NEW QUESTION 1
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

• A. sequence numbers
• B. IP identifier
• C. 5-tuple
• D. timestamps

Answer: C

NEW QUESTION 2
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)

• A. detection and analysis
• B. post-incident activity
• C. vulnerability management
• D. risk assessment
• E. vulnerability scoring

Answer: AB

NEW QUESTION 3
What is an attack surface as compared to a vulnerability?

• A. any potential danger to an asset
• B. the sum of all paths for data into and out of the application
• C. an exploitable weakness in a system or its design
• D. the individuals who perform an attack

Answer: B

NEW QUESTION 4
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network?
(Choose two.)

• A. PCI
• B. GLBA
• C. HIPAA
• D. SOX
• E. COBIT

Answer: AC

NEW QUESTION 5
What causes events on a Windows system to show Event Code 4625 in the log messages?

• A. The system detected an XSS attack
• B. Someone is trying a brute force attack on the network
• C. Another device is gaining root access to the system
• D. A privileged user successfully logged into the system

Answer: B

NEW QUESTION 6
Which regular expression matches "color" and "colour"?

• A. colo?ur
• B. col[08]+our
• C. colou?r
• D. col[09]+our

Answer: C

NEW QUESTION 7
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

• A. forgery attack
• B. plaintext-only attack
• C. ciphertext-only attack
• D. meet-in-the-middle attack

Answer: C

NEW QUESTION 8
Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

• A. resource exhaustion
• B. tunneling
• C. traffic fragmentation
• D. timing attack

Answer: A

NEW QUESTION 9
What is personally identifiable information that must be safeguarded from unauthorized access?

• A. date of birth
• B. driver's license number
• C. gender
• D. zip code

Answer: B

NEW QUESTION 10
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

• A. signatures
• B. host IP addresses
• C. file size
• D. dropped files
• E. domain names

Answer: BE

NEW QUESTION 11
Which step in the incident response process researches an attacking host through logs in a SIEM?

• A. detection and analysis
• B. preparation
• C. eradication
• D. containment

Answer: A

NEW QUESTION 12
What is the function of a command and control server?

• A. It enumerates open ports on a network device
• B. It drops secondary payload into malware
• C. It is used to regain control of the network after a compromise
• D. It sends instruction to a compromised system

Answer: D

NEW QUESTION 13
How does certificate authority impact a security system?

• A. It authenticates client identity when requesting SSL certificate
• B. It validates domain identity of a SSL certificate
• C. It authenticates domain identity when requesting SSL certificate
• D. It validates client identity when communicating with the server

Answer: B

NEW QUESTION 14
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

• A. encapsulation
• B. TOR
• C. tunneling
• D. NAT

Answer: D

NEW QUESTION 15
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?

• A. fragmentation
• B. pivoting
• C. encryption
• D. stenography

Answer: D

NEW QUESTION 16
......