During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?A . examinationB . investigationC . collectionD . reportingView AnswerAnswer: C Explanation: During the collection phase of the forensic process, data related to a specific event is labeled...
Which kind of attack method is depicted in this string?
Refer to the exhibit. Which kind of attack method is depicted in this string?A . cross-site scriptingB . man-in-the-middleC . SQL injectionD . denial of serviceView AnswerAnswer: A Explanation: The image shows a piece of code within a bordered rectangular area. It is a string of HTML code that appears...
What is the function of a command and control server?
What is the function of a command and control server?A . It enumerates open ports on a network deviceB . It drops secondary payload into malwareC . It is used to regain control of the network after a compromiseD . It sends instruction to a compromised systemView AnswerAnswer: D Explanation:...
What is the difference between statistical detection and rule-based detection models?
What is the difference between statistical detection and rule-based detection models?A . Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of timeB . Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it...
What is the difference between deep packet inspection and stateful inspection?
What is the difference between deep packet inspection and stateful inspection?A . Deep packet inspection is more secure than stateful inspection on Layer 4B . Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7C . Stateful inspection is more secure than deep packet...
Which kind of evidence is this IP address?
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise. Which kind of evidence is this IP address?A . best evidenceB . corroborative evidenceC . indirect evidenceD . forensic evidenceView AnswerAnswer: B Explanation: The source IP address from...
What is occurring in this network traffic?
Refer to the exhibit. What is occurring in this network traffic?A . High rate of SYN packets being sent from a multiple source towards a single destination IP.B . High rate of ACK packets being sent from a single source IP towards multiple destination IPs.C . Flood of ACK packets...
What is the potential threat identified in this Stealthwatch dashboard?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?A . Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.B . Host 152.46.6.91 is being identified as a watchlist country for data transfer.C . Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.D...
Which type of data consists of connection level, application-specific records generated from network traffic?
Which type of data consists of connection level, application-specific records generated from network traffic?A . transaction dataB . location dataC . statistical dataD . alert dataView AnswerAnswer: A Explanation: Transaction data consists of connection level, application-specific records generated from network traffic. It provides information about the source, destination, protocol, and...
Which event category is described?
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?A . reconnaissanceB . action on objectivesC...