- All Exams Instant Download
Which signature caused this impact on network traffic?
An analyst discovers that a legitimate security alert has been dismissed . Which signature caused this impact on network traffic?A . true negativeB . false negativeC . false positiveD . true positiveView AnswerAnswer: B Explanation: A false negative occurs when the security system (usually a WAF) fails to identify a...
Which frame numbers contain a file that is extractable via TCP stream within Wireshark?
Refer to the exhibit. Which frame numbers contain a file that is extractable via TCP stream within Wireshark?A . 7,14, and 21B . 7 and 21C . 14,16,18, and 19D . 7 to 21View AnswerAnswer: B
Which two types of data must be identified'?
An engineer is working with the compliance teams to identify the data passing through the network. During analysis, the engineer informs the compliance team that external penmeter data flows contain records, writings, and artwork Internal segregated network flows contain the customer choices by gender, addresses, and product preferences by age....
What is the difference between the rule-based detection when compared to behavioral detection?
What is the difference between the rule-based detection when compared to behavioral detection?A . Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.B . Rule-Based systems have established patterns that do not change with new data, while behavioral changes.C . Behavioral...
What is the difference between deep packet inspection and stateful inspection?
What is the difference between deep packet inspection and stateful inspection?A . Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.B . Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.C...
What is the next step the engineer should take to investigate this resource usage?
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load . What is the next step the engineer should take to investigate this resource usage?A . Run "ps -d" to decrease the priority state of high load processes to...
Which of these describes SOC metrics in relation to security incidents?
Which of these describes SOC metrics in relation to security incidents?A . time it takes to detect the incidentB . time it takes to assess the risks of the incidentC . probability of outage caused by the incidentD . probability of compromise and impact caused by the incidentView AnswerAnswer: A
What is occurring in this network?
Refer to the exhibit. What is occurring in this network?A . ARP cache poisoningB . DNS cache poisoningC . MAC address table overflowD . MAC flooding attackView AnswerAnswer: A
In a SOC environment, what is a vulnerability management metric?
In a SOC environment, what is a vulnerability management metric?A . code signing enforcementB . full assets scanC . internet exposed devicesD . single factor authenticationView AnswerAnswer: C
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?A . The average time the SOC takes to register and assign the incident.B . The total incident escalations per week.C . The average time the SOC takes to detect and resolve the incident.D ....
