Which method is used to identify a session from a group of logs?
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?A . sequence numbersB . IP identifierC . 5-tupleD . timestampsView AnswerAnswer: C
Which piece of information is needed for attribution in an investigation?
Which piece of information is needed for attribution in an investigation?A . proxy logs showing the source RFC 1918 IP addressesB . RDP allowed from the InternetC . known threat actor behaviorD . 802.1x RADIUS authentication pass arid fail logsView AnswerAnswer: C
Which attack method intercepts traffic on a switched network?
Which attack method intercepts traffic on a switched network?A . denial of serviceB . ARP cache poisoningC . DHCP snoopingD . command and controlView AnswerAnswer: B Explanation: An ARP-based MITM attack is achieved when an attacker poisons the ARP cache of two devices with the MAC address of the attacker's...
Which step in the incident response process researches an attacking host through logs in a SIEM?
Which step in the incident response process researches an attacking host through logs in a SIEM?A . detection and analysisB . preparationC . eradicationD . containmentView AnswerAnswer: A
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?A . Modify the settings of the intrusion detection system.B . Design criteria for reviewing alerts.C . Redefine signature rules.D . Adjust the alerts schedule.View AnswerAnswer: A
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?A . forgery attackB . plaintext-only attackC . ciphertext-only attackD . meet-in-the-middle attackView AnswerAnswer: C
What is a difference between SOAR and SIEM?
What is a difference between SOAR and SIEM?A . SOAR platforms are used for threat and vulnerability management, but SIEM applications are notB . SIEM applications are used for threat and vulnerability management, but SOAR platforms are notC . SOAR receives information from a single platform and delivers it to...
Which information is available on the server certificate?
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification. Which information is available on the server certificate?A . server name, trusted subordinate CA, and private keyB . trusted subordinate CA, public key, and cipher suitesC . trusted...
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?A . queries Linux devices that have Microsoft Services for Linux installedB . deploys Windows Operating Systems in an automated fashionC . is...
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?
A system administrator is ensuring that specific registry information is accurate. Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?A . file extension associationsB . hardware, software, and security settings for the systemC . currently logged in users, including folders and control panel settingsD . all users on the...