Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which data element must be protected with regards to PCI?
A. past health condition
B. geographic location
C. full name
D. recent payment amount
Answer: D
Q2. Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?
A. confidentiality
B. integrity
C. availability
D. complexity
Answer: D
Q3. What is accomplished in the identification phase of incident handling?
A. determining the responsible user
B. identifying source and destination IP addresses
C. defining the limits of your authority related to a security event
D. determining that a security event has occurred
Answer:
Q4. Which description of a retrospective maKvare detection is true?
A. You use Wireshark to identify the malware source.
B. You use historical information from one or more sources to identify the affected host or file.
C. You use information from a network analyzer to identify the malware source.
D. You use Wireshark to identify the affected host or file.
Answer: B
Q5. Which two components are included in a 5-tuple? (Choose two.)
A. port number
B. destination IP address
C. data packet
D. user name
E. host logs
Answer: B,C
Q6. Refer to the exhibit. Which type of log is this an example of?
A. syslog
B. NetFlow log
C. proxy log
D. IDS log
Answer: A
Q7. DRAG DROP
Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
Answer:
Q8. Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked?
A. true positive
B. true negative
C. false positive
D. false negative
Answer: A
Q9. In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas of various sizes. What is this called?
A. network file storing
B. free space fragmentation
C. alternate data streaming
D. defragmentation
Answer: A
Q10. In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
A. determining the number of attackers that are associated with a security incident
B. ascertaining the number and types of vulnerabilities on your network
C. identifying the extent that a security incident is impacting protected resources on the network
D. determining what and how much data may have been affected
E. identifying the attackers that are associated with a security incident
Answer: D,E
Q11. Which identifies both the source and destination location?
A. IP address
B. URL
C. ports
D. MAC address
Answer: C
Q12. Which stakeholder group is responsible for containment, eradication, and recovery in incident handling?
A. facilitators
B. practitioners
C. leaders and managers
D. decision makers
Answer: A
Q13. In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
A. determining the number of attackers that are associated with a security incident
B. ascertaining the number and types of vulnerabilities on your network
C. identifying the extent that a security incident is impacting protected resources on the network
D. determining what and how much data may have been affected
E. identifying the attackers that are associated with a security incident
Answer: D,E
Q14. Which kind of evidence can be considered most reliable to arrive at an analytical assertion?
A. direct
B. corroborative
C. indirect
D. circumstantial
E. textual
Answer: A
Q15. Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?
A. local
B. physical
C. network
D. adjacent
Answer: D