Security Solutions
LetsDefend
How many of the following are tools in the IDS type?
A) 3
According to the Snort IDS log, what is the IP address from which the response came?
A) 4.2.2.3
Check the Snort IDS log, according to the OSI model, which layer 7 network protocol does it belong to?
A) 53
What is the HTTP request method according to the given Zeek IDS HTTP log?
A) GET
What is the FTP command used for file transfer according to the given Zeek IDS FTP log?
A) RETR
According to the given Suricata IPS log, has the command been run successfully?
A) Y
What is the name of the SSL vulnerability that is attempted to be exploited in the given Suricata IPS log?
A) POODLE
What is the name of the scanning tool that triggers the creation of the given Suricata IPS log?
A) Nmap
What is the action taken according to the given firewall log?
A) Deny
What is the source IP address according to the given firewall log?
A) 192.168.68.12
What is the destination port number according to the given firewall log?
A) 143
According to the given Windows Defender Firewall log, what is the IP address that sends the TCP segment whose source port is 5421?
A) 192.168.1.9
According to the given Windows Defender Firewall log, which network protocol do the logs associated with the “8.8.8.8” IP address belong to?
A) ICMP
What is the name of the powershell script that is tried to be downloaded according to the given Crowdstrike EDR log?
A) Invoke-Mimikatz
According to the given Crowdstrike EDR log, what is the name of the MITRE technique used by the attacker?
A)OS Credential Dumping
According to the given Crowdstrike EDR log, what is the name and extension of the file that the attacker is trying to download onto the system?
A) Get-System.ps1
What is the severity of the alert based on the given Crowdstrike EDR log?
A) High
According to the given Windows Defender log, what is the type of malware named “executable.8180.exe”?
A) Trojan
According to the given Windows Defender log, what is the name of the file belonging to the “Backdoor” type malware?
A) program1
According to the sandbox analysis result in the URL given below, for which domain address was the DNS request made?
What is the name and extension of the file that performs the malicious activity on the system according to the sandbox analysis result in the URL given below?
A) DotSetupSDK.dll
According to the given AWS WAF log, a request for SQL_Injection attack was blocked. What is the IP Address that sent this request?
A) 185.220.101.35
According to the given Cloudflare WAF log, an HTTP request was sent to the IP address 185.220.102.244 . Which HTTP method does this HTTP request use?
A) GET
What is the User-Agent in the HTTP request in the given AWS load balancer log?
A)curl/7.46.0
According to the given Squid Web Proxy Server log, to which port of the “letsdefend.io” address was the request sent?
A) 443
According to the given Squid Web Proxy Server log, how many different web addresses are there to send HTTP GET method requests?
A) 5
According to the email security solution log, what is the email address of the recipient of the email?
What is the type of threat according to the email security solution log provided?
A) malware