Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security+ > Chap 4 - Ops and Incident Response > Flashcards

Chap 4 - Ops and Incident Response Flashcards

(110 cards)

Start Studying
1
Q

Chap 4-1: Mila wants to generate a unique digital fingerprint for a file, and needs to choose between a checksum and a hash. Which options should she choose and why should she choose it?

A hash, because it will be unique to the file
A checksum because it verifies the contents of the file
A hash, because it can be reversed to validate the file
A checksum, because it is less prone to collisions than a hash

A

A hash, because it will be unique to the file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Checksum

A

Similar to a hash except it will always produce the same output for the same file. Multiple files could have the same checksum value, but will always have a different hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Chap 4-2: Which of the following would prevent a user from installing a program on a company owned mobile device?

An allow list
A deny list
ACL
HIDS

A

An allow list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Allow list

A

List of approved software. Software can only be installed if its on the list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Deny List

A

List of blocked software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ACL

A

Access Control List: determines who can access a resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

tcpdump

A

command line packet analyzer

flags:
-i to set the interface
port to set the port to be monitored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Chap 4-9: Nick is reviewing commands run on a Windows 10 system and discovers that the route command was run with the -p flag. What occurred?

Routes were discovered using a ping command
The route’s path will be displayed
A route was added that will persist between boots
A route was added that will use the path listed in the command

A

A route was added that will persist between boots

-p flag adds persistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Incident Response Process

A

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Chap 4-10 Lucca wants to acquire open source intelligence information using an automated tool that can leverage search engines and tools like Shodan. Which of the following tools should he select?

curl
hping
netcat
theHarvester

A

theHarvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

theHarvester

A

a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

hping

A

used to build custom packets and perform packet analyzer functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

netcat

A

tool to read and write to network connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Chap 4-11: Brent wants to use a tool to help him analyze malware and attacks and wants to cover a broad range of tactics and tools that are used by adversaries. Which of the following is broadly implemented in technical tools and covers techniques and tactics without requiring a specific order of operations

The Diamond Model of Intrustion Analysis
The Cyber Kill Chain
The MITRE ATT&CK framework
The CVSS Standard

A

The MITRE ATT&CK framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The MITRE ATT&CK framework

A

The MITRE ATT&CK framework is a knowledge base of tactics and techniques designed for threat hunters, defenders and red teams to help classify attacks, identify attack attribution and objectives, and assess an organization’s risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Cyber Kill Chain

A

The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs)

Reconnasissance (abnormal DNS reverse lookup requests)
Intrusion (Brute force attack)
Exploitation (Activity from blacklisted geolocation)
Privilege Escalation (failed privilege escalation detected)
Lateral Movement (A dormant service account was reactiviated)
Obfuscation [Anti-Forensics] (unusual number of messages marked as unread)
Denial of Service (Unusual number of GDPR files deleted)
Exfliratation (Unusual amount of data uploaded to external websites)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The CVSS Standard

A

Common Vulnerability Scoring System is a free and open industry standard for assessing the severity of computer system security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The Diamond Model of Intrusion Analysis

A

A valuable tool for any security analysts focused on threat intelligence. This model allows those tasked with generating cyber threat intelligence to quickly analyze large amounts of incoming data and establish clear linkages between various pieces of threat information.

The relationships and features of four diamond components — adversary, capacity, infrastructure, and victim — are highlighted by this methodology. These four main elements are linked together to define their relationship, which may be analyzed to gain further insights and knowledge about malicious behaviors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Chap 4-14: Jessica wants to review the network traffic that her Windows system has sent to determine if a file containing sensitive data was uploaded from her system. What Windows log file can she use to find this information?

The application log
The network log
The security log
None of the above

A

None of the above

Windows does not log this information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

nmap

A

port scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

grep

A

Linux search tool

structure:

grep (flags like -c for counter) item to be searched location

grep -c ‘event101’ logfile.txt will show how many times event101 appears in the file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Chap 4-19: While Susan is conduction a forensic review of logs from two servers hosted in the same datacenter she notices that log items on the first server occured exactly an hour before matching events on the second server. What is the most likely cause of such occurences?

The attack took an hour to complete, providing the attacker with access to the second machine an hour later
The log entries are incorrect, causing the events to appear at the wrong time
The attacker used a script causing the events to happen exactly an hour apart
A time offset is causing the events to appear to occur at different times

A

A time offset is causing the events to appear to occur at different times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Chap 4-19: While Susan is conduction a forensic review of logs from two servers hosted in the same datacenter she notices that log items on the first server occured exactly an hour before matching events on the second server. What is the most likely cause of such occurences?

