Question 1mediummultiple choice
Read the full Incident Response and Recovery explanation →SSCP Incident Response and Recovery • Complete Question Bank
Complete SSCP Incident Response and Recovery question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. Exhibit: Firewall log snippet ``` 2024-03-15 10:23:45 ALLOW TCP 192.168.1.100:34567 -> 10.0.0.50:3389 2024-03-15 10:23:46 ALLOW TCP 192.168.1.100:34568 -> 10.0.0.50:3389 2024-03-15 10:23:47 ALLOW TCP 192.168.1.100:34569 -> 10.0.0.50:3389 2024-03-15 10:23:48 ALLOW TCP 192.168.1.100:34570 -> 10.0.0.50:3389 2024-03-15 10:23:49 ALLOW TCP 192.168.1.100:34571 -> 10.0.0.50:3389 ```
Refer to the exhibit. Exhibit: Windows Event Log ``` Event ID 4625: An account failed to log on. Subject: Security ID: S-1-5-18, Account Name: SYSTEM Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID, Account Name: Administrator Failure Reason: Unknown user name or bad password. Status: 0xC000006D Workstation Name: WORKSTATION1 Source Network Address: 10.0.0.200 ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Train staff and establish policies
Identify potential incidents
Isolate affected systems
Restore normal operations
Refer to the exhibit. May 15 10:23:45 server1 sshd[12345]: Failed password for root from 192.168.1.100 port 22 ssh2 May 15 10:23:46 server1 sshd[12345]: Failed password for root from 192.168.1.100 port 22 ssh2 May 15 10:23:47 server1 sshd[12345]: Failed password for root from 192.168.1.100 port 22 ssh2 ... (multiple entries within seconds)
Refer to the exhibit. Event ID: 4688 Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine: powershell -EncodedCommand SQBmACgAJABlAG4AdgA6AHUAcwBlAHIAcwBRAHUAYQBsAGkAZgB5ACAALQBjACAAMQApAHsA... (truncated)
Refer to the exhibit. Network diagram description: - Web server (192.168.1.10) connected to internal network. - Database server (192.168.1.20) connected to internal network. - Firewall allows HTTP (port 80) from external to Web server only. - No internal firewall between Web and database servers.
Event Log: Event ID 4688 - Process Creation Command Line: cmd.exe /c net localgroup administrators user1 /add
access-list 101 permit tcp any host 192.168.1.100 eq 22 access-list 101 deny tcp any any eq 22
{"policy": {"name": "IncidentResponse", "containment": "isolate", "eradication": "reimage", "recovery": "backup"}}Refer to the exhibit. ``` [2024-01-15 14:32:05] [ERROR] [host=web01] Failed to connect to SQL server at 10.0.1.50:1433: Connection refused [2024-01-15 14:32:10] [WARNING] [host=web01] Application pool "AppPool1" has been recycled due to memory limit [2024-01-15 14:32:15] [ERROR] [host=db01] Disk I/O write latency exceeded threshold: 2000ms ```
ALERT: Port scan detected from IP 10.0.0.5 to multiple ports on internal host 192.168.1.10. Signature ID: 201. Action: Log only.