSTRUCTIONS -Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Graphical user interface Description automatically generated
1. ssh-keygen -t rsa (creating the key-pair)
2. ssh-copy-id -i /.ssh/id_rsa.pub user@server (copy the public-key to user@server)
3. ssh -i ~/.ssh/id_rsa user@server (login to remote host with private-key) A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
This will leave the only option to start a new web server from scratch and restore the last full backup, plus any differential or incremental backups which are sure to be clean from ransomware (if available).
DRAG DROP -A security engineer is setting up passwordless authentication for the first time.INSTRUCTIONS -Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Graphical user interface Description automatically generated
1. ssh-keygen -t rsa (creating the key-pair)
2. ssh-copy-id -i /.ssh/id_rsa.pub user@server (copy the public-key to user@server)
3. ssh -i ~/.ssh/id_rsa user@server (login to remote host with private-key) A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?