The attack took an hour to complete, providing the attacker with access to the second machine an hour later
The log entries are incorrect, causing the events to appear at the wrong time
The attacker used a script causing the events to happen exactly an hour apart
A time offset is causing the events to appear to occur at different times

A

A time offset is causing the events to appear to occur at different times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Chap 4-19: While Susan is conduction a forensic review of logs from two servers hosted in the same datacenter she notices that log items on the first server occured exactly an hour before matching events on the second server. What is the most likely cause of such occurences?

The attack took an hour to complete, providing the attacker with access to the second machine an hour later
The log entries are incorrect, causing the events to appear at the wrong time
The attacker used a script causing the events to happen exactly an hour apart
A time offset is causing the events to appear to occur at different times

A

A time offset is causing the events to appear to occur at different times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Chap 4-22: Theresa wants to view the last 10 lines of a log file and to see it change as modifications are made. What command should she run on the Linux system she is logged into? head -f -end 10 logfile.log tail -f logfile.log foot -watch -l 10 logfile.log follow -tail 10 logfile.log
tail -f logfile.log by default tail shows the last 10 lines
25
Chap 4-23: Henry wants to acquire the firmware from a running system. What is the most likely technique that he will need to use to acquire the firmware? Connect using a serial cable Acquire the firmware from memory using memory forensic tools Acquire the firmware from disk using disk forensic tools None of the Above
Acquire the firmware from memory using memory forensic tools
26
Chap 4-24: Eric wants to determine how much bandwidth was used during a compromise and where traffic was directed to. What technology can he implement before the event to help him see this detail and allow him to have an effective bandwidth monitoring system? A firewall NetFlow packetFlow DLP
NetFlow
27
NetFlow
Network Flows, aka sFlows, show details of how much traffic was used, when and where it was directed to
28
Chap 4-26: Ryan has been asked to run Nessus on his network. What type of tool has he been asked to run? A fuzzer A vulnerability scanner A WAF A protocol analyzer
A vulnerability scanner
29
Nessus
Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.
30
Where do CentOS and RedHat store authentication log info?
/var/log/secure
31
Where do Ubuntu and Debian store authentication log info?
/var/log/auth.log
32
Chap 4-31: A web page's title is considered what type of information about the page? Summary Metadata Header data Hidden data
Metadata
33
Chap 4-32: Nelson has discovered malware on one of the systems he is reponsible for and wants to test it in a safe environment. Which of the following tools is best suited for this testing? strings scanless Cuckoo Sn1per
Cuckoo
34
Sn1per
Pen testing framework
35
scanless
port scraper, retrieves port information without running a port scan by using websites and services to run the scan for you
36
Cuckoo
aka Cuckoo sandbox, a malware analysis sandbox that will safely run malware and then analyze and report on its behavior
37
Chap 4-33: Lucca wants to view metadata for a file so that he can determine the author of the file. What tool should he use from the following list? Autopsy strings exiftool grep
exiftool
38
exiftool
purpose built file metadata retrieval tool
39
Chap 4-34: Isaac wants to acquire an image of a system that includes the operating system. What tool can he use on a Windows system that can also capture live memory? dd FTK Imager Autopsy WinDump
FTK Imager
40
WinDump
Windows version of a protocol anaylzer. Similar to tcpdump
41
dd
command line tool for imaging disks
42
FTK Imager
tool that can image both systems and memory
43
Chap 4-35: Jason is conducting a forensic investigation and has retrieved artifacts in addition to drives and files. What should he do to document the artifacts he has acquired? Image them using dd and ensure that a valid MD5sum is generated Take a picture of them, label them, and add them to the chain of custody documentation Contact law enforcement to properly handle the artifacts Engage legal counsel to advise him how to handle artifacts in an investigation
Take a picture of them, label them, and add them to the chain of custody documentation
44
SIP Traffic
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).
45
Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
46
Chap 4-38: Andrea wants to identify services on a remote machine and wants the services to be labeled with service names and other common details. Which of the following tools will not provide that information netcat Sn1per Nessus nmap
netcat
47
Chap 4-42: Jason wants to acquire network forensic data. What tool should he use to gather this information? TTL packets sent packets received Transit time
TTL
48
TTL
Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.
49
Chap 4-45 Selah executes the following command on a system. What has she accomplished? dd if=/dev/zero of=/dev/sda bs=4096 Copying the disk /dev/zero to the disk /dev/sda Formatting /dev/sda Writing zeroes to all of /dev/sda Cloning /dev/sda1
