- All Exams Instant Download
During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?
Refer to the exhibit. During the analysis of a suspicious scanning activity incident, an analyst discovered multiple local TCP connection events Which technology provided these logs?A . antivirusB . proxyC . IDS/IPSD . firewallView AnswerAnswer: D
What is the difference between statistical detection and rule-based detection models?
What is the difference between statistical detection and rule-based detection models?A . Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of timeB . Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it...
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?A . examinationB . investigationC . collectionD . reportingView AnswerAnswer: C
What makes HTTPS traffic difficult to monitor?
What makes HTTPS traffic difficult to monitor?A . SSL interceptionB . packet header sizeC . signature detection timeD . encryptionView AnswerAnswer: D
What is vulnerability management?
What is vulnerability management?A . A security practice focused on clarifying and narrowing intrusion points.B . A security practice of performing actions rather than acknowledging the threats.C . A process to identify and remediate existing weaknesses.D . A process to recover from service interruptions and restore business-critical applicationsView AnswerAnswer: C...
Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?
Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?A . src=10.11.0.0/16 and dst=10.11.0.0/16B . ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16C . ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16D . src==10.11.0.0/16 and dst==10.11.0.0/16View AnswerAnswer: B
What is the threat actor in this scenario?
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom . What is the threat actor in this scenario?A . phishing emailB . senderC . HRD . receiverView AnswerAnswer: B
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?A . MAC is controlled by the discretion of the owner and DAC is controlled by an administratorB . MAC is the strictest of all levels of control and DAC is object-based accessC . DAC is controlled...
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?A . CSIRTB . PSIRTC . public affairsD . managementView AnswerAnswer: D
Which event category is described?
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver . Which event category is described?A . reconnaissanceB . action on...
