لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which system monitors local system operation and local network access for violations of a security policy?
A. ost-based intrusion detection
B. ystems-based sandboxing
C. ost-based firewall
D. ntivirus
عرض الإجابة
اجابة صحيحة: A
السؤال #2
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?
A. he threat actor used a dictionary-based password attack to obtain credentials
B. he threat actor gained access to the system by known credentials
C. he threat actor used the teardrop technique to confuse and crash login services
D. he threat actor used an unknown vulnerability of the operating system that went undetected
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Which security technology allows only a set of pre-approved applications to run on a system?
A. pplication-level blacklisting
B. ost-based IPS
C. pplication-level whitelisting
D. ntivirus
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Which HTTP header field is used in forensics to identify the type of browser used?
A. eferrer
B. ost
C. ser-agent
D. ccept-language
عرض الإجابة
اجابة صحيحة: C
السؤال #5
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack.What is the reason for this discrepancy?
A. he computer has a HIPS installed on it
B. he computer has a NIPS installed on it
C. he computer has a HIDS installed on it
D. he computer has a NIDS installed on it
عرض الإجابة
اجابة صحيحة: C
السؤال #6
What does cyber attribution identify in an investigation?
A. ause of an attack
B. xploit of an attack
C. ulnerabilities exploited
D. hreat actors of an attack
عرض الإجابة
اجابة صحيحة: D
السؤال #7
DRAG DROP (Drag and Drop is not supported)Refer to the exhibit.Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?
A. ost 10
B. ost 152
C. raffic to 152
D. ost 10
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which event artifact is used to identify HTTP GET requests for a specific file?
A. estination IP address
B. CP ACK
C. TTP status code
D. RI
عرض الإجابة
اجابة صحيحة: D
السؤال #10
What is rule-based detection when compared to statistical detection?
A. roof of a user's identity
B. roof of a user's action
C. ikelihood of user's action
D. alsification of a user's identity
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Refer to the exhibit.Which packet contains a file that is extractable within Wireshark?
A. 317
B. 986
C. 318
D. 542
عرض الإجابة
اجابة صحيحة: D
السؤال #12
What makes HTTPS traffic difficult to monitor?
A. SL interception
B. acket header size
C. ignature detection time
D. ncryption
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Which type of evidence supports a theory or an assumption that results from initial evidence?
A. robabilistic
B. ndirect
C. est
D. orroborative
عرض الإجابة
اجابة صحيحة: D
السؤال #14
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?
A. econnaissance
B. ction on objectives
C. nstallation
D. xploitation
عرض الإجابة
اجابة صحيحة: C
السؤال #15
How is attacking a vulnerability categorized?
A. ction on objectives
B. elivery
C. xploitation
D. nstallation
عرض الإجابة
اجابة صحيحة: C
السؤال #16
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
A. ate of birth
B. river's license number
C. ender
D. ip code
عرض الإجابة
اجابة صحيحة: CD
السؤال #17
Which incidence response step includes identifying all hosts affected by an attack?
A. etection and analysis
B. ost-incident activity
C. reparation
D. ontainment, eradication, and recovery
عرض الإجابة
اجابة صحيحة: D
السؤال #18
Refer to the exhibit.Which technology generates this log?
A. etFlow
B. DS
C. eb proxy
D. irewall
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?
A. policy violation is active for host 10
B. host on the network is sending a DDoS attack to another inside host
C. here are two active data exfiltration alerts
D. policy violation is active for host 10
عرض الإجابة
اجابة صحيحة: C
السؤال #20
What is a benefit of agent-based protection when compared to agentless protection?
A. t lowers maintenance costs
B. t provides a centralized platform
C. t collects and detects all traffic locally
D. t manages numerous devices simultaneously
عرض الإجابة
اجابة صحيحة: B
السؤال #21
How is attacking a vulnerability categorized?
A. ction on objectives
B. elivery
C. xploitation
D. nstallation
عرض الإجابة
اجابة صحيحة: C
السؤال #22
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
A. he intellectual property that was stolen
B. he defense contractor who stored the intellectual property
C. he method used to conduct the attack
D. he foreign government that conducted the attack
عرض الإجابة
اجابة صحيحة: D
السؤال #23
What is the difference between a threat and a risk?
