What is a difference between inline traffic interrogation and traffic mirroring?
What is a difference between inline traffic interrogation and traffic mirroring?A . Inline inspection acts on the original traffic data flowB . Traffic mirroring passes live traffic to a tool for blockingC . Traffic mirroring inspects live traffic for analysis and mitigationD . Inline traffic copies packets for analysis and...
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?A . queries Linux devices that have Microsoft Services for Linux installedB . deploys Windows Operating Systems in an automated fashionC . is...
Which HTTP header field is used in forensics to identify the type of browser used?
Which HTTP header field is used in forensics to identify the type of browser used?A . referrerB . hostC . user-agentD . accept-languageView AnswerAnswer: C
Which event artifact is used to identity HTTP GET requests for a specific file?
Which event artifact is used to identity HTTP GET requests for a specific file?A . destination IP addressB . TCP ACKC . HTTP status codeD . URIView AnswerAnswer: D
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?A . decision makingB . rapid responseC . data miningD . due diligenceView AnswerAnswer: A
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?A . Tapping interrogation replicates signals to a separate port for analyzing trafficB . Tapping interrogations detect and block malicious trafficC . Inline interrogation enables viewing a copy...
What is the potential threat identified in this Stealthwatch dashboard?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?A . Host 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.B . Host 152.46.6.91 is being identified as a watchlist country for data transfer.C . Traffic to 152.46.6.149 is being denied by an Advanced Network Control policy.D...
What does the output indicate about the server with the IP address 172.18.104.139?
Refer to the exhibit. What does the output indicate about the server with the IP address 172.18.104.139?A . open ports of a web serverB . open port of an FTP serverC . open ports of an email serverD . running processes of the serverView AnswerAnswer: C
Which piece of file information from the analysis is needed to search for additional downloads of this file by other hosts?
You have identified a malicious file in a sandbox analysis tool. Which piece of file information from the analysis is needed to search for additional downloads of this file by other hosts?A . file nameB . file hash valueC . file typeD . file sizeView AnswerAnswer: B
What is the difference between deep packet inspection and stateful inspection?
What is the difference between deep packet inspection and stateful inspection?A . Deep packet inspection is more secure than stateful inspection on Layer 4B . Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7C . Stateful inspection is more secure than deep packet...