web analytics

Which option can be addressed when using retrospective security techniques?

Which option can be addressed when using retrospective security techniques? A. if the affected host needs a software update B. how the malware entered our network C. why the malware

Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?

Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component? A. local B. physical C. network D. adjacent Correct Answer: B

Which option is a misuse variety per VERIS enumerations?

Which option is a misuse variety per VERIS enumerations? A. snooping B. hacking C. theft D. assault Correct Answer: B

Which two activities fall under scoping?

In the context of incident handling phases, which two activities fall under scoping? (Choose two.) A. determining the number of attackers that are associated with a security incident B. ascertaining

Which regular expression matches “color” and “colour”?

Which regular expression matches “color” and “colour”? A. col[0-9]+our B. colo?ur C. colou?r D. ]a-z]{7} Correct Answer: C

Which category does this event fall under as defined in the Diamond Model of Intrusion?

You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and

Which kind of evidence can be considered most reliable to arrive at an analytical assertion?

Which kind of evidence can be considered most reliable to arrive at an analytical assertion? A. direct B. corroborative C. indirect D. circumstantial E. textual Correct Answer: A

Which data element must be protected with regards to PCI?

Which data element must be protected with regards to PCI? A. past health condition B. geographic location C. full name D. recent payment amount Correct Answer: D

Which statement about threat actors is true?

Which statement about threat actors is true? A. They are any company assets that are threatened. B. They are any assets that are threatened. C. They are perpetrators of attacks.

Which string matches the regular expression r(ege)+x?

Which string matches the regular expression r(ege)+x? A. rx B. regeegex C. r(ege)x D. rege+x Correct Answer: A

What mechanism does the Linux operating system provide to control access to files?

What mechanism does the Linux operating system provide to control access to files? A. privileges required B. user interaction C. file permissions D. access complexity Correct Answer: C

Which element is part of an incident response plan?

Which element is part of an incident response plan? A. organizational approach to incident response B. organizational approach to security C. disaster recovery D. backups Correct Answer: A

What information from HTTP logs can be used to find a threat actor?

What information from HTTP logs can be used to find a threat actor? A. referer B. IP address C. user-agent D. URL Correct Answer: C

Which source provides reports of vulnerabilities in software and hardware to a Security Operations Center?

Which source provides reports of vulnerabilities in software and hardware to a Security Operations Center? A. Analysis Center B. National CSIRT C. Internal CSIRT D. Physical Security Correct Answer: D

Which option filters a LibPCAP capture that used a host as a gateway?

Which option filters a LibPCAP capture that used a host as a gateway? A. tcp|udp] [src|dst] port B. [src|dst] net [{mask }|{len }] C. ether [src|dst] host D. gateway host

Which two pieces of information from the analysis report are needed or required to investigate the callouts?

You have run a suspicious file in a sandbox analysis tool to see what the file does. The analysis report shows that outbound callouts were made post infection. Which two

Which term defines the initial event in the NIST SP800- 61 r2?

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61

When performing threat hunting against a DNS server, which traffic toward the affected domain is considered a starting point?

When performing threat hunting against a DNS server, which traffic toward the affected domain is considered a starting point? A. HTTPS traffic B. TCP traffic C. HTTP traffic D. UDP

Which network device creates and sends the initial packet of a session?

Which network device creates and sends the initial packet of a session? A. source B. origination C. destination D. network Correct Answer: A

Which type of analysis allows you to see how likely an exploit could affect your network?

Which type of analysis allows you to see how likely an exploit could affect your network? A. descriptive B. casual C. probabilistic D. inferential Correct Answer: C

Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component? A. confidentiality B. integrity C. availability D. complexity Correct Answer: A

Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked?

Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked? A. true positive B. true negative C. false positive D. false negative

Which category does this event fall under as defined in the Diamond Model of Intrusion?

You see confidential data being exfiltrated to an IP address that is attributed to a known Advanced Persistent Threat group. Assume that this is part of a real attach and

Which option contains the elements that every event is comprised of according to VERIS incident model’?

In VERIS, an incident is viewed as a series of events that adversely affects the information assets of an organization. Which option contains the elements that every event is comprised

Which two components are included in a 5-tuple?

