- All Exams Instant Download
Which method is used to identify a session from a group of logs?
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?A . sequence numbersB . IP identifierC . 5-tupleD . timestampsView AnswerAnswer: C
What are two denial of service attacks? (Choose two.)
What are two denial of service attacks? (Choose two.)A . MITMB . TCP connectionsC . ping of deathD . UDP floodingE . code redView AnswerAnswer: C, D Explanation: Ping of Death involves sending oversized or malformed pings to crash the target system, while UDP flooding overwhelms the target with UDP...
What is an example of social engineering attacks?
What is an example of social engineering attacks?A . receiving an unexpected email from an unknown person with an attachment from someone in the same companyB . receiving an email from human resources requesting a visit to their secure website to update contact informationC . sending a verbal request to...
Which event is user interaction?
Which event is user interaction?A . gaining root accessB . executing remote codeC . reading and writing file permissionD . opening a malicious fileView AnswerAnswer: D Explanation: User interaction is any event that requires the user to perform an action that enables or facilitates a cyberattack. Opening a malicious file...
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?A . NetScoutB . tcpdumpC . SolarWindsD . netshView AnswerAnswer: B Explanation: tcpdump is an open-source packet capture tool that uses the libpcap library to capture network traffic on Linux and Mac OS X operating systems. It can...
What are the two characteristics of the full packet captures? (Choose two.)
What are the two characteristics of the full packet captures? (Choose two.)A . Identifying network loops and collision domains.B . Troubleshooting the cause of security and performance issues.C . Reassembling fragmented traffic from raw data.D . Detecting common hardware faults and identify faulty assets.E . Providing a historical record of...
What is a benefit of agent-based protection when compared to agentless protection?
What is a benefit of agent-based protection when compared to agentless protection?A . It lowers maintenance costsB . It provides a centralized platformC . It collects and detects all traffic locallyD . It manages numerous devices simultaneouslyView AnswerAnswer: C Explanation: Agent-based protection is a type of endpoint security that uses...
Which information is available on the server certificate?
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification. Which information is available on the server certificate?A . server name, trusted subordinate CA, and private keyB . trusted subordinate CA, public key, and cipher suitesC . trusted...
Which system monitors local system operation and local network access for violations of a security policy?
Which system monitors local system operation and local network access for violations of a security policy?A . host-based intrusion detectionB . systems-based sandboxingC . host-based firewallD . antivirusView AnswerAnswer: A Explanation: A host-based intrusion detection system (HIDS) monitors a computer system for suspicious activity by analyzing events occurring within that...
How is NetFlow different from traffic mirroring?
How is NetFlow different from traffic mirroring?A . NetFlow collects metadata and traffic mirroring clones data.B . Traffic mirroring impacts switch performance and NetFlow does not.C . Traffic mirroring costs less to operate than NetFlow.D . NetFlow generates more data than traffic mirroring.View AnswerAnswer: A Explanation: NetFlow is a network...
