- All Exams Instant Download
What is occurring?
Refer to the exhibit. A company employee is connecting to mail google.com from an endpoint device. The website is loaded but with an error . What is occurring?A . DNS hijacking attackB . Endpoint local time is invalid.C . Certificate is not in trusted roots.D . man-m-the-middle attackView AnswerAnswer: C
What is the difference between a threat and an exploit?
What is the difference between a threat and an exploit?A . A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.B . A threat is a potential attack on an asset and an exploit takes advantage of...
How must the engineer interpret the results?
Refer to the exhibit. An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command . How must the engineer interpret the results?A . The web application is receiving a common, legitimate trafficB . The engineer must gather more data.C . The web application...
How does an attack surface differ from an attack vector?
How does an attack surface differ from an attack vector?A . An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.B . An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are...
Which type of data consists of connection level, application-specific records generated from network traffic?
Which type of data consists of connection level, application-specific records generated from network traffic?A . transaction dataB . location dataC . statistical dataD . alert dataView AnswerAnswer: A
How should this type of evidence be categorized?
Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced . How should this type of evidence be categorized?A . indirectB . circumstantialC . corroborativeD . bestView AnswerAnswer: C Explanation: Indirect=circumstantail so there is no posibility to match A or...
How does statistical detection differ from rule-based detection?
How does statistical detection differ from rule-based detection?A . Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.B . Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rulesC . Rule-based detection involves the...
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?A . event name, log source, time, source IP, and host nameB . protocol, source IP, source port, destination IP, and destination...
What is a benefit of using asymmetric cryptography?
What is a benefit of using asymmetric cryptography?A . decrypts data with one keyB . fast data transferC . secure data transferD . encrypts data with one keyView AnswerAnswer: B
What is the potential threat identified in this Stealthwatch dashboard?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?A . A policy violation is active for host 10.10.101.24.B . A host on the network is sending a DDoS attack to another inside host.C . There are two active data exfiltration alerts.D . A policy violation...