Which two components are included in a 5-tuple? (Choose two.) A. port number B. destination IP address C. data packet D. user name E. host logs Correct Answer: AB

Which information must be left out of a final incident report?

Which information must be left out of a final incident report? A. server hardware configurations B. exploit or vulnerability used C. impact and/or the financial loss D. how the incident

Which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity? A. collection B. examination C. reporting D.

Which category as defined in the Diamond Model of Intrusion does this activity fall under?

A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in

Which user agent in the HTTP headers in the requests from your internal hosts warrants further investigation?

You receive an alert for malicious code that exploits Internet Explorer and runs arbitrary code on the site visitor machine. The malicous code is on an external site that is

Which option creates a display filter on Wireshark on a host IP address or name?

Which option creates a display filter on Wireshark on a host IP address or name? A. ip.address == or ip.network == B. [tcp|udp] ip.[src|dst] port C. ip.addr == or ip.name

Which two options can be used by a threat actor to determine the role of a server?

Which two options can be used by a threat actor to determine the role of a server? (Choose two.) A. PCAP B. tracert C. running processes D. hard drive configuration

Which feature is used to find possible vulnerable services running on a server?

Which feature is used to find possible vulnerable services running on a server? A. CPU utilization B. security policy C. temporary internet files D. listening ports Correct Answer: D

Which type of analysis assigns values to scenarios to see what the outcome might be in each scenario?

Which type of analysis assigns values to scenarios to see what the outcome might be in each scenario? A. deterministic B. exploratory C. probabilistic D. descriptive Correct Answer: D

Which identifies both the source and destination location?

Which identifies both the source and destination location? A. IP address B. URL C. ports D. MAC address Correct Answer: C

Which goal of data normalization is true?

Which goal of data normalization is true? A. Reduce data redundancy. B. Increase data redundancy. C. Reduce data availability. D. Increase data availability Correct Answer: C

Which category best describes this activity?

A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the

Which Security Operations Center’s goal is to provide incident handling to a country?

Which Security Operations Center’s goal is to provide incident handling to a country? A. Coordination Center B. Internal CSIRT C. National CSIRT D. Analysis Center Correct Answer: C

Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?

Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space? A. confidentiality B. integrity C. availability D. complexity Correct Answer: D

Which element is included in an incident response plan?

Which element is included in an incident response plan? A. organization mission B. junior analyst approval C. day-to-day firefighting D. siloed approach to communications Correct Answer: A

Which process is being utilized when IPS events are removed to improve data integrity?

Which process is being utilized when IPS events are removed to improve data integrity? A. data normalization B. data availability C. data protection D. data signature Correct Answer: B

Which description of a retrospective maKvare detection is true?

Which description of a retrospective maKvare detection is true? A. You use Wireshark to identify the malware source. B. You use historical information from one or more sources to identify

Which two activities fall under scoping?

In the context of incident handling phases, which two activities fall under scoping? (Choose two.) A. determining the number of attackers that are associated with a security incident B. ascertaining

What is this called?

In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas of various

Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?

Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol

Which option allows a file to be extracted from a TCP stream within Wireshark?

Which option allows a file to be extracted from a TCP stream within Wireshark? A. File > Export Objects B. Analyze > Extract C. Tools > Export > TCP D.

Which phase of the forensic process are tools and techniques used to extract the relevant information from the collective data?

During which phase of the forensic process are tools and techniques used to extract the relevant information from the collective data? A. examination B. reporting C. collection D. investigation Correct

Which category as defined in the Diamond Model of Intrusion does this activity fall under?

A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in

Which stakeholder group is responsible for containment, eradication, and recovery in incident handling?

Which stakeholder group is responsible for containment, eradication, and recovery in incident handling? A. facilitators B. practitioners C. leaders and managers D. decision makers Correct Answer: A

Which option is a misuse variety per VERIS enumerations?

Which option is a misuse variety per VERIS enumerations? A. snooping B. hacking C. theft D. assault Correct Answer: B

Which category does this event fall under as defined in the Diamond Model of Intrusion?

You see 100 HTTP GET and POST requests for various pages on one of your web servers. The user agent in the requests contain php code that, if executed, creates