لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
What do host-based firewalls protect workstations from?
A. ero-day vulnerabilities
B. alicious web scripts
C. nwanted traffic
D. iruse
عرض الإجابة
اجابة صحيحة: D
السؤال #2
Which element is included in an incident response plan as stated in NIST.SP800-61?
A. pproval of senior management
B. ecurity of sensitive information
C. ndividual approach to incident response
D. onsistent threat identificatio
عرض الإجابة
اجابة صحيحة: D
السؤال #3
What is a difference between inline traffic interrogation and traffic mirroring?
A. nline inspection acts on the original traffic data flow
B. raffic mirroring passes live traffic to a tool for blocking
C. raffic mirroring inspects live traffic for analysis and mitigation
D. nline traffic copies packets for analysis and securit
عرض الإجابة
اجابة صحيحة: A
السؤال #4
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. apping interrogation replicates signals to a separate port for analyzing traffic
B. apping interrogations detect and block malicious traffic
C. nline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. nline interrogation detects malicious traffic but does not block the traffi
عرض الإجابة
اجابة صحيحة: A
السؤال #5
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
A. xamination
B. ollection
C. eporting
D. nvestigatio
عرض الإجابة
اجابة صحيحة: A
السؤال #6
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers. ASOC analyst checked the endpoints and discovered that they are infected and became part of the botnet. Endpoints are sending multiple DNS requests, but with spoofed IP addresses ofvalid external sources. What kind of attack are infected endpoints involved in?
A. NS flooding
B. NS hijacking
C. NS amplification
D. NS tunnelin
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Which statement describes patch management?
A. canning servers and workstations for missing patches and vulnerabilities
B. rocess of appropriate distribution of system or software updates
C. anaging and keeping previous patches lists documented for audit purposes
D. orkflow of distributing mitigations of newly found vulnerabilitie
عرض الإجابة
اجابة صحيحة: A
السؤال #8
What is the difference between statistical detection and rule-based detection models?
A. ule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
B. tatistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
C. tatistical detection involves the evaluation of an object on its intended actions before it executes that behavior
D. ule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basi
عرض الإجابة
اجابة صحيحة: B
السؤال #9
What are the two differences between stateful and deep packet inspection?
A. tateful inspection is capable of packet data inspections, and deep packet inspection is not
B. eep packet inspection is capable of malware blocking, and stateful inspection is not
C. eep packet inspection operates on Layer 3 and 4, and stateful inspection operates on Layer 3 of the OSI model
D. tateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports
E. eep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP
عرض الإجابة
اجابة صحيحة: BE
السؤال #10
What is the difference between deep packet inspection and stateful inspection?
A. tateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention
B. eep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4
C. tateful inspection verifies data at the transport layer, and deep packet inspection verifies data at the application layer
D. eep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention
عرض الإجابة
اجابة صحيحة: B
السؤال #11
What is a difference between a threat and a risk?
A. risk is a flaw or hole in security, and a threat is what is being used against that flaw
B. threat is a sum of risks, and a risk itself represents a specific danger toward the asset
C. risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against
D. threat can be people, property, or information, and risk is a probability by which these threats may bring harm to the business
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?
A. eplay
B. QL injection
C. ictionary
D. ross-site scriptin
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Which option describes indicators of attack?
A. irus detection by the AV software
B. pam emails on an employee workstation
C. alware reinfection within a few minutes of removal
D. locked phishing attempt on a compan
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Why should an engineer use a full packet capture to investigate a security breach?
A. t reconstructs the event allowing the engineer to identify the root cause by seeing what took place during the breach
B. t provides the full TCP streams for the engineer to follow the metadata to identify the incoming threat
C. t captures the TCP flags set within each packet for the engineer to focus on suspicious packets to identify malicious activity
D. t collects metadata for the engineer to analyze, including IP traffic packet data that is sorted, parsed, and indexed
عرض الإجابة
اجابة صحيحة: A
السؤال #15
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints, via Cisco StealthWatch. What are the two next steps of the SOC team according to the NIST.SP800-61 incident handling process?
A. rovide security awareness training to HR managers and employees
B. lock connection to this C&C server on the perimeter next-generation firewall
C. solate affected endpoints and take disk images for analysis
D. pdate antivirus signature databases on affected endpoints to block connections to C&C
E. etect the attack vector and analyze C&C connections
عرض الإجابة
اجابة صحيحة: BC
السؤال #16
What matches the regular expression c(rgr)+e?
A. rgrrgre
B. (rgr)e
C. e
D. rgr+
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which action matches the weaponization step of the Cyber Kill Chain model?
A. onstruct the appropriate malware and deliver it to the victim
B. est and construct the appropriate malware to launch the attack
C. can a host to find open ports and vulnerabilities
D. esearch data on a specific vulnerability
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which technique is a low-bandwidth attack?
A. hishing
B. ocial engineering
C. ession hijacking
D. vasio
عرض الإجابة
اجابة صحيحة: D
السؤال #19
According to CVSS, what is a description of the attack vector score?
A. t depends on how many physical and logical manipulations are possible on a vulnerable component
B. he metric score will be larger when a remote attack is more likely
C. he metric score will be larger when it is easier to physically touch or manipulate the vulnerable component
D. t depends on how far away the attacker is located and the vulnerable component
عرض الإجابة
اجابة صحيحة: B
السؤال #20
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim that they cannot access company servers. According to NIST SP800-61, in which phase of the incident response process is the analyst?
A. reparation
B. ontainment, eradication, and recovery
C. ost-incident activity
D. etection and analysi
عرض الإجابة
اجابة صحيحة: D
السؤال #21
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed to investigate the callouts?
A. ignatures
B. ost IP addresses
C. ile size
D. ropped files
E. omain name
عرض الإجابة
اجابة صحيحة: BE
السؤال #22
An engineer is investigating a case of the unauthorized usage of the "tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
A. ll firewall alerts and resulting mitigations
B. agged protocols being used on the network
C. agged ports being used on the network
D. ll information and data within the datagra
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which are the two score metrics as defined in CVSS v3?
A. emporal Score Metrics
B. atural Score Metrics
C. ase Score Metrics
D. efinitive Score Metrics
E. isk Score Metric
عرض الإجابة
اجابة صحيحة: AC
السؤال #24
According to the September 2020 threat intelligence feeds, new malware called Egregor was introduced and used in many attacks. Distribution of Egregor is primarily through a Cobalt Strike that has been installed on victim's workstations using RDP exploits. Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?
A. ansomware attack
B. hale-phishing
C. alware attack
D. nsider threa
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. SIRT
B. SIRT
C. ublic affairs
D. anagemen
عرض الإجابة
اجابة صحيحة: D
السؤال #26
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted.What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
A. nalyze the threat
B. ecover from the threat
C. educe the probability of similar threats
D. dentify lessons learned from the threat
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Why is HTTPS traffic difficult to screen?
A. igital certificates secure the session, and the data is sent at random intervals
B. TTPS is used internally and screening traffic for external parties is hard due to isolation
C. he communication is encrypted and the data in transit is secured
D. raffic is tunneled to a specific destination and is inaccessible to others except for the receiver
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?
A. ata integrity
B. ata preservation
C. vidence collection order
D. olatile data collection
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: