- All Exams Instant Download
What is the difference between the ACK flag and the RST flag in the NetFlow log session?
What is the difference between the ACK flag and the RST flag in the NetFlow log session?A . The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is completeB . The ACK flag confirms the beginning of the...
Which event is user interaction?
Which event is user interaction?A . gaining root accessB . executing remote codeC . reading and writing file permissionD . opening a malicious fileView AnswerAnswer: D
Which testing method did the intruder use?
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which...
Which security principle requires more than one person is required to perform a critical task?
Which security principle requires more than one person is required to perform a critical task?A . least privilegeB . need to knowC . separation of dutiesD . due diligenceView AnswerAnswer: C
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)A . Untampered images are used in the security investigation processB . Tampered images are used in the security investigation processC . The image is tampered if the stored hash and the computed hash...
Drag and drop the security concept on the left onto the example of that concept on the right
DRAG DROP Drag and drop the security concept on the left onto the example of that concept on the right. View AnswerAnswer:
What type of evidence is this file?
An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?A . data from a CD copied using Mac-based systemB . data from a CD copied using Linux systemC . data from a DVD copied using Windows systemD...
Which type of evidence is this?
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?A . best evidenceB . prima facie evidenceC . indirect evidenceD . physical...
Which artifact is used to uniquely identify a detected file?
Which artifact is used to uniquely identify a detected file?A . file timestampB . file extensionC . file sizeD . file hashView AnswerAnswer: D
Which two components reduce the attack surface on an endpoint? (Choose two.)
Which two components reduce the attack surface on an endpoint? (Choose two.)A . secure bootB . load balancingC . increased audit log levelsD . restricting USB portsE . full packet captures at the endpointView AnswerAnswer: AD
