A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator’s removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?
While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?
Which are successful Disaster Recovery Plan best practices options to be considered? (Choose three.)
When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
In a Linux operating system, what kind of information does a /var/log/daemon.log file contain?
A security administrator is investigating a compromised host. Which of the following commands could the investigator use to display executing processes in real time?
Which of the following security best practices should a web developer reference when developing a new web- based application?
Tcpdump is a tool that can be used to detect which of the following indicators of compromise?
During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to
determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?
Malicious code designed to execute in concurrence with a particular event is BEST defined as which of the following?
