Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which element is included in an incident response plan?
A. organization mission
B. junior analyst approval
C. day-to-day firefighting
D. siloed approach to communications
Answer: A
Q2. Which option can be addressed when using retrospective security techniques?
A. if the affected host needs a software update
B. how the malware entered our network
C. why the malware is still in our network
D. if the affected system needs replacement
Answer: A
Q3. Which process is being utilized when IPS events are removed to improve data integrity?
A. data normalization
B. data availability
C. data protection
D. data signature
Answer: B
Q4. DRAG DROP
Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the NetFlow v5 record from a security event on the right.
Answer:
Q5. Which string matches the regular expression r(ege)+x?
A. rx
B. regeegex
C. r(ege)x
D. rege+x
Answer: A
Q6. Which option is generated when a file is run through an algorithm and generates a string specific to the contents of that file?
A. URL
B. hash
C. IP address
D. destination port
Answer: C
Q7. Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked?
A. true positive
B. true negative
C. false positive
D. false negative
Answer: A
Q8. Which identifies both the source and destination location?
A. IP address
B. URL
C. ports
D. MAC address
Answer: C
Q9. Which data element must be protected with regards to PCI?
A. past health condition
B. geographic location
C. full name
D. recent payment amount
Answer: D
Q10. Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?
A. confidentiality
B. integrity
C. availability
D. complexity
Answer: D
Q11. Which description of a retrospective maKvare detection is true?
A. You use Wireshark to identify the malware source.
B. You use historical information from one or more sources to identify the affected host or file.
C. You use information from a network analyzer to identify the malware source.
D. You use Wireshark to identify the affected host or file.
Answer: B
Q12. Which stakeholder group is responsible for containment, eradication, and recovery in incident handling?
A. facilitators
B. practitioners
C. leaders and managers
D. decision makers
Answer: A
Q13. What is accomplished in the identification phase of incident handling?
A. determining the responsible user
B. identifying source and destination IP addresses
C. defining the limits of your authority related to a security event
D. determining that a security event has occurred
Answer:
Q14. Which goal of data normalization is true?
A. Reduce data redundancy.
B. Increase data redundancy.
C. Reduce data availability.
D. Increase data availability
Answer: C
Q15. You see 100 HTTP GET and POST requests for various pages on one of your webservers. The user agent in the requests contain php code that, if executed, creates and writes to a new php file on the webserver. Which category does this event fall under as defined in the Diamond Model of Intrusion?
A. delivery
B. reconnaissance
C. action on objectives
D. installation
E. exploitation
Answer: D