Refer to the exhibit. Which type of log is displayed?
AIDS
Bproxy
CNetFlow
Dsys
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
AHost 10.201.3.149 is sending data to 152.46.6.91 using TCP/443.
BHost 152.46.6.91 is being identified as a watchlist country for data transfer.
CTraffic to 152.46.6.149 is being denied by an Advanced Network Control policy.
DHost 10.201.3.149 is receiving almost 19 times more data than is being sent to host 152.46.6.91.
Refer to the exhibit. Which event is occurring?
AA binary named "submit" is running on VM cuckoo1.
BA binary is being submitted to run on VM cuckoo1
CA binary on VM cuckoo1 is being submitted for evaluation
DA URL is being evaluated to see if it has a malicious binary
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
Abest evidence
Bprima facie evidence
Cindirect evidence
Dphysical evidence
What is a benefit of agent-based protection when compared to agentless protection?
AIt lowers maintenance costs
BIt provides a centralized platform
CIt collects and detects all traffic locally
DIt manages numerous devices simultaneously
Which attack method intercepts traffic on a switched network?
Adenial of service
BARP cache poisoning
CDHCP snooping
Dcommand and control
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
Adecision making
Brapid response
Cdata mining
Ddue diligence
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?
Aransomware communicating after infection
Busers downloading copyrighted content
Cdata exfiltration
Duser circumvention of the firewall
Refer to the exhibit. Which application protocol is in this PCAP file?
ASSH
BTCP
CTLS
DHTTP
Which two elements are used for profiling a network? (Choose two.)
Asession duration
Btotal throughput
Crunning processes
Dlistening ports
EOS fingerprint
Which utility blocks a host portscan?
AHIDS
Bsandboxing
Chost-based firewall
Dantimalware
What is a difference between inline traffic interrogation and traffic mirroring?
AInline inspection acts on the original traffic data flow
BTraffic mirroring passes live traffic to a tool for blocking
CTraffic mirroring inspects live traffic for analysis and mitigation
DInline traffic copies packets for analysis and security
In a SOC environment, what is a vulnerability management metric?
Acode signing enforcement
Bfull assets scan
Cinternet exposed devices
Dsingle factor authentication
What is an example of social engineering attacks?
Areceiving an unexpected email from an unknown person with an attachment from someone in the same company
Breceiving an email from human resources requesting a visit to their secure website to update contact information
Csending a verbal request to an administrator who knows how to change an account password
Dreceiving an invitation to the department's weekly WebEx meeting
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
AA policy violation is active for host 10.10.101.24.
BA host on the network is sending a DDoS attack to another inside host.
CThere are three active data exfiltration alerts.
DA policy violation is active for host 10.201.3.149.
What is an attack surface as compared to a vulnerability?
Aany potential danger to an asset
Bthe sum of all paths for data into and out of the environment
Can exploitable weakness in a system or its design
Dthe individuals who perform an attack
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
ACD data copy prepared in Windows
BCD data copy prepared in Mac-based system
CCD data copy prepared in Linux system
DCD data copy prepared in Android-based system
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
Afragmentation
Bpivoting
Cencryption
Dstenography
DRAG DROP -
Drag and drop the technology on the left onto the data type the technology provides on the right.
Select and Place:
Which metric is used to capture the level of access needed to launch a successful attack?
Aprivileges required
Buser interaction
Cattack complexity
Dattack vector
Refer to the exhibit. What is occurring?
Apossible DNS amplification attack with requests that maximize data quantity
Bpossible DNS tunneling with encrypted communication through CNAMEs
Cpossible DNS cache poisoning with misdirects toward a fraudulent website
Dpossible botnet traffic with random MX querying to generate increased traffic
What is email greylisting by the mail transfer agent?
Adenying any email from a sender it does not recognize
Breturning emails that are potential phishing attempts
Callowing emails from unknown senders temporarily
Dquarantining emails sent from outside of the organization
An engineer configured regular expression ".*.([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" on Cisco ASA firewall. What does this regular expression do?
AIt captures .doc, .xls, and .pdf files in HTTP v1.0 and v1.1.
BIt captures documents in an HTTP network session.
CIt captures Word, Excel, and PowerPoint files in HTTP v1.0 and v1.1.
DIt captures .doc, .xls, and .ppt files extensions in HTTP v1.0.
Which regex matches only on all lowercase letters?
A[aגˆ’z]+
B[^aגˆ’z]+
Caגˆ’z+
Da*z+
Which system monitors local system operation and local network access for violations of a security policy?
Preview