A. hreat represents a potential danger that could take advantage of a weakness in a system
B. isk represents the known and identified loss or danger in the system
C. isk represents the nonintentional interaction with uncertainty in the system
D. hreat represents a state of being exposed to an attack or a compromise, either physically or logically
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Which security principle requires more than one person is required to perform a critical task?
A. east privilege
B. eed to know
C. eparation of duties
D. ue diligence
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which regular expression matches "color" and "colour"?
A. olo?ur
B. ol[0-8]+our
C. olou?r
D. ol[0-9]+our
عرض الإجابة
اجابة صحيحة: C
السؤال #26
What is the relationship between a vulnerability and a threat?
A. threat exploits a vulnerability
B. vulnerability is a calculation of the potential loss caused by a threat
C. vulnerability exploits a threat
D. threat is a calculation of the potential loss caused by a vulnerability
عرض الإجابة
اجابة صحيحة: A
السؤال #27
What is a benefit of agent-based protection when compared to agentless protection?
A. t lowers maintenance costs
B. t provides a centralized platform
C. t collects and detects all traffic locally
D. t manages numerous devices simultaneously
عرض الإجابة
اجابة صحيحة: C
السؤال #28
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.Which technology makes this behavior possible?
A. ncapsulation
B. OR
C. unneling
D. AT
عرض الإجابة
اجابة صحيحة: D
السؤال #29
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A. yslog messages
B. ull packet capture
C. etFlow
D. irewall event logs
عرض الإجابة
اجابة صحيحة: C
السؤال #30
Which artifact is used to uniquely identify a detected file?
A. ile timestamp
B. ile extension
C. ile size
D. ile hash
عرض الإجابة
اجابة صحيحة: D
السؤال #31
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. SIRT
B. SIRT
C. ublic affairs
D. anagement
عرض الإجابة
اجابة صحيحة: D
السؤال #32
Refer to the exhibit.In which Linux log file is this output found?
A. var/log/authorization
B. var/log/dmesg
C. ar/log/var
D. var/log/auth
عرض الإجابة
اجابة صحيحة: D
السؤال #33
Why is encryption challenging to security monitoring?
A. ncryption analysis is used by attackers to monitor VPN tunnels
B. ncryption is used by threat actors as a method of evasion and obfuscation
C. ncryption introduces additional processing requirements by the CPU
D. ncryption introduces larger packet sizes to analyze and store
عرض الإجابة
اجابة صحيحة: B
السؤال #34
What does an attacker use to determine which network ports are listening on a potential target device?
A. an-in-the-middle
B. ort scanning
C. QL injection
D. ing sweep
عرض الإجابة
اجابة صحيحة: B
السؤال #35
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.Which testing method did the intruder use?
A. ocial engineering
B. avesdropping
C. iggybacking
D. ailgating
عرض الإجابة
اجابة صحيحة: A
السؤال #36
Refer to the exhibit.What is occurring in this network traffic?
A. igh rate of SYN packets being sent from a multiple source towards a single destination IP
B. igh rate of ACK packets being sent from a single source IP towards multiple destination IPs
C. lood of ACK packets coming from a single source IP to multiple destination IPs
D. lood of SYN packets coming from a single source IP to a single destination IP
عرض الإجابة
اجابة صحيحة: D
السؤال #37
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?
A. equence numbers
B. P identifier
C. -tuple
D. imestamps
عرض الإجابة
اجابة صحيحة: C
السؤال #38
What are two denial of service attacks? (Choose two.)
A. map --top-ports 192
B. map \xadsP 192
C. map -sL 192
D. map -sV 192
عرض الإجابة
اجابة صحيحة: CD
السؤال #39
Which regex matches only on all lowercase letters?
A. a-z]+
B. ^a-z]+
C. -z+
D. *z+
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?
A. rc=10
B. p
C. p
D. rc==10
عرض الإجابة
اجابة صحيحة: B
السؤال #41
Which type of data consists of connection level, application-specific records generated from network traffic?
