Cisco CyberOps Associate CBROPS 200-201_ Official Cert Guide by Omar Santos

Author:Omar Santos
Language: eng
Format: mobi
Publisher: Cisco Press
Published: 1999-12-31T16:00:00+00:00

Coordination Center

All of these answers are correct.

11. Source and destination IP addresses are usually shown in NetFlow records and security events. What other artifacts are part of NetFlow records? (Select all that apply.)

Destination ports

Usernames

IPS Signature IDs

Source ports

12. Which of the following are artifacts that are usually shown in IDS and IPS events? (Select all that apply.)

Signature IDs

Passwords

PII

Source and destination IP addresses

13. You are responding to a security incident and collected logs from a Linux system. You notice that there are thousands of entries in /var/log/auth.log, but you need to filter out valid connections and display only invalid user entries. The following example shows a few of the log entries:

Click here to view code image

Apr 8 04:17:01 us-dev1 CRON[3754]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 8 04:17:01 us-dev1 CRON[3754]: pam_unix(cron:session): session closed for user root Apr 8 05:17:01 us-dev1 CRON[3808]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 8 05:17:01 us-dev1 CRON[3808]: pam_unix(cron:session): session closed for user root Apr 8 05:18:21 us-dev1 sshd[31199]: Failed password for invalid user admin from 10.1.2.3 port 49821 ssh2

Which of the following regular expression commands will display log messages for any invalid users attempting to connect to the Linux server?

grep invalid\ user.*ssh /var/log/auth.log

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.