Does powershell script block logging is enough for detecting process injection attacks?

Is it possible to write a file inside the server with SQL injection if backend database is MySQL?

Which of the following commands can be used in lateral movement inside network?

Which command would you use to print information about a scheduled task named revShell?

Which Mitre Att&ck vectors included below command?

Start-BitsTransfer -Source $url -Destination $output

Which tool is included in default installations of Windows and can query or modify file DACLs?

Using which source it is possible to detect process injection Windows API requests?

From which log source it is possible to detect directory traversal attacks on apache?

For reviewing syslogs, which directory should be checked for most Linux distros?

Which of the following entries in “/etc/sudoers” would give users in the administrators group the ability to run the “/bin/cat” command as root without requiring a password?

The Time to Live (TTL) field/value found in the IP header are used to:

Suppose a SYN packet is spoofed using a real IP address and then sent to a server that responds with a SYN/ACK to the actual IP address. How does the real IP address respond?

Which of the following you can not obtain while doing memory analysis?

Which type of Windows log is most likely to contain information about a file being deleted?

What is EventID 4720 means in Windows Event Log?

What is EventID 4697 means in Windows Event Log?

What type of attack can be considered if “Ticket Encryption Type” parameter is equals to 0x17 (RC4-HMAC) inside Eventlog 4768: A Kerberos authentication ticket (TGT) log?

Which of the following Windows registry keys is most useful for malware that aims at maintaining persistent presence on the infected system?

Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation?

What is difference between IPS and IDS?

What kind of detection method works by examining data for specific patterns?

A company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s). What should be implemented?

After a security breach, it was discovered that the attacker had gained access to the network by using a brute-force attack against a service account with a password that was set to not expire, even though complex password. Which of the following could be used to prevent similar attacks from being successful in the future?

A security analyst saw two alert;

1st; a process spawned from “wmiprvse.exe”
2nd; a suspicious connection detected from “svchost.exe”

Which service may abused if you think this two alert?

Which Mitre ATT&CK™ tactic describes the process of an attacker gathering information to provide more information on the environment that they have gained access to?

An analyst notices that a user from building maintenance is part of the Domain Admin group. Which of the following does this indicate Mitre Att&ck vectors?

Which Mitre ATT&CK™ tactic describes an attacker’s efforts to avoid detection?

Which Mitre ATT&CK™ tactic describes an attacker maintaining a presence on the endpoint?

What is another name for a process injection attack?

Which of the following is not considered part of the lateral movement process?

What is “Over Pass the Hash” attack?

Which order of operation is necessary when executing a Kerberoasting attack?

What is DCSync attack?

When executing Mimikatz from the target’s hard drive, which of the following commands must you execute, which requires you to impersonate SYSTEM-level access, prior to dumping credentials from the target host?

To forge a golden ticket the attacker needs _____ ?

What is the purpose of query shown below?

source="/var/log/auth.log" COMMAND="*" USER="root"

What is the purpose of query shown below?

index="linux_access_log" ("|" OR "||" OR ";" OR "$" OR "&&") AND ("ls" OR "id" OR "whoami" OR "ping" OR "nc" OR "ncat" OR "php")

What type of attack can be considered if you see logs like in access.log?

"GET /?id=1' and if(substr((select version()),1,1) = '5' , sleep(3), 1) #&Submit=Submit HTTP/1.1" 200

What type of attack can be considered if IDS rule was hit?

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Attack"; flow:to_server,established;content:"alert(document.cookie)"; nocase; sid: 1000000;)

The process of replacing HTML control characters (e.g. , “, &, etc) into their encoded representatives (e.g. “& lt ;” “& gt ;” “& quot ;” “& amp ;” etc..) is known as?

Determine the back-end database from given error:

Query failed: ERROR: syntax error at or near "20131418" LINE 1: 20131418 ^ in /var/www/html/view_project.php on line 13

What type of attack is typically associated with the strcpy function?

What are the two most common phases of malware analysis?

Which of the following tools best supports the concept of breakpoints?

Using Entropy analysis which of the following can be said for malware?

Which of the following defensive measures do malware authors use to encode the original executable to protect it against static code analysis?

Which mechanism is malware least likely to use when defending itself against analysis?

In the context of malware analysis, what does the term "patching" refer to?

Which processor instruction is commonly used to fill up buffer space in exploit code and help slide the program execution flow to its final destination?

Which of the following assembly instructions is least likely to be used by malicious code to perform a jump?

Which x86 register is most commonly used for storing a function's return value in assembler?

Which of the following system calls is most likely to be used by a keylogger?