Q37. Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

Q38. Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?

Q39. Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?

Q40. What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

Q41. What is the correct sequence of SOC Workflow?

Q42. Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

Q43. What is the correct sequence of SOC Workflow?

Q44. An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.

Q45. Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.

Q46. An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?

Q47. According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

Q48. An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company’s URL as follows:
http://technosoft.com.com/<script>alert(“WARNING: The application has encountered an error”);</script>.
Identify the attack demonstrated in the above scenario.

Q49. An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company’s URL as follows:
http://technosoft.com.com/<script>alert(“WARNING: The application has encountered an error”);</script>.
Identify the attack demonstrated in the above scenario.

Q50. According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

Q51. Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

Q52. Which of the following attack can be eradicated by disabling of “allow_url_fopen and allow_url_include” in the php.ini file?