QUESTION 181
An analyst discovered an IP address within the organization traffic that belongs to a known command and control server. Which Diamond Model category is described?
A. Infrastructure
B. Capability
C. Victim
D. adversary
Correct Answer: A
QUESTION 182
What is a denial-of-service attack?
A. attack launched from one host
B. attack that impersonates another user
C. attack that causes buffer overflow
D. attack that uses open ports and services
Correct Answer: D
QUESTION 183
What is the impact of the load balancer on data?
A. It acts as a reverse proxy and allocates network traffic across a number of servers.
B. It encrypts communication protocol for the movement of data from one network to another.
C. It spreads between end users or system access to particular objects.
D. It directs network traffic generated by distributed applications.
Correct Answer: A
QUESTION 184
What is the difference between SIEM and SOAR?
A. The primary function of SIEM is to collect and detect events, and SOAR is more focused on workflows, threat detection, and remediation.
B. SIEM analyzes infrastructure and network traffic behavior for anomaly detection, and SOAR detects anomalies in known signatures.
C. SOAR generates and prevents security alerts, and SIEM predicts attack patterns and applies the mitigation.
D. SOAR is more efficient in event gathering and analysis, and SIEM has an advantage in resource usage and anomaly detection speed.
Correct Answer: A
QUESTION 185
An analyst performs traffic analysis to detect suspicious activity and identifies the multiple UDP connections through the same port. Which technology makes this behavior feasible?
A. P2P
B. ACL
C. NAT
D. TOR
Correct Answer: C
QUESTION 186
What describes the usage of a rootkit in endpoint-based attacks?
A. remote code execution that causes a denial-of-service on the system
B. exploit that can be used to perform remote code execution
C. set of tools used by an attacker to maintain control of a compromised system while avoiding detection
D. set of vulnerabilities used by an attacker to disable root access on the system
Correct Answer: C
QUESTION 187
Which statement describes patch management?
A. scanning servers and workstations for missing patches and vulnerabilities
B. process of appropriate distribution of system or software updates
C. managing and keeping previous patches lists documented for audit purposes
D. workflow of distributing mitigations of newly found vulnerabilities
Correct Answer: A
QUESTION 188
What are two differences of deep packet inspection compared to stateful firewall inspection? (Choose two.)
A. different rule configurations based on payload pattern
B. offers application-level monitoring
C. static lists for maintaining a strict access control level
D. inspection of only the first packet during a connection attempt
E. quality of service capabilities based on list definitions
Correct Answer: AB
QUESTION 189
Which statement describes threat hunting?
A. It is a prevention activity to detect signs of intrusion, compromise, data theft, abnormalities, or malicious activity.
B. It includes any activity that might go after competitors and adversaries to infiltrate their systems.
C. It is a vulnerability assessment conducted by cyber professionals.
D. It is an activity by an entity to deliberately bring down critical internal servers.
Correct Answer: A
QUESTION 190
What is a threat actor?
A. an internal individual, typically an insider with the capability to accidentally or intentionally compromise computer systems
B. an unauthorized person, such as script kiddies or hackers who attempt to breach network systems
C. an individual or group that is external or internal and may include nation-states, hacktivists, organized crime, and trusted insiders
D. an external party, typically a business partner with the capability to accidentally or intentionally compromise computer systems
Correct Answer: C
QUESTION 191
An analyst is exploring the functionality of different operating systems. What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
A. queries Linux devices that have Microsoft Services for Linux installed
B. deploys Windows Operating Systems in an automated fashion
C. is an efficient tool for working with Active Directory
D. has a Common Information Model, which describes installed hardware and software
Correct Answer: D
QUESTION 192
Which statement describes indicators of attack?
A. A malicious file is detected by the AV software.
B. Phishing attempts on an organization are blocked by mail AV.
C. Critical patches are missing.
D. Internal hosts communicate with countries outside of the business range.
Correct Answer: D
QUESTION 193
An analyst performs traffic analysis to detect data exfiltration and identifies a high frequency of DNS requests in a small period of time. Which technology makes this behavior feasible?
A. access control list
B. tunneling
C. encryption
D. NAT
Correct Answer: B
QUESTION 194
A company’s cyber security team performed a phishing simulation campaign for employees and performed security awareness trainings to affected personal. According to NIST.SP800-61, at which phase of incident response is this action?
A. eradication and recovery phase
B. post-incident activity phase
C. preparation phase
D. detection and analyze phase
Correct Answer: C
QUESTION 195
What is a scareware attack?
A. using the spoofed email addresses to trick people into providing login credentials
B. inserting malicious code that causes popup windows with flashing colors
C. gaining access to your computer and encrypting data stored on it
D. overwhelming a targeted website with fake traffic
Correct Answer: B
QUESTION 196
Which two protocols are used for DDoS amplification attacks? (Choose two.)
A. HΤΤP
B. DNS
C. TCP
D. NTP
E. ICMPv6
Correct Answer: BD
QUESTION 197
What is a description of defense-in-depth strategy?
A. series of security mechanisms and controls layered within the organization
B. well-defined set of policies and procedures with corrective controls
C. highly effective and responsive dedicated SOC team
D. end-to-end defined incident response process
Correct Answer: A
QUESTION 198
What is the impact of encapsulation on the network?
A. Logically separate functions in the network are abstracted from their underlying structures.
B. Web requests are taken on behalf of users and the response is collected from the web.
C. Numerous local private addresses are mapped to a public one before the data is moved.
D. Something significant is concealed from virtually separate networks.
Correct Answer: A
QUESTION 199
According to NIST, at which step of the incident response process should an organization apply lessons learned from practice?
A. containment
B. preparation
C. post-incident activity
D. detection and analysis
Correct Answer: C
QUESTION 200
What is a Shellshock vulnerability?
A. cross site scripting
B. heap overflow
C. SQL injection
D. command injection
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.