لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim that they cannot access company servers. According to NIST SP800-61, in which phase of the incident response process is the analyst?
A. reparation
B. ontainment, eradication, and recovery
C. ost-incident activity
D. etection and analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #2
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
A. ignatures
B. ost IP addresses
C. ile size
D. ropped files
E. omain names
عرض الإجابة
اجابة صحيحة: BE
السؤال #3
An engineer is investigating a case of the unauthorized usage of the "tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
A. ll firewall alerts and resulting mitigations
B. agged protocols being used on the network
C. agged ports being used on the network
D. ll information and data within the datagram
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Which are the two score metrics as defined in CVSS v3? (Choose two.)
A. emporal Score Metrics
B. atural Score Metrics
C. ase Score Metrics
D. efinitive Score Metrics
E. isk Score Metrics
عرض الإجابة
اجابة صحيحة: AC
السؤال #5
According to the September 2020 threat intelligence feeds, new malware called Egregor was introduced and used in many attacks. Distribution of Egregor is primarily through a Cobalt Strike that has been installed on victim's workstations using RDP exploits. Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?
A. ansomware attack
B. hale-phishing
C. alware attack
D. nsider threat
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. SIRT
B. SIRT
C. ublic affairs
D. anagement
عرض الإجابة
اجابة صحيحة: D
السؤال #7
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
A. nalyze the threat
B. ecover from the threat
C. educe the probability of similar threats
D. dentify lessons learned from the threat
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Why is HTTPS traffic difficult to screen?
A. igital certificates secure the session, and the data is sent at random intervals
B. TTPS is used internally and screening traffic for external parties is hard due to isolation
C. he communication is encrypted and the data in transit is secured
D. raffic is tunneled to a specific destination and is inaccessible to others except for the receiver
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?
A. ata integrity
B. ata preservation
C. vidence collection order
D. olatile data collection
عرض الإجابة
اجابة صحيحة: C
السؤال #10
What is the purpose of a SIEM solution?
A. o collect and correlate event log data to provide holistic views of the security posture of an environment
B. o monitor and manage firewall access control lists for duplicate firewall filtering
C. o collect and categorize indicators of compromise to evaluate and search for potential security threats
D. o collect and forward event logs to another log collection device to evaluate security threats
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: