لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Refer to the exhibit. What results from this script?
A. Seeds for existing domains are checked
B. A search is conducted for additional seeds
C. Domains are compared to seed rules
D. A list of domains as seeds is blocked
عرض الإجابة
اجابة صحيحة: B
السؤال #2
A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?
A. ost-authorization by non-issuing entities if there is a documented business justification
B. y entities that issue the payment cards or that perform support issuing services
C. ost-authorization by non-issuing entities if the data is encrypted and securely stored
D. y issuers and issuer processors if there is a legitimate reason
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers shou
A. etermine the type of data stored on the affected asset, document the access logs, and engage the incident response team
B. dentify who installed the application by reviewing the logs and gather a user access log from the HR department
C. erify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed
D. nitiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner
عرض الإجابة
اجابة صحيحة: AD
السؤال #4
A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)
A. onfigure shorter timeout periods
B. etermine API rate-limiting requirements
C. mplement API key maintenance
D. utomate server-side error reporting for customers
E. ecrease simultaneous API responses
عرض الإجابة
اجابة صحيحة: BD
السؤال #5
A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?
A. packet sniffer
B. malware analysis
C. SIEM
D. firewall manager
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Refer to the exhibit. Which command was executed in PowerShell to generate this log?
A. Get-EventLog -LogName*
B. Get-EventLog -List
C. Get-WinEvent -ListLog* -ComputerName localhost
D. Get-WinEvent -ListLog*
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial
A. accessing the Active Directory server
B. accessing the server with financial data
C. accessing multiple servers
D. downloading more than 10 files
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Refer to the exhibit. An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco SecureNetwork Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?
A. Top Peers
B. Top Hosts
C. Top Conversations
D. Top Ports
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Refer to the exhibit. For IP 192.168.1.209, what are the risk level, activity, and next step?
A. high risk level, anomalous periodic communication, quarantine with antivirus
B. critical risk level, malicious server IP, run in a sandboxed environment
C. critical risk level, data exfiltration, isolate the device
D. high risk level, malicious host, investigate further
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?
A. The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores do not indicate the likelihood of malicious ransomware
B. The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores are high and do not indicate the likelihood of malicious ransomware
C. The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are high and indicate the likelihood that malicious ransomware has been detected
D. The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are low and indicate the likelihood that malicious ransomware has been detected
عرض الإجابة
اجابة صحيحة: C
السؤال #11
An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response? #!/usr/bin/python import sys import requests
A. 1}, {2}
B. 1}, {3}
C. onsole_ip, api_token
D. onsole_ip, reference_set_name
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked foran organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elementsare missing to calculate the risk assessment? (Choose two.)
A. incident response playbooks
B. asset vulnerability assessment
C. report of staff members with asset relations
D. key assets and executives
E. malware analysis report
عرض الإجابة
اجابة صحيحة: BE
السؤال #13
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customerdemands, the company recently started to accept credit card payments and acquired a POS terminal. Which complianceregulations must the audit apply to the company?
A. HIPAA
B. FISMA
C. COBIT
D. PCI DSS
عرض الإجابة
اجابة صحيحة: D
السؤال #14
A security expert is investigating a breach that resulted in a $32 million loss from customer accounts. Hackers were able tosteal API keys and two-factor codes due to a vulnerability that was introduced in a new code a few weeks before the attack.Which step was missed that would have prevented this breach?
A. use of the Nmap tool to identify the vulnerability when the new code was deployed
B. implementation of a firewall and intrusion detection system
C. implementation of an endpoint protection system
D. use of SecDevOps to detect the vulnerability during development
عرض الإجابة
اجابة صحيحة: D
السؤال #15
A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?
A. Limit the number of API calls that a single client is allowed to make
B. Add restrictions on the edge router on how often a single client can access the API
C. Reduce the amount of data that can be fetched from the total pool of active clients that call the APID
عرض الإجابة
اجابة صحيحة: A
السؤال #16
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS.Which type of cloud environment should be used?
A. IaaS
B. PaaS
C. DaaS
D. SaaS
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Refer to the exhibit. Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects thethreat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using AdaptiveNetwork Control policy. Which method was used to signal ISE to quarantine the endpoints?
A. SNMP
B. syslog
C. REST API
D. pxGrid
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a lowprevalence file to the Threat Grid analysis engine. What should be concluded from this report?
A. Threat scores are high, malicious ransomware has been detected, and files have been modified
B. Threat scores are low, malicious ransomware has been detected, and files have been modified
C. Threat scores are high, malicious activity is detected, but files have not been modified
D. Threat scores are low and no malicious file activity is detected
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilegeescalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analystshave time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action willaccomplish this goal?
A. Exclude the step “BAN malicious IP” to allow analysts to conduct and track the remediation
B. Include a step “Take a Snapshot” to capture the endpoint state to contain the threat for analysis
C. Exclude the step Check for GeoIP location to allow analysts to analyze the location and the associated risk based on asset criticality
D. Include a step “Reporting” to alert the security department of threats identified by the SOAR reporting engine
عرض الإجابة
اجابة صحيحة: A
السؤال #20
An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR andservice departments. While checking the event sources, the website monitoring tool showed several web scraping alertsovernight. Which type of compromise is indicated?
A. phishing
B. dumpster diving
C. social engineering
D. privilege escalation
عرض الإجابة
اجابة صحيحة: C
السؤال #21
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?
A. radication and recovery
B. ost-incident activity
C. ontainment
D. etection and analysis
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: