QUESTION 41
At a company party, a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?
A. Password Revelation Strategy
B. Piggybacking
C. Phishing attack
D. Social Engineering
Correct Answer: D
QUESTION 42
What are indicators of compromise?
A. network scans by internal hosts
B. internal hosts with bad destinations
C. off-hour malware detection
D. anomalies in privileged user account activity
Correct Answer: A
QUESTION 43
What is threat hunting in the context of cybersecurity?
A. searching for vulnerable systems or services to exploit
B. taking legal actions against proven malicious users
C. searching for indicators of malicious activity within a network
D. scanning a target before performing an attack
Correct Answer: C
QUESTION 44
An attacker used a Zerologon vulnerability and impersonated a root domain controller. Which step of the Cyber Kill Chain model is the attacker on?
A. installation
B. exploitation
C. weaponization
D. delivery
Correct Answer: B
QUESTION 45
What describes the framework that enables to control user access to critical information in the heterogenous technology environments?
A. identity and access management
B. configuration management
C. vulnerability scanner
D. mobile device management
Correct Answer: A
QUESTION 46
What is the purpose of a host-based intrusion detection system (HIDS)?
A. A HIDS protects against threats via known blacklisted hash databases of malware and ransomware.
B. A HIDS filters traffic according to configured firewall access lists rules.
C. A HIDS blocks potential anomaly activity of users.
D. A HIDS detects threats using a combination of signature-based and anomaly-based detection methods.
Correct Answer: D
QUESTION 47
What is the definition of threat intelligence in the context of cybersecurity?
A. design and delivery of sophisticated cyberattacks
B. design and implementation of advanced defense mechanisms
C. update and hardening of IT infrastructure
D. information and analysis related to potential security threats
Correct Answer: D
QUESTION 48
Which action matches the weaponization step of the Cyber Kill Chain Model?
A. Develop a specific malware to exploit a vulnerable server.
B. Construct a trojan and deliver it to the victim.
C. Scan open services and ports on a server.
D. Match a known script to a vulnerability.
Correct Answer: A
QUESTION 49
What is the advantage of agent-based protection compared to agentless protection?
A. monitors and detects traffic locally
B. manages unlimited devices simultaneously
C. easier to manage due to the centralized platform
D. lower resource requirements during implementation
Correct Answer: A
QUESTION 50
A network engineer must profile wireless devices. DHCP is used and firewall traffic is allowed. What is a method for identifying running processes?
A. network traffic from a span port
B. data from audit logs
C. data from event log
D. Layer 2 traffic
Correct Answer: A
QUESTION 51
Which technology assures that the information transferred from point A to point B is unaltered and authentic?
A. Trust anchor
B. EMV signatures
C. Digital certificates
D. Subject Alternative Name
Correct Answer: C
QUESTION 52
What is the impact of encryption on data visibility?
A. Traffic decryption causes high CPU load on monitoring systems.
B. IPsec encryption of traffic is vulnerable to man-in-the-middle attacks.
C. TLS 1.3 traffic cannot be decrypted and monitored.
D. Traffic decryption is needed for deep inspection of SSL traffic via NGFW.
Correct Answer: A
QUESTION 53
Which SOC metric represents the time to stop the incident from causing further damage to systems or data?
A. Mean Time to Respond (MTTR)
B. Mean Time to Detect (MTTR)
C. Mean Time to Contain (MTTC)
D. Mean Time to Acknowledge (MTTA)
Correct Answer: C
QUESTION 54
What is a DDoS attack?
A. injecting arbitrary commands on the host operating system
B. limiting the rate of the incoming traffic
C. flooding a target with fake traffic
D. scrubbing traffic from the target host
Correct Answer: C
QUESTION 55
An engineer is working on the implementation of digital certificates for new critical web applications. One of the requirements is that the https connection must be validated and protected against malicious network impersonators. The server will be exposed externally from the DMZ network. Which certificate must be used?
A. SSL v3
B. TLS 1.1
C. X.509
D. private CA
Correct Answer: C
QUESTION 56
An analyst must choose one source of information for further troubleshooting. One key requirement is to use low storage space over the next 12 months and quickly determine the source and scope of an attack to effectively mitigate it. Which source of information must the analyst choose?
A. span port
B. PCAP
C. NetFlow
D. traffic mirroring
Correct Answer: C
QUESTION 57
What is a disadvantage of the asymmetric encryption system?
A. Asymmetric encryption is an old technique, and symmetric encryption is the newer one.
B. It is less secure because it uses a single key for encryption.
C. Asymmetric encryption is used to transfer the data, and symmetric is used to encrypt small chunks of data.
D. It is slow compared to the symmetric encryption system.
Correct Answer: D
QUESTION 58
A member of the SOC team is checking the dashboard provided by the Cisco Firepower Manager for further isolation actions. According to NIST SP800-61, in which phase of incident response is this action?
A. detection and analyze phase
B. preparation phase
C. post-incident activity phase
D. eradication and recovery phase
Correct Answer: D
QUESTION 59
What is the purpose of a ransomware attack?
A. to escalate privileges
B. to make files inaccessible by encrypting the data
C. to decrypt encrypted data and disks
D. to send keystrokes to a threat actor
Correct Answer: B
QUESTION 60
In digital communications, which method is recommended for securely exchanging public keys between users T0m and D4n?
A. Pretty Good Privacy
B. Secure Multipurpose Internet Mail Extensions
C. Automated Certificate Management Environment
D. Hardware Security Module
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.