Question 286
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.
Which of the following tools should be implemented to detect similar attacks?
Which of the following tools should be implemented to detect similar attacks?
Question 287
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (СIO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?
Question 288
An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers. Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?
Question 289
In a situation where data is to be recovered from an attacker's location, which of the following are the FIRST things to capture? (Select TWO).
Question 290
An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).