QUESTION 81
A group of company-owned endpoints were infected by ransomware via phishing email. Which two stakeholders must be involved in the containment phase? (Choose two.)
A. Incident Response Team Engineers
B. Owners of the infected endpoints
C. Technical Director
D. Chief Information Security Officer
E. Chief Physical Security Officer
Correct Answer: AD
QUESTION 82
What are two types of cross site scripting attacks? (Choose two.)
A. cascaded
B. reflected
C. directed
D. stored
E. encoded
Correct Answer: BD
QUESTION 83
An engineer must profile new servers that have been released recently and must identify running web services on nonstandard ports. Why is the probe returning no result?
A. Listening ports can use a range between 1 and 65535.
B. Port 80 or 443 is blocked by the firewall.
C. Servers use IPs from the DHCP server.
D. The policy is allowing initial collection of data.
Correct Answer: B
QUESTION 84
What is the dataflow set in the NetFlow flow-record format?
A. Dataflow set is a collection of binary patterns.
B. Dataflow set provides basic information about the packet, such as the NetFlow version.
C. Dataflow set is a collection of HEX records.
D. Dataflow set is a collection of data records.
Correct Answer: D
QUESTION 85
What is a description of the use of full packet capture in security monitoring?
A. After detection, it helps to analyze the header that contains metadata, including the source and destination address of the packet.
B. After analysis, it helps to identify security threats and network congestion, data/packet loss.
C. After diagnoses, it helps to alter network traffic and removes detected malware.
D. After identification, it helps to research a payload, which is the actual contents of the packet.
Correct Answer: D
QUESTION 86
What is the purpose of the endpoint sandboxing technology?=
A. It keeps malicious binaries under quarantine to determine intentions.
B. It detects and inspects malicious packets as they enter your network.
C. It monitors the traffic and suspicious activity on the specific endpoint.
D. It collects endpoint telemetry and monitors the internal system changes.
Correct Answer: A
QUESTION 87
What is the effect of TOR on data visibility?
A. TOR encrypts the data only from the first node.
B. TOR encrypts the data on each node, except the data sent to the destination from the last node.
C. TOR encrypts the data on each node, including the data sent to the destination from the last node.
D. TOR encrypts the data only from the last node.
Correct Answer: B
QUESTION 88
What is a cause of excessive DNS traffic from a host to the Internet?
A. The host is attempting to acquire a new IP address.
B. The host wants to resolve a specific hostname.
C. The host is sending command and control traffic tunneled in DNS traffic.
D. The host is trying to update its hostname with the Internet using DNS.
Correct Answer: C
QUESTION 89
What is the difference between authentication and authorization access control mechanisms?
A. Authentication is the process of validating that users are who they claim to be, and authorization is giving permissions to do or have something.
B. Authentication determines who the user is, and authorization is responsible for what the user knows, such as password or PIN.
C. Authorization is the strictest access control, and authentication happens after a user is identified successfully.
D. Authorization is validating the resource access level, and authentication defines what resources the employee has access to.
Correct Answer: A
QUESTION 90
What is a difference between SIEM and SOAR security systems?
A. SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts.
B. SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SoC teams to automate and orchestrate manual tasks.
C. SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data, antivirus logs, firewall logs, and hashes of downloaded files.
D. SOAR ingests numerous types of logs and event data infrastructure components, and SIEM can fetch data from endpoint security software and external threat intelligence feeds.
Correct Answer: A
QUESTION 91
An organization had a major incident recently where their servers were attacked and the data integrity was breached. An attacker used a vulnerability on TLS version 1.2 and performed a man-in-the-middle attack by downgrading the connection. What must a security specialist do to prevent similar attacks in the future?
A. Deploy a network monitoring solution.
B. Upgrade to TLS 1.3 or higher version.
C. Install a lower version of TLS such as 1.1.
D. Update IIS server versions.
Correct Answer: B
QUESTION 92
Which scenario describes a social engineering attack?
A. malicious insider trying to gather information on company security
B. company with a recent data breach where confidential information was stolen
C. suspicious file detected on a workstation
D. text message pretending to be from a legitimate company with a malicious URL inside
Correct Answer: D
QUESTION 93
Developers must implement tasks on remote Windows environments. They decided to use scripts for enterprise applications through PowerShell. Why does the functionality not work?
A. MBR must be set up.
B. WMI must be configured.
C. Symlinks must be enabled.
D. Ext4 must be implemented.
Correct Answer: B
QUESTION 94
A cyberattacker notices a security flaw in a software that a company is using. They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software. To which category of the Cyber Kill Chain model does this event belong?
A. delivery
B. exploitation
C. weaponization
D. reconnaissance
Correct Answer: C
QUESTION 95
What is the role of indicators of compromise during the attribution process?
A. They represent forensic evidence. These artifacts enable investigators to detect intrusions and attribute malicious activities.
B. They represent forensic evidence. These artifacts enable cyber security professionals to classify the incidents.
C. They represent the threat actors, which is crucial during the attribution process.
D. They enforce the Structured Threat Information eXpression, which is crucial during the attribution process.
Correct Answer: A
QUESTION 96
What is the difference between true positive and false negative?
A. True positive is when antivirus detects a hostile VBA script execution attempt, blocks the file, and sends an alert, and false negative is when antivirus does not detect a hostile VBA script and allows its execution as a legitimate file.
B. False negative is when antivirus alerts and stops a malicious file from execution, and true positive is when a malicious file goes undetected by antivirus and no alerts were raised.
C. True positive is when IPS detects an intrusion sign from an internal IP address and blocks the communication, then an engineer reviews the IP and recognizes it as a legitimate IP assigned to the printer, and false negative is when the attacker could not be identified as legitimate.
D. False negative is when IDS does not detect any intrusion attempts and no attempt took place, and true positive is when IDS does not detect any intrusion attempt when an actual attack is happening.
Correct Answer: A
QUESTION 97
Which system should be implemented to authenticate and secure the distribution of public keys in a scenario involving users identified as Tom and Dan?
A. Key Agreement Protocol
B. Symmetric Key Distribution
C. Secure Key Storage
D. One-Time Password
Correct Answer: A
QUESTION 98
What is a vulnerability?
A. attack vector
B. advantage in the asset
C. attack path
D. weakness in the asset
Correct Answer: D
QUESTION 99
What is the difference between attack surface and vulnerability?
A. An attack surface is a potential weakness, and a vulnerability is the sum of points that an attacker can potentially enter.
B. A vulnerability is a software error, and an attack surface is the sum of errors that the software has initially during its development stages.
C. A vulnerability is a potential weakness, and an attack surface is the sum of points that an attacker can potentially enter.
D. An attack surface is a software error, and a vulnerability is the sum of errors that the software has initially during its development stages.
Correct Answer: C
QUESTION 100
An employee of a company receives an email with an attachment. They notice that this email is from a suspicious source, and they decide not to open the attached file. After further investigation, a security analyst concludes that this file is malware. To which category of the Cyber Kill Chain model does this event belong?
A. delivery
B. weaponization
C. installation
D. exploitation
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.