- All Exams Instant Download
In which Linux log file is this output found?
Refer to the exhibit. In which Linux log file is this output found?A . /var/log/authorization.logB . /var/log/dmesgC . var/log/var.logD . /var/log/auth.logView AnswerAnswer: D
Which regular expression matches "color" and "colour"?
Which regular expression matches "color" and "colour"?A . colo?urB . col[0 − 8]+ourC . colou?rD . col[0 − 9]+ourView AnswerAnswer: C
Which type of log is displayed?
Refer to the exhibit. Which type of log is displayed?A . proxyB . NetFlowC . IDSD . sysView AnswerAnswer: B
Which method is used to identify a session from a group of logs?
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?A . sequence numbersB . IP identifierC . 5-tupleD . timestampsView AnswerAnswer: C
Which type of evidence supports a theory or an assumption that results from initial evidence?
Which type of evidence supports a theory or an assumption that results from initial evidence?A . probabilisticB . indirectC . bestD . corroborativeView AnswerAnswer: D
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
Which two elements are assets in the role of attribution in an investigation? (Choose two.)A . contextB . sessionC . laptopD . firewall logsE . threat actorView AnswerAnswer: AE
Which piece of information is needed for attribution in an investigation?
Which piece of information is needed for attribution in an investigation?A . proxy logs showing the source RFC 1918 IP addressesB . RDP allowed from the InternetC . known threat actor behaviorD . 802.1x RADIUS authentication pass arid fail logsView AnswerAnswer: C
Which signature caused this impact on network traffic?
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?A . true negativeB . false negativeC . false positiveD . true positiveView AnswerAnswer: B
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)A . detection and analysisB . post-incident activityC . vulnerability managementD . risk assessmentE . vulnerability scoringView AnswerAnswer: AB Explanation: Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?A . Tapping interrogation replicates signals to a separate port for analyzing trafficB . Tapping interrogations detect and block malicious trafficC . Inline interrogation enables viewing a copy...