Writing zeroes to all of /dev/sda /dev/zero is an empty, so using this will overwrite the destination disk with zeros
50
Chap 4-46: Jim is preparing a presentation about his organization's incident response process and wants to explain why communications with involved groups and individuals across the organization are important. Which of the following is the primary reason that organizations communicate with and involve staff from affected areas throughout the organization in incident response efforts? Legal compliance Retention policies Stakeholder management A COOP
Stakeholder management
51
COOP
Continuity of Operations Planning: a federal effort to ensure disaster recover and business continuity plans are in place for federal agencies
52
Chap 4-47: Ellie is conducting an exercise for her organization and wants to run an exercise that is as close to an actual event as possible. What type of event should she run to help her organization get this type of real-world practice? A simulation A tabletop exercise A walk-through A wargame
A simulation
53
Simulation (Incident Reponse)
Simulating a real world scenario as an exercise, as close as you can get to real world with having an actual event
54
Walk-Through (Incident Reponse)
Exercise where personnel go through checklists and procedures
55
Tabletop Exercise (Incident Reponse)
Exercise consisting of personnel discussing scenarios
56
CAM Tables
Content Addressable Memory tables: live on a network switch and contain a list of all the devices which the switch has talked ot
57
Chap 4-53: Frank knows that forensic information he is interested in is stored on a system's hard drive. If he wants to follow the order of volatility, which of the following items should be forensically captured after the hard drive? Caches and Registers Backups Virtual Memory RAM
Backups
58
Order of Volatility
Order for acquiring forensic data, in order from most volatile to least CPU Cache and Registers Routing table, ARP table, process table, kernel statistics System memory - RAM Temporary files and swap space Data on hard disk Remote logs Backups
59
provenance
The chronology of the origin, development, ownership, location, and changes to a system or system component and associated dat
60
Chap 4-55: Charles wants to ensure that the forensic work that he is doing cannot be repudiated. How can he validate his attestations and documentation to ensure non-repudiation? Encrypt all forensic output Digitally sign the records Create an MD5 checksum of all images All of the Above
Digitally sign the records
61
Chap 4-56: Diana wants to capture the contents of physical memory using a command-line tool on a Linux system. Which of them following tools can accomplish this? ramdump system -dump memcpy memdump
memdump
62
memdump
Command line utility that can dump physical memory
63
Chap 4-58: Megan needs to conduct a forensic investigation of a virtual machine (VM) hosted in a VMWare environment as part of an incident response effort. What is the best way for her to collect the VM? As a snapshot using the VMware built-in tools By using dd to an external drive By using dd to an internal drive By using a forensic imaging device after removing the server's drives
As a snapshot using the VMware built-in tools
64
Chap 4-59: What forensic concept is key to establishing provenance for a forensic artifact? Right to audit Preservation Chain of Custody Timelines
Chain of Custody
65
Chap 4-60: What role do digital forensics most often play in counterintelligence efforts? They are used to determine what information was stolen by spies They are used to analyze tools and techniques used by intelligence agencies They are required for training purposes for intelligence agents They do not play a role in counterintelligence
They are used to analyze tools and techniques used by intelligence agencies
66
Chap 4-61: Which of the following groups is not typically part of an incident response team? Law enforcement Security analysis Management Communications staff
Law enforcement
67
Chap 4-62: Bob needs to block Secure Shell (SSH) traffic between two security zones. Which of the following Linux iptables firewall rules will block the port that traffic from 10.10.10.0/24 network to the system the rule is running on? iptables -A INPUT -p tcp --dport 22 -i eth0 -s 10.10.10.0/24 -j DROP iptables -D OUTPUT -p udp --dpot 21 -i eth0 -s 10.10.10.255 -j DROP iptables -A OUTPUT -p udp --dport 22 -i eth0 -s 10.10.10.255 -j BLOCK iptables -D INPUT -p udp --dport 21 -I eth0 s 10.10.10.255 -j BLOCK
iptables -A INPUT -p tcp --dport 22 -i eth0 -s 10.10.10.0/24 -j DROP
68
Chap 4-63: Maria wants to add entries into the Linux system log so that they will be sent to her SIEM device when specific scripted events occur. What Linux tool can she use to do this? cat slogd logger tail
logger
69
WinHex
WinHex is a commercial disk editor and universal hexadecimal editor used for data recovery and digital forensics.
70
Autopsy
Digital Forensics toolkit
71
Playbook (Incident Response)
Lists the required steps needed to address an incident. May reference runbooks
72
Runbook (Incident Reponse)
focuses on the steps to perform an action or process as part of an incident response process. May be referenced by a playbook
73
