Drag and drop the technology on the left onto the data type the technology provides on the right.
Refer to the exhibit.
Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
What is a collection of compromised machines that attackers use to carry out a DDoS attack?
Refer to the exhibit.
An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several SSH Server Banner and Key Exchange Initiations. The engineer cannot see the exact data being transmitted over an encrypted channel and cannot identify how the attacker gained access How did the attacker gain access?
Which technology on a host is used to isolate a running application from other applications?
An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load What is the next step the engineer should take to investigate this resource usage7
What is the difference between the rule-based detection when compared to behavioral detection?
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?
Which type of attack is a blank email with the subject "price deduction" that contains a malicious attachment?
What is the difference between statistical detection and rule-based detection models?
An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?
Refer to the exhibit.
What is the potential threat identified in this Stealthwatch dashboard?
What describes the concept of data consistently and readily being accessible for legitimate users?
What are the two differences between stateful and deep packet inspection? (Choose two )
What describes the impact of false-positive alerts compared to false-negative alerts?
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?
Which evasion method involves performing actions slower than normal to prevent detection?
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
Which element is included in an incident response plan as stated m NIST SP800-617
Refer to the exhibit.
What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
Drag and drop the type of evidence from the left onto the description of that evidence on the right.
What causes events on a Windows system to show Event Code 4625 in the log messages?
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Refer to the exhibit.
A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?
Which step in the incident response process researches an attacking host through logs in a SIEM?
Refer to the exhibit.
A company employee is connecting to mail google.com from an endpoint device. The website is loaded but with an error. What is occurring?
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?
Which information must an organization use to understand the threats currently targeting the organization?
What specific type of analysis is assigning values to the scenario to see expected outcomes?
Which data type is necessary to get information about source/destination ports?
Refer to the exhibit.
This request was sent to a web application server driven by a database. Which type of web server attack is represented?
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
Which component results from this operation?
Which vulnerability type is used to read, write, or erase information from a database?
What does an attacker use to determine which network ports are listening on a potential target device?
Which type of data consists of connection level, application-specific records generated from network traffic?
Drag and drop the elements from the left into the correct order for incident handling on the right.
A cyberattacker notices a security flaw in a software that a company is using They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software To which category of the Cyber Kill Cham model does this event belong?
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?
Refer to the exhibit.
Which packet contains a file that is extractable within Wireshark?
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information Customers can access the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom. What is the threat actor in this scenario?
What is a difference between inline traffic interrogation and traffic mirroring?
An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist. Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data. The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?