An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
A company website was hacked via the following SQL query:email, passwd, login_id, full_nameFROM members -WHERE email = “[email protected]”; DROP TABLE members; –”Which of the following did the hackers perform?
Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?
A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?
A security administrator notices a process running on their local workstation called SvrsScEsdKexzCv.exe. The unknown process is MOST likely:
While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