A. ransaction data
B. ocation data
C. tatistical data
D. lert data
عرض الإجابة
اجابة صحيحة: A
السؤال #42
How does an attacker observe network traffic exchanged between two users?
A. ort scanning
B. an-in-the-middle
C. ommand injection
D. enial of service
عرض الإجابة
اجابة صحيحة: B
السؤال #43
DRAG DROP (Drag and Drop is not supported) (Drag and Drop is not supported)Drag and drop the uses on the left onto the type of security system on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #44
What is a difference between SOAR and SIEM?
A. OAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. IEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. OAR receives information from a single platform and delivers it to a SIEM
D. IEM receives information from a single platform and delivers it to a SOAR
عرض الإجابة
اجابة صحيحة: A
السؤال #45
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic?
A. ansomware communicating after infection
B. sers downloading copyrighted content
C. ata exfiltration
D. ser circumvention of the firewall
عرض الإجابة
اجابة صحيحة: D
السؤال #46
What are two social engineering techniques? (Choose two.)
A. pen ports of a web server
B. pen port of an FTP server
C. pen ports of an email server
D. unning processes of the server
عرض الإجابة
اجابة صحيحة: CE
السؤال #47
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.Which kind of evidence is this IP address?
A. est evidence
B. orroborative evidence
C. ndirect evidence
D. orensic evidence
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which metric is used to capture the level of access needed to launch a successful attack?
A. rivileges required
B. ser interaction
C. ttack complexity
D. ttack vector
عرض الإجابة
اجابة صحيحة: D
السؤال #49
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.Which information is available on the server certificate?
A. erver name, trusted subordinate CA, and private key
B. rusted subordinate CA, public key, and cipher suites
C. rusted CA name, cipher suites, and private key
D. erver name, trusted CA, and public key
عرض الإجابة
اجابة صحيحة: D
السؤال #50
What is an example of social engineering attacks?
A. eceiving an unexpected email from an unknown person with an attachment from someone in the same company
B. eceiving an email from human resources requesting a visit to their secure website to update contact information
C. ending a verbal request to an administrator who knows how to change an account password
D. eceiving an invitation to the department's weekly WebEx meeting
عرض الإجابة
اجابة صحيحة: C
السؤال #51
At which layer is deep packet inspection investigated on a firewall?
A. nternet
B. ransport
C. pplication
D. ata link
عرض الإجابة
اجابة صحيحة: C
السؤال #52
Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?
A. WS
B. IS
C. oad balancer
D. roxy server
عرض الإجابة
اجابة صحيحة: C
السؤال #53
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. ecision making
B. apid response
C. ata mining
D. ue diligence
عرض الإجابة
اجابة صحيحة: B
السؤال #54
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
A. xamination
B. nvestigation
C. ollection
D. eporting
عرض الإجابة
اجابة صحيحة: C
السؤال #55
A user received a malicious attachment but did not run it. Which category classifies the intrusion?
A. eaponization
B. econnaissance
C. nstallation
D. elivery
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Which security principle is violated by running all processes as root or administrator?
A. rinciple of least privilege
B. ole-based access control
C. eparation of duties
D. rusted computing base
عرض الإجابة
اجابة صحيحة: A
السؤال #57
What is a sandbox interprocess communication service?
A. collection of rules within the sandbox that prevent the communication between sandboxes
B. collection of network services that are activated on an interface, allowing for inter-port communication
C. collection of interfaces that allow for coordination of activities among processes
D. collection of host services that allow for communication between sandboxes
عرض الإجابة
اجابة صحيحة: C
السؤال #58
Which security principle requires more than one person is required to perform a critical task?
A. east privilege
B. eed to know
C. eparation of duties
D. ue diligence
عرض الإجابة
اجابة صحيحة: C
السؤال #59
What is the function of a command and control server?
A. t enumerates open ports on a network device
B. t drops secondary payload into malware
C. t is used to regain control of the network after a compromise
D. t sends instruction to a compromised system
عرض الإجابة
اجابة صحيحة: D
السؤال #60
Refer to the exhibit.What is occurring in this network?
