Loading questions...
Updated
Which system monitors local system operation and local network access for violations of a security policy?
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
What is a difference between tampered and untampered disk images?
What is a sandbox interprocess communication service?
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
Which step in the incident response process researches an attacking host through logs in a SIEM?
A malicious file has been identified in a sandbox analysis tool.
Which piece of information is needed to search for additional downloads of this file by other hosts?
What is a difference between SOAR and SIEM?
Which security technology allows only a set of pre-approved applications to run on a system?
An investigator is examining a copy of an ISO file that is stored in CDFS format.
What type of evidence is this file?
Which piece of information is needed for attribution in an investigation?
What does cyber attribution identify in an investigation?
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
DRAG DROP -
Drag and drop the type of evidence from the left onto the description of that evidence on the right.
Select and Place:
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning. How should the analyst collect the traffic to isolate the suspicious host?
Which technology on a host is used to isolate a running application from other application?
Which event is user interaction?
An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
Refer to the exhibit. An analyst received this alert from the Cisco ASA device, and numerous activity logs were produced. How should this type of evidence be categorized?
Refer to the exhibit. Which piece of information is needed to search for additional downloads of this file by other hosts?