Winter Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av54zq84

Exact2Pass Menu

Question # 4

Drag and drop the elements from the left into the correct order for incident handling on the right.

Full Access
Question # 5

What is the impact of false positive alerts on business compared to true positive?

A.

True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

B.

True positive alerts are blocked by mistake as potential attacks affecting application availability.

C.

False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

D.

False positive alerts are blocked by mistake as potential attacks affecting application availability.

Full Access
Question # 6

What is a benefit of agent-based protection when compared to agentless protection?

A.

It lowers maintenance costs

B.

It provides a centralized platform

C.

It collects and detects all traffic locally

D.

It manages numerous devices simultaneously

Full Access
Question # 7

A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.

Which type of evidence is this?

A.

best evidence

B.

prima facie evidence

C.

indirect evidence

D.

physical evidence

Full Access
Question # 8

Refer to the exhibit.

Which type of attack is being executed?

A.

SQL injection

B.

cross-site scripting

C.

cross-site request forgery

D.

command injection

Full Access
Question # 9

An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

A.

File: Clean

B.

^Parent File Clean$

C.

File: Clean (.*)

D.

^File: Clean$

Full Access
Question # 10

What is the difference between indicator of attack (loA) and indicators of compromise (loC)?

A.

loA is the evidence that a security breach has occurred, and loC allows organizations to act before the vulnerability can be exploited.

B.

loA refers to the individual responsible for the security breach, and loC refers to the resulting loss.

C.

loC is the evidence that a security breach has occurred, and loA allows organizations to act before the vulnerability can be exploited.

D.

loC refers to the individual responsible for the security breach, and loA refers to the resulting loss.

Full Access
Question # 11

Refer to the exhibit.

An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?

A.

The web application is receiving a common, legitimate traffic

B.

The engineer must gather more data.

C.

The web application server is under a denial-of-service attack.

D.

The server is under a man-in-the-middle attack between the web application and its database

Full Access
Question # 12

An engineer is investigating a case of the unauthorized usage of the “Tcpdump” tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?

A.

tagged protocols being used on the network

B.

all firewall alerts and resulting mitigations

C.

tagged ports being used on the network

D.

all information and data within the datagram

Full Access
Question # 13

An engineer must compare NIST vs ISO frameworks The engineer deeded to compare as readable documentation and also to watch a comparison video review. Using Windows 10 OS. the engineer started a browser and searched for a NIST document and then opened a new tab in the same browser and searched for an ISO document for comparison

The engineer tried to watch the video, but there 'was an audio problem with OS so the engineer had to troubleshoot it At first the engineer started CMD and looked fee a driver path then locked for a corresponding registry in the registry editor The engineer enabled "Audiosrv" in task manager and put it on auto start and the problem was solved Which two components of the OS did the engineer touch? (Choose two)

A.

permissions

B.

PowerShell logs

C.

service

D.

MBR

E.

process and thread

Full Access
Question # 14

A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters. Which action does the engineer recommend?

A.

Upgrade to TLS v1 3.

B.

Install the latest IIS version.

C.

Downgrade to TLS 1.1.

D.

Deploy an intrusion detection system

Full Access
Question # 15

What is an incident response plan?

A.

an organizational approach to events that could lead to asset loss or disruption of operations

B.

an organizational approach to security management to ensure a service lifecycle and continuous improvements

C.

an organizational approach to disaster recovery and timely restoration of operational services

D.

an organizational approach to system backup and data archiving aligned to regulations

Full Access
Question # 16

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?

A.

application identification number

B.

active process identification number

C.

runtime identification number

D.

process identification number

Full Access
Question # 17

What is the difference between a threat and an exploit?

A.

A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.

B.

A threat is a potential attack on an asset and an exploit takes advantage of the vulnerability of the asset

C.

An exploit is an attack vector, and a threat is a potential path the attack must go through.

D.

An exploit is an attack path, and a threat represents a potential vulnerability

Full Access
Question # 18

Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

A.

dstport == FTP

B.

tcp.port==21

C.

tcpport = FTP

D.

dstport = 21

Full Access
Question # 19

Which technology on a host is used to isolate a running application from other applications?

A.

sandbox

B.

application allow list

C.

application block list

D.

host-based firewall

Full Access
Question # 20

What is a benefit of using asymmetric cryptography?

A.

decrypts data with one key

B.

fast data transfer

C.

secure data transfer

D.

encrypts data with one key

Full Access
Question # 21

What is the relationship between a vulnerability and a threat?

A.

A threat exploits a vulnerability

B.

A vulnerability is a calculation of the potential loss caused by a threat

C.

A vulnerability exploits a threat

D.

A threat is a calculation of the potential loss caused by a vulnerability

Full Access
Question # 22

What is a difference between signature-based and behavior-based detection?

A.

Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.

B.

Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.

C.

Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.

D.

Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Full Access
Question # 23

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

A.

Win32.polip.a.exe is an executable file and should be flagged as malicious.

B.

The file is clean and does not represent a risk.

C.

Cuckoo cleaned the malicious file and prepared it for usage.

D.

MD5 of the file was not identified as malicious.

Full Access
Question # 24

What is indicated by an increase in IPv4 traffic carrying protocol 41 ?

A.

additional PPTP traffic due to Windows clients

B.

unauthorized peer-to-peer traffic

C.

deployment of a GRE network on top of an existing Layer 3 network

D.

attempts to tunnel IPv6 traffic through an IPv4 network

Full Access
Question # 25

Which incidence response step includes identifying all hosts affected by an attack?

A.

detection and analysis

B.

post-incident activity

C.

preparation

D.

containment, eradication, and recovery

Full Access
Question # 26

Refer to the exhibit.

Which frame numbers contain a file that is extractable via TCP stream within Wireshark?

A.

7,14, and 21

B.

7 and 21

C.

14,16,18, and 19

D.

7 to 21

Full Access
Question # 27

Which event artifact is used to identify HTTP GET requests for a specific file?

A.

destination IP address

B.

TCP ACK

C.

HTTP status code

D.

URI

Full Access
Question # 28

Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

A.

forgery attack

B.

plaintext-only attack

C.

ciphertext-only attack

D.

meet-in-the-middle attack

Full Access
Question # 29

Refer to the exhibit. Where is the executable file?

A.

info

B.

tags

C.

MIME

D.

name

Full Access
Question # 30

Drag and drop the data source from the left onto the data type on the right.

Full Access
Question # 31

The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?

A.

Isolate the infected endpoint from the network.

B.

Perform forensics analysis on the infected endpoint.

C.

Collect public information on the malware behavior.

D.

Prioritize incident handling based on the impact.

Full Access
Question # 32

Which piece of information is needed for attribution in an investigation?

A.

proxy logs showing the source RFC 1918 IP addresses

B.

RDP allowed from the Internet

C.

known threat actor behavior

D.

802.1x RADIUS authentication pass arid fail logs

Full Access
Question # 33

An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?

A.

list of security restrictions and privileges boundaries bypassed

B.

external USB device

C.

receptionist and the actions performed

D.

stolen data and its criticality assessment

Full Access
Question # 34

Which action prevents buffer overflow attacks?

A.

variable randomization

B.

using web based applications

C.

input sanitization

D.

using a Linux operating system

Full Access
Question # 35

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

Full Access
Question # 36

What ate two categories of DDoS attacks? (Choose two.)

A.

split brain

B.

scanning

C.

phishing

D.

reflected

E.

direct

Full Access
Question # 37

Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?

A.

AWS

B.

IIS

C.

Load balancer

D.

Proxy server

Full Access
Question # 38

Refer to the exhibit.

What is occurring?

A.

Cross-Site Scripting attack

B.

XML External Entitles attack

C.

Insecure Deserialization

D.

Regular GET requests

Full Access
Question # 39

A security incident occurred with the potential of impacting business services. Who performs the attack?

A.

malware author

B.

threat actor

C.

bug bounty hunter

D.

direct competitor

Full Access