Chap 4-69: Alaina wants to use a password cracker against hashed passwords. Which of the following items is most important for her to know before she does this? The length of the passwords The last date the passwords were changed The hashing method used for the passwords The encryption method used for the passwords
The hashing method used for the passwords Passwords are typically stored using a hash, and best practices would have them stored using a password security-specific hash. Alaina can speed up her efforts if she knows what hashing algorithm and options were used on the passwords
74
Chap 4-70: Vincent wants to ensure that his staff does not install a popular game on the workstations that they are issued. What type of control could he deploy as part of his endpoint security solution that would most effectively stop this? An application approved list A DLP A content filter An application block list
An application block list
75
PRTG
PRTG is an agentless network monitoring software from Paessler AG. Several software versions are combined under the umbrella term Paessler PRTG
76
Cacti
Cacti is an open-source, web-based network monitoring, performance, fault and configuration management framework designed as a front-end application for the open-source, industry-standard data logging tool RRDtool. Cacti allows a user to poll services at predetermined intervals and graph the resulting data
77
Chap 4-75: Which of the following is not a key consideration when considering on-premises versus cloud forensic investigations? Data breach notification laws Right-to-audit clauses Regulatory requirement Provenance
Provenance The Security+ exam focuses on: right to audit clauses regulatory and jurisdictional issues data breach notification laws as key elements to consider when planning an onsite versus cloud forensic differences.
78
dig
a network administration command-line tool for querying the Domain Name System. dig is useful for network troubleshooting and for educational purposes. It can operate based on command line option and flag arguments, or in batch mode by reading requests from an operating system file.
79
Chap 4-81: Charlene has been asked to write a business continuity plan (BCP or BC plan) for her organization. Which of the following will a business continuity plan handle? How to respond during a person made disaster How to keep an organization running during a system outage How to respond during a natural disaster All of the above
How to keep an organization running during a system outage Disasters are covered in Disaster Recovery plans, not BCPs
80
Chap 4-83: Cameron wants to test for commonly used passwords in his organization. Which of the following commands would be most useful if he knows that his organizations' name, mascot and similar terms are often used as passwords? john --wordlist "mywords.txt" --passwordfile.txt ssh -test -"mascotname, orgname" john -show passwordfile.txt crack -passwords -wordlist "mascotname, orgname"
john --wordlist "mywords.txt" --passwordfile.txt
81
john
John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is among the most frequently used password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others
82
Metasploit
Exploitation framework The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system.
83
Chap 4-88: Cynthia has been asked to build a playbook for the SOAR system that her organization uses. What will she build? A set of rules and actions that will be performed when an event occurs using data collected or provided to the SOAR system An automated incident response process that will be run to support the incident response team A trend analysis driven script that will provide instructions to the IR team A set of actions that the team will perform to use the SOAR to respond to an incident
An automated incident response process that will be run to support the incident response team
84
SOAR
SOAR stands for security orchestration, automation, and response. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events. A SOAR system can also be programmed to custom-fit an organization's needs.
85
Chap 4-91: Frank wants to identify where network latency is occurring between his computer and a remote server. Which of the following tools is best suited to identifying both the route used and which systems are responding in a timely manner? ping tracert pathping netcat
pathping
86
pathping
The PathPing command is a command-line network utility included in Windows NT operating systems since Windows 2000 that combines the functionality of ping with that of tracert. It is used to locate spots that have network latency and network loss
87
netcat
Netcat functions as a back-end tool that allows for port scanning and port listening. In addition, you can actually transfer files directly through Netcat or use it as a backdoor into other networked systems
88
dnsenum
Dnsenum is a multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks. The main purpose of Dnsenum is to gather as much information as possible about a domain.
89
Chap 4-94: What phase follows lateral movement in the Cyber Kill Chain? Exfiltration Exploitation Anti-forensics Privilege Escalation
Anti-forensics
90
Chap 4-108: As part of his incident response, Ramon wants to determine what was said on a VoIP call. Which of the following data sources will provide him with audio from the call? Call manager logs SIP logs A Wireshark capture of traffic from the phone None of the above
A Wireshark capture of traffic from the phone
91
Chap 4-109: Isabelle wants to gather informaiton about what systems a host is connecting to, how much traffic is sent and similar details. Which of the following options would not allow her to perform that task? IPFIX NetFlow NXLog sFlow
NXLog
92
IPFIX
is used to summarize data packets from the network to track IP actions that take place. The summary of data packets is metered appropriately as an active (long-lived flow) or an inactive flow. IPFIX metering is configurable by exporters and messages are sent to a collector when metering thresholds are met.
93
NXLog
NXLog is a multi-platform log collection and centralization tool that offers log processing features, including log enrichment and log forwarding. In concept NXLog is similar to syslog-ng or Rsyslog but it is not limited to UNIX and syslog only.
94
PCAP file
These files contain packet data of a network and are used to analyze the network characteristics. They also contribute to controlling the network traffic and determining network status.
95
tcpreplay
replays a packet. Can be used with a PCAP file to replay it
96
Chap 4-114: Ed wants to ensure that a compromise on his network does not spread to parts of the network with different security levels. What mitigation technique should he use prior to the attack to help with this? Isolation Fragmentation Tiering Segmentation
Segmentation
97
Chap 4-115: Derek has acquired over 20 hard drives as part of a forensic analysis. What key process is important to ensure that each drive is tracked and managed properly over time? Tagging the drives Taking pictures of each drive Labeling each drive with its order of volatility Interviewing each person whose drive is imaged
Tagging the drives tagging each drive helps with inventory and ensures that the drive is tracked properly, and that the chain of custody can be maintainedyou
98
Chap 4-117: Elle wants to acquire the live memory (RAM) from a machine that is currently turned on. Which of the following tools is best suited to acquiring the contents of the system's memory Autopsy The Volatility Framework dd netcat
The Volatility Framework
99
The Volatility Framework
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License 2. Analysts use Volatility for the extraction of digital artifacts from volatile memory (RAM) samples.
100
Chap 4-119: Ryan wants to implement a flexible and reliable remote logging environment for his Linux systems. Which of the following tools is least suited to that requirement? rsyslog syslog NXLog syslog-ng
syslog oldest and least capable tool on this list
101
hping
hping is an open-source packet generator and analyzer for the TCP/IP protocol created by Salvatore Sanfilippo. It is one of the common tools used for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique, and now implemented in the Nmap Security Scanner.
102
netstat -a
displays a list of all active connections on a machine The network statistics ( netstat ) command is a networking tool used for troubleshooting and configuration, that can also serve as a monitoring tool for connections over the network. Both incoming and outgoing connections, routing tables, port listening, and usage statistics are common uses for this command Does not do a port scan
103
Chap 4-126: What location is commonly used for Linux swap space? \root\swap \etc\swap \proc\swap A separate parition
A separate partition
104
Chap 4-129: Tony works for a large company with multiple sites. He has identified an incident in progress at one site that is connected to the organizations' multisite intranet. Which of the following options is best suited to preserving the organization's function and protecting it from issues at that location? Isolation Containment Segmentation None of the Above
Segmentation
105
Chap 4-133: Which of the following is not information that can be gathered from a system by running the arp command? IP address of the local system The MAC addresses of recently resolved external hosts Whether the IP address is dynamic or static The MAC addresses of recently resolved local hosts
The MAC addresses of recently resolved external hosts
106
arp command
The arp command is used to display or modify the ARP cache on a computer. The ARP cache is a table that stores the mapping of IP addresses to their corresponding MAC addresses. The arp command can be used to display the ARP cache, add entries to the cache, and delete entries from the cache.
107
Chap 4-134: What log will journalctl provide Selah access to? The event log The auth log The systemd journal The authentication journal
The systemd journal this journal contains kernal and boot messages as well as syslog messages and messages from services
108
netstat -a
displays a list of all active connections on a machine The network statistics ( netstat ) command is a networking tool used for troubleshooting and configuration, that can also serve as a monitoring tool for connections over the network. Both incoming and outgoing connections, routing tables, port listening, and usage statistics are common uses for this command Does not do a port scan
109
Chap 4-141: Susan needs to run a port scan of a network. Which of the following tolls would not allow her to perform that type of scan? netstat netcat nmap Nessus
netstat

Security+ (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions