Question 1easymultiple choice
Read the full Security Operations explanation →CAS-004 Security Operations • Complete Question Bank
Complete CAS-004 Security Operations question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` Event: 4625 (An account failed to log on) Account Name: Administrator Source Network Address: 10.10.10.50 Logon Type: 3 (Network) Status: 0xC000006D (bad username or password) Event: 4624 (An account was successfully logged on) Account Name: jsmith Source Network Address: 10.10.10.50 Logon Type: 2 (Interactive) Event: 4672 (Special privileges assigned to new logon) Account Name: jsmith Privileges: SeTcbPrivilege, SeDebugPrivilege Event: 5140 (A network share object was accessed) Account Name: jsmith$ Accesses: WriteData (or AddFile) Share Name: \\*\C$ ```
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket123/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
}
}
},
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket123/*",
"Principal": "*"
}
]
}
```Refer to the exhibit. Exhibit: ``` Jul 15 10:23:45 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=admin Jul 15 10:23:47 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root Jul 15 10:23:49 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root Jul 15 10:23:51 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root Jul 15 10:23:53 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root Jul 15 10:23:55 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root Jul 15 10:23:57 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root Jul 15 10:24:00 server1 authpriv: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser=root rhost= user=root ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Highest privilege assets like domain controllers
Server and application administration
User workstations and devices
Separates admin accounts by sensitivity
Never trust, always verify
Refer to the exhibit. # grep "Failed password" /var/log/auth.log | tail -5 Feb 27 10:23:01 server1 sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2 Feb 27 10:23:05 server1 sshd[1235]: Failed password for root from 192.168.1.10 port 22 ssh2 Feb 27 10:23:10 server1 sshd[1236]: Failed password for admin from 10.10.10.5 port 22 ssh2 Feb 27 10:23:15 server1 sshd[1237]: Failed password for root from 192.168.1.10 port 22 ssh2 Feb 27 10:23:20 server1 sshd[1238]: Failed password for user from 172.16.0.20 port 22 ssh2
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/16",
"192.168.1.0/24"
]
}
}
}
]
}Refer to the exhibit. 192.168.1.10 - - [27/Feb/2025:10:30:15 +0000] "GET /../../../etc/passwd HTTP/1.1" 200 2345
Refer to the exhibit. ``` [timestamp] firewall: Deny TCP 10.0.1.100:54321 -> 203.0.113.5:80 (Drop) [timestamp] firewall: Allow TCP 10.0.1.100:54322 -> 203.0.113.5:443 (Allow) [timestamp] IDS: Alert - SQL Injection attempt detected from 10.0.1.100 to 203.0.113.5:443 [timestamp] web_server: HTTP POST /login.php with sql_injection_pattern ```
Refer to the exhibit.
```
[Security Policy JSON]
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-name/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-name/*"
}
]
}
```Refer to the exhibit. ``` # auth.log excerpt Mar 15 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:23:46 server sshd[1235]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:23:47 server sshd[1236]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:23:48 server sshd[1237]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:23:49 server sshd[1238]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:23:50 server sshd[1239]: Failed password for invalid user admin from 192.168.1.100 port 22 ssh2 Mar 15 10:23:51 server sshd[1240]: Failed password for admin from 192.168.1.100 port 22 ssh2 Mar 15 10:23:52 server sshd[1241]: Failed password for admin from 192.168.1.100 port 22 ssh2 ```