A. RP cache poisoning
B. NS cache poisoning
C. AC address table overflow
D. AC flooding attack
عرض الإجابة
اجابة صحيحة: A
السؤال #61
What is a difference between inline traffic interrogation and traffic mirroring?
A. nline inspection acts on the original traffic data flow
B. raffic mirroring passes live traffic to a tool for blocking
C. raffic mirroring inspects live traffic for analysis and mitigation
D. nline traffic copies packets for analysis and security
عرض الإجابة
اجابة صحيحة: A
السؤال #62
Refer to the exhibit.What is depicted in the exhibit?
A. indows Event logs
B. pache logs
C. IS logs
D. NIX-based syslog
عرض الإجابة
اجابة صحيحة: B
السؤال #63
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?
A. pplication identification number
B. ctive process identification number
C. untime identification number
D. rocess identification number
عرض الإجابة
اجابة صحيحة: D
السؤال #64
What is a purpose of a vulnerability management framework?
A. dentifies, removes, and mitigates system vulnerabilities
B. etects and removes vulnerabilities in source code
C. onducts vulnerability scans on the network
D. anages a list of reported vulnerabilities
عرض الإجابة
اجابة صحيحة: A
السؤال #65
What is a difference between tampered and untampered disk images?
A. ampered images have the same stored and computed hash
B. ntampered images are deliberately altered to preserve as evidence
C. ampered images are used as evidence
D. ntampered images are used for forensic investigations
عرض الإجابة
اجابة صحيحة: D
السؤال #66
What is the difference between the ACK flag and the RST flag in the NetFlow log session?
A. he RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete
B. he ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete
C. he RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection
D. he ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection
عرض الإجابة
اجابة صحيحة: D
السؤال #67
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
A. ragmentation
B. ivoting
C. ncryption
D. tenography
عرض الإجابة
اجابة صحيحة: C
السؤال #68
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
A. ntegrity
B. onfidentiality
C. vailability
D. cope
عرض الإجابة
اجابة صحيحة: A
السؤال #69
Refer to the exhibit.What does the output indicate about the server with the IP address 172.18.104.139?
A. t authenticates client identity when requesting SSL certificate
B. t validates domain identity of a SSL certificate
C. t authenticates domain identity when requesting SSL certificate
D. t validates client identity when communicating with the server
عرض الإجابة
اجابة صحيحة: C
السؤال #70
What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. AC is controlled by the discretion of the owner and DAC is controlled by an administrator
B. AC is the strictest of all levels of control and DAC is object-based access
C. AC is controlled by the operating system and MAC is controlled by an administrator
D. AC is the strictest of all levels of control and MAC is object-based access
عرض الإجابة
اجابة صحيحة: B
السؤال #71
An engineer configured regular expression ".*\.([Dd][Oo][Cc]|[Xx][LI][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" on Cisco ASA firewall. What does this regular expression do?
A. t captures
B. t captures documents in an HTTP network session
C. t captures Word, Excel, and PowerPoint files in HTTP v1
D. t captures
عرض الإجابة
اجابة صحيحة: C
السؤال #72
What is the difference between deep packet inspection and stateful inspection?
A. eep packet inspection is more secure than stateful inspection on Layer 4
B. tateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
C. tateful inspection is more secure than deep packet inspection on Layer 7
D. eep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer
عرض الإجابة
اجابة صحيحة: D
السؤال #73
What is personally identifiable information that must be safeguarded from unauthorized access?
A. ode signing enforcement
B. ull assets scan
C. nternet exposed devices
D. ingle factor authentication
عرض الإجابة
اجابة صحيحة: B
السؤال #74
DRAG DROPDrag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
A. TTPS ports are open on the server
B. MB ports are closed on the server
C. TP ports are open on the server
D. mail ports are closed on the server
عرض الإجابة
اجابة صحيحة: A
السؤال #75
What is the impact of false positive alerts on business compared to true positive?
A. rue positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach
B. rue positive alerts are blocked by mistake as potential attacks affecting application availability
C. alse positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach
D. alse positive alerts are blocked by mistake as potential attacks affecting application availability
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.