ISC2 CC Security Operations • Complete Question Bank
Complete ISC2 CC Security Operations question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` [IDS Alert] Signature: ET TROJAN Win32/SpyEye Checkin Source IP: 10.10.10.5 -> Destination IP: 203.0.113.50 Time: 2023-03-15 14:32:45 Alert: Priority 1 ```
Refer to the exhibit. ``` [Windows Security Log] Event ID 4625: An account failed to log on. Account Name: jdoe Source Network Address: 192.168.1.100 Failure Reason: Unknown user name or bad password. Count: 15 occurrences in 5 minutes. ```
Refer to the exhibit. ``` [Firewall Config] access-list 100 permit tcp any host 10.0.1.10 eq 443 access-list 100 deny tcp any any eq 22 access-list 100 permit ip any any ```
Refer to the exhibit. ``` EdgeRouter# show firewall log Log for firewall-in Fri Aug 18 14:23:45 2023 : IN=eth0 OUT=eth1 MAC=00:1a:2b:3c:4d:5e:6f:7a:8b:9c:0d:1e:2f SRC=10.0.1.100 DST=203.0.113.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12345 DF PROTO=TCP SPT=34567 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Fri Aug 18 14:23:46 2023 : IN=eth0 OUT=eth1 MAC=00:1a:2b:3c:4d:5e:6f:7a:8b:9c:0d:1e:2f SRC=10.0.1.100 DST=203.0.113.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12346 DF PROTO=TCP SPT=34568 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Fri Aug 18 14:23:47 2023 : IN=eth0 OUT=eth1 MAC=00:1a:2b:3c:4d:5e:6f:7a:8b:9c:0d:1e:2f SRC=10.0.1.100 DST=203.0.113.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12347 DF PROTO=TCP SPT=34569 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ```
Refer to the exhibit. === syslog output === Jan 15 09:23:45 firewall01 %ASA-4-106023: Deny tcp src outside:192.0.2.10/3456 dst inside:10.0.0.5/22 by access-group "OUTSIDE_IN" [0x0, 0x0] Jan 15 09:23:46 firewall01 %ASA-4-106023: Deny tcp src outside:192.0.2.10/3457 dst inside:10.0.0.5/23 by access-group "OUTSIDE_IN" [0x0, 0x0] Jan 15 09:23:47 firewall01 %ASA-4-106023: Deny tcp src outside:192.0.2.10/3458 dst inside:10.0.0.5/80 by access-group "OUTSIDE_IN" [0x0, 0x0] Jan 15 09:23:48 firewall01 %ASA-4-106023: Deny tcp src outside:192.0.2.10/3459 dst inside:10.0.0.6/22 by access-group "OUTSIDE_IN" [0x0, 0x0] Jan 15 09:23:49 firewall01 %ASA-4-106023: Deny tcp src outside:192.0.2.10/3460 dst inside:10.0.0.6/23 by access-group "OUTSIDE_IN" [0x0, 0x0]
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Train and equip the team
Identify and scope the incident
Stop the spread and restore systems
Lessons learned and reporting
Drag a concept onto its matching description — or click a concept then click the description.
Data Link: frames and MAC addresses
Network: routing and IP addresses
Transport: end-to-end reliability
Application: user interface and protocols
Refer to the exhibit. --- # firewall config snippet policy id=10 name "Allow Web" from zone=Trust to zone=Untrusted source 192.168.1.0/24 destination any application ssl action permit log end ---
Refer to the exhibit. --- $ cat /var/log/syslog | grep "sshd" Apr 10 03:22:15 server1 sshd[12345]: Failed password for root from 10.0.0.99 port 22 ssh2 Apr 10 03:22:17 server1 sshd[12346]: Failed password for root from 10.0.0.99 port 22 ssh2 Apr 10 03:22:19 server1 sshd[12347]: Failed password for admin from 10.0.0.99 port 22 ssh2 Apr 10 03:22:21 server1 sshd[12348]: Failed password for admin from 10.0.0.99 port 22 ssh2 ---
Refer to the exhibit.
---
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::company-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
}
}
}
]
}
---Feb 12 10:23:45 server1 sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Feb 12 10:23:47 server1 sshd[1234]: Failed password for admin from 192.168.1.100 port 22 ssh2 Feb 12 10:23:49 server1 sshd[1234]: Failed password for test from 192.168.1.100 port 22 ssh2 Feb 12 10:23:51 server1 sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
access-list 100 permit tcp any host 10.0.0.1 eq 80 access-list 100 permit tcp any host 10.0.0.1 eq 443 access-list 100 deny ip any any
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::critical-data/*",
"Principal": {"AWS": "arn:aws:iam::123456789012:role/SecurityAuditor"}
}
]
}Mar 15 10:30:22 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:30:27 server sshd[1235]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:30:32 server sshd[1236]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 15 10:30:37 server sshd[1237]: Failed password for root from 192.168.1.100 port 22 ssh2
rule deny any 10.0.0.0/8 log rule permit any 10.0.0.0/8 any rule deny any any log
{
"s3:version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Apr 10 09:15:22 192.168.1.1 %ASA-4-106023: Deny tcp src outside:203.0.113.1/80 dst inside:10.0.0.5/33456 by access-group "INSIDE_IN" [0x0, 0x0]
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Possible SQL Injection"; content:"SELECT"; nocase; content:"FROM"; distance:0; within:10; classtype:web-application-attack; sid:1000001; rev:1;)
Event ID 4625: An account failed to log on. Subject: Security ID: NULL_SID, Account Name: - , Account Domain: -; Logon Type: 3; Account For Which Logon Failed: Security ID: NULL SID, Account Name: administrator; Failure Reason: Unknown user name or bad password; Workstation Name: PC123; Source Network Address: 10.0.0.99;
Mar 24 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 24 10:23:47 server sshd[1235]: Failed password for root from 192.168.1.100 port 22 ssh2 Mar 24 10:23:50 server sshd[1236]: Failed password for root from 192.168.1.100 port 22 ssh2