2.Which of the following is the primary reason financial institutions may share up-to-date threat
intelligence information on a secure feed that is
... [Show More] dedicated to their sector?
A. To augment information about common malicious actors and indicators of compromise
B. To prevent malicious actors from knowing they can defend against malicious attacks
C. To keep other industries from accessing information meant for financial institutions
D. To focus on attacks specifically targeted at their customers’ mobile applications
Answer: A
Explanation:
This is the primary reason why financial institutions may share up-to-date threat intelligence
information on a secure feed that is dedicated to their sector. Threat intelligence is the collection,
analysis, and dissemination of information about current or potential threats to an organization’s
assets, operations, or reputation. By sharing threat intelligence information, financial institutions can
benefit from the collective knowledge, experience, and capabilities of their peers and partners, and
enhance their situational awareness, threat detection, and incident response. Sharing threat
intelligence information can also help financial institutions identify common attack patterns, trends,
and techniques, as well as the malicious actors and indicators of compromise (IOCs) associated with
them. IOCs are pieces of forensic data that can be used to identify potentially malicious activities or
intrusions on a network or system, such as IP addresses, domains, URLs, file hashes, or email
addresses
3.An organization recently discovered that spreadsheet files containing sensitive financial data were
improperly stored on a web server. The management team wants to find out if any of these files were
downloaded by pubic users accessing the server. The results should be written to a text file and
should induce the date. time, and IP address associated with any spreadsheet downloads. The web
server's log file Is named webserver log, and the report We name should be accessreport.txt.
Following is a sample of the web servefs.log file:
2017-0-12 21:01:12 GET /index.htlm - @4..102.33.7 - return=200 1622
Which of the following commands should be run if an analyst only wants to include entries in which
spreadsheet was successfully downloaded?
A. more webserver.log | grep * xIs > accessreport.txt
B. more webserver.log > grep ''xIs > egrep -E 'success' > accessreport.txt
C. more webserver.log | grep ' -E ''return=200 | accessreport.txt
D. more webserver.log | grep -A *.xIs < accessreport.txt
Answer: C
Explanation:
The grep command is a tool that searches for a pattern of characters in a file or input and prints the
matching lines1 The egrep command is a variant of grep that supports extended regular expressions,
which allow more complex and flexible pattern matching2 The more command is a filter that displays
the contents of a file or input one screen at a time3 The pipe symbol (|) is used to redirect the output
of one command to the input of another command. The redirection symbol (>) is used to redirect the
output of a command to a file.
The command given in option C performs the following steps:
? It uses the more command to display the contents of the webserver.log file. [Show Less]