In which Linux log file is this output found?

Refer to the exhibit. In which Linux log file is this output found?A . /var/log/authorization.logB . /var/log/dmesgC . var/log/var.logD . /var/log/auth.logView AnswerAnswer: D

August 9, 2020No CommentsREAD MORE +

Which regular expression matches "color" and "colour"?

Which regular expression matches "color" and "colour"?A . colo?urB . col[0 − 8]+ourC . colou?rD . col[0 − 9]+ourView AnswerAnswer: C

August 8, 2020No CommentsREAD MORE +

Which type of log is displayed?

Refer to the exhibit. Which type of log is displayed?A . proxyB . NetFlowC . IDSD . sysView AnswerAnswer: B

August 7, 2020No CommentsREAD MORE +

Which method is used to identify a session from a group of logs?

An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?A . sequence numbersB . IP identifierC . 5-tupleD . timestampsView AnswerAnswer: C

August 6, 2020No CommentsREAD MORE +

Which type of evidence supports a theory or an assumption that results from initial evidence?

Which type of evidence supports a theory or an assumption that results from initial evidence?A . probabilisticB . indirectC . bestD . corroborativeView AnswerAnswer: D

August 6, 2020No CommentsREAD MORE +

Which two elements are assets in the role of attribution in an investigation? (Choose two.)

Which two elements are assets in the role of attribution in an investigation? (Choose two.)A . contextB . sessionC . laptopD . firewall logsE . threat actorView AnswerAnswer: AE

August 6, 2020No CommentsREAD MORE +

Which piece of information is needed for attribution in an investigation?

Which piece of information is needed for attribution in an investigation?A . proxy logs showing the source RFC 1918 IP addressesB . RDP allowed from the InternetC . known threat actor behaviorD . 802.1x RADIUS authentication pass arid fail logsView AnswerAnswer: C

August 5, 2020No CommentsREAD MORE +

Which signature caused this impact on network traffic?

An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?A . true negativeB . false negativeC . false positiveD . true positiveView AnswerAnswer: B

August 5, 2020No CommentsREAD MORE +

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)A . detection and analysisB . post-incident activityC . vulnerability managementD . risk assessmentE . vulnerability scoringView AnswerAnswer: AB Explanation: Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

August 5, 2020No CommentsREAD MORE +

What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?

What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?A . Tapping interrogation replicates signals to a separate port for analyzing trafficB . Tapping interrogations detect and block malicious trafficC . Inline interrogation enables viewing a copy...

August 4, 2020No CommentsREAD MORE +