CS0-003 Exam Question 96

A security analyst noticed the following entry on a web server log:
Warning:
fopen (http://127.0.0.1:16) : failed to open stream:
Connection refused in /hj/var/www/showimage.php on line 7
Which of the following malicious activities was most likely attempted?
  • CS0-003 Exam Question 97

    Which of the following can be used to learn more about TTPs used by cybercriminals?
  • CS0-003 Exam Question 98

    An IT professional is reviewing the output from the top command in Linux. In this company, only IT and security staff are allowed to have elevated privileges. Both departments have confirmed they are not working on anything that requires elevated privileges. Based on the output below:
    PID
    USER
    VIRT
    RES
    SHR
    %CPU
    %MEM
    TIME+
    COMMAND
    34834
    person
    4980644
    224288
    111076
    5.3
    14.44
    1:41.44
    cinnamon
    34218
    person
    51052
    30920
    23828
    4.7
    0.2
    0:26.54
    Xorg
    2264
    root
    449628
    143500
    26372
    14.0
    3.1
    0:12.38
    bash
    35963
    xrdp
    711940
    42356
    10560
    2.0
    0.2
    0:06.81
    xrdp
    Which of the following PIDs is most likely to contribute to data exfiltration?
  • CS0-003 Exam Question 99

    An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
  • CS0-003 Exam Question 100

    The architecture team has been given a mandate to reduce the triage time of phishing incidents by 20%.
    Which of the following solutions will most likely help with this effort?