Which artifact is used to uniquely identify a detected file?
Which artifact is used to uniquely identify a detected file?A . file timestampB . file extensionC . file sizeD . file hashView AnswerAnswer: D
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?A . SFlowB . NetFlowC . NFlowD . IPFIXView AnswerAnswer: D
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?A . syslog messagesB . full packet captureC . NetFlowD . firewall event logsView AnswerAnswer: C
At which layer is deep packet inspection investigated on a firewall?
At which layer is deep packet inspection investigated on a firewall?A . internetB . transportC . applicationD . data linkView AnswerAnswer: C
Which testing method did the intruder use?
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which...
What is an example of social engineering attacks?
What is an example of social engineering attacks?A . receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same companyB . receiving an email from human resources requesting a visit to their secure website to update contact informationC . sending a verbal request...
How is NetFlow different than traffic mirroring?
How is NetFlow different than traffic mirroring?A . NetFlow collects metadata and traffic mirroring clones dataB . Traffic mirroring impacts switch performance and NetFlow does notC . Traffic mirroring costs less to operate than NetFlowD . NetFlow generates more data than traffic mirroringView AnswerAnswer: A
Which event category is described?
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?A . reconnaissanceB . action on objectivesC...
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?A . CSIRTB . PSIRTC . public affairsD . managementView AnswerAnswer: D
Which result of a successful attack is true?
The target web application server is running as the root user and is vulnerable to command injection. Which result of a successful attack is true?A . cross-site scriptingB . cross-site scripting request forgeryC . privilege escalationD . buffer overflowView AnswerAnswer: B