- All Exams Instant Download
Which kind of evidence is this IP address?
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise. Which kind of evidence is this IP address?A . best evidenceB . corroborative evidenceC . indirect evidenceD . forensic evidenceView AnswerAnswer: B
Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal?
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)A . management and...
What is the function of a command and control server?
What is the function of a command and control server?A . It enumerates open ports on a network deviceB . It drops secondary payload into malwareC . It is used to regain control of the network after a compromiseD . It sends instruction to a compromised systemView AnswerAnswer: D
Which type of evidence is this?
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?A . best evidenceB . prima facie evidenceC . indirect evidenceD . physical...
What is the difference between the rule-based detection when compared to behavioral detection?
What is the difference between the rule-based detection when compared to behavioral detection?A . Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.B . Rule-Based systems have established patterns that do not change with new data, while behavioral changes.C . Behavioral...
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?A . integrityB . confidentialityC . availabilityD . scopeView AnswerAnswer: A
What is the potential threat identified in this Stealth watch dashboard?
Refer to the exhibit. What is the potential threat identified in this Stealth watch dashboard?A . Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.B . Host 152.46.6.91 is being identified as a watchlist country for data transfer.C . Traffic to 152.46.6.149 is being denied by an Advanced Network Control...
Which piece of information is needed for attribution in an investigation?
Which piece of information is needed for attribution in an investigation?A . proxy logs showing the source RFC 1918 IP addressesB . RDP allowed from the InternetC . known threat actor behaviorD . 802.1x RADIUS authentication pass arid fail logsView AnswerAnswer: C Explanation: Actually this is the most important thing:...
What is occurring in this network traffic?
Refer to the exhibit. What is occurring in this network traffic?A . High rate of SYN packets being sent from a multiple source towards a single destination IP.B . High rate of ACK packets being sent from a single source IP towards multiple destination IPs.C . Flood of ACK packets...
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?A . least privilegeB . need to knowC . integrity validationD . due diligenceView AnswerAnswer: A
