لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Refer to the exhibit.Which type of log is displayed?
A. roxy
B. etFlow
C. DS
D. ys
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Refer to the exhibit.Which kind of attack method is depicted in this string?
A. ross-site scripting
B. an-in-the-middle
C. QL injection
D. enial of service
عرض الإجابة
اجابة صحيحة: A
السؤال #3
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?
A. onfidentiality, identity, and authorization
B. onfidentiality, integrity, and authorization
C. onfidentiality, identity, and availability
D. onfidentiality, integrity, and availability
عرض الإجابة
اجابة صحيحة: D
السؤال #4
An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?
A. ata from a CD copied using Mac-based system
B. ata from a CD copied using Linux system
C. ata from a DVD copied using Windows system
D. ata from a CD copied using Windows
عرض الإجابة
اجابة صحيحة: B
السؤال #5
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received. Which technology should the engineer use to accomplish this task?
A. irepower
B. mail Security Appliance
C. eb Security Appliance
D. tealthwatch
عرض الإجابة
اجابة صحيحة: C
السؤال #6
What is the difference between an attack vector and attack surface?
A. n attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions
B. n attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network
C. n attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities
D. n attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Refer to the exhibit.An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
A. he file has an embedded executable and was matched by PEiD threat signatures for further analysis
B. he file has an embedded non-Windows executable but no suspicious features are identified
C. he file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis
D. he file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date
عرض الإجابة
اجابة صحيحة: C
السؤال #8
DRAG DROP (Drag and Drop is not supported)Drag and drop the access control models from the left onto the correct descriptions on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #9
What is the difference between statistical detection and rule-based detection models?
A. ule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
B. tatistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
C. tatistical detection involves the evaluation of an object on its intended actions before it executes that behavior
D. ule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which process is used when IPS events are removed to improve data integrity?
A. ata availability
B. ata normalization
C. ata signature
D. ata protection
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Refer to the exhibit.What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
A. nsert TCP subdissectors
B. xtract a file from a packet capture
C. isable TCP streams
D. nfragment TCP
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which event is user interaction?
A. aining root access
B. xecuting remote code
C. eading and writing file permission
D. pening a malicious file
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
A. nown-plaintext
B. eplay
C. ictionary
D. an-in-the-middle
عرض الإجابة
اجابة صحيحة: D
السؤال #14
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?
A. east privilege
B. eed to know
C. ntegrity validation
D. ue diligence
عرض الإجابة
اجابة صحيحة: A
السؤال #15
What specific type of analysis is assigning values to the scenario to see expected outcomes?
A. eterministic
B. xploratory
C. robabilistic
D. escriptive
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which utility blocks a host portscan?
A. IDS
B. andboxing
C. ost-based firewall
D. ntimalware
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
A. odify the settings of the intrusion detection system
B. esign criteria for reviewing alerts
C. edefine signature rules
D. djust the alerts schedule
عرض الإجابة
اجابة صحيحة: A
السؤال #18
What is rule-based detection when compared to statistical detection?
A. roof of a user's identity
B. roof of a user's action
C. ikelihood of user's action
D. alsification of a user's identity
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Which tool provides a full packet capture from network traffic?
A. agios
B. AINE
C. ydra
D. ireshark
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Refer to the exhibit.Which two elements in the table are parts of the 5-tuple? (Choose two.)
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: DE
السؤال #21
DRAG DROP (Drag and Drop is not supported)Drag and drop the technology on the left onto the data type the technology provides on the right.
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #22
What is the difference between the rule-based detection when compared to behavioral detection?
A. ule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature
B. ule-Based systems have established patterns that do not change with new data, while behavioral changes
C. ehavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures
D. ehavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks
عرض الإجابة
اجابة صحيحة: D
السؤال #23
What is the principle of defense-in-depth?
A. gentless and agent-based protection for security are used
B. everal distinct protective layers are involved
C. ccess control models are involved
D. uthentication, authorization, and accounting mechanisms are used
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which action prevents buffer overflow attacks?
A. ariable randomization
B. sing web based applications
C. nput sanitization
D. sing a Linux operating system
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which type of data collection requires the largest amount of storage space?
A. lert data
B. ransaction data
C. ession data
D. ull packet capture
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Which two components reduce the attack surface on an endpoint? (Choose two.)
A. ny potential danger to an asset
B. he sum of all paths for data into and out of the environment
C. n exploitable weakness in a system or its design
D. he individuals who perform an