Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security+ labs > lab 26 > Flashcards

lab 26 Flashcards

1
Q

How many security alerts for Rule ID 60112 are present for DC10?

13
17
23
42

A

17

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What UserName is associated with the Rule ID 60112 security alerts on DC10?

administrator
structureality
jaime
DC10

A

jaime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of connection is indicated in the security alert for Rule ID 92653 related to jaime?

Local Workstation
Network Connection
Interactive
Remote Desktop Connection (RDP)

A

Remote Desktop Connection (RDP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the status of the audit policies on DC10?

No Auditing
Success
Failure
Success and Failure

A

No Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Logon Type for this event record related to the jaime connection over RDP?

2
3
7
10

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the logon type for the currently selected event record related to Dylan and MS10?

2
3
7
10

A

2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the setting selected in the Connection Settings area of Firefox?

No proxy
Auto-detect proxy settings for this network
Use system proxy settings
Manual proxy configuration
Automatic proxy configuration URL

A

Manual proxy configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The dstport value for one of the logged events between 10.1.16.2 and 203.0.113.228 indicates what about the transaction?

It was an encrypted session.
It was an FTP session.
It was an email transaction.
It was a plaintext communication.

A

It was a plaintext communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The .ps1 file extension on this script indicates what?

This is a PowerShell script.
This is a Bash shell script.
This is a batch script.
This is a python script.

A

This is a PowerShell script.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In the attack scenario of this lab, your investigation determined that which user account had the privileges to disable auditing on DC10?

dylan
jaime
MS10
root

A

jaime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which event in the security violation took place first?

Jaime visiting the Juice Shop website
Dylan accessing DC10 over RDP
Changing the proxy settings of Firefox
Theft of Jaime’s credentials.

A

Changing the proxy settings of Firefox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a basic description of a logon of type 2?

Network
Unlock
RemoteInteractive
Interactive

A

Interactive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following security resolutions or mitigations would be sufficient to have prevented the audit policy changes on DC10?

Block the execution of unknown code
Disable RDP access to domain controllers
Enable additional logging on all systems
Use security cameras and personnel tracking technologies

A

Block the execution of unknown code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the goal of root cause analysis?

Identify the perpetrator.

Determine the initial parameters of a security violation.

Install patches to address vulnerabilities

Place blame on victims for falling for a social engineering attack

A

Determine the initial parameters of a security violation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ labs (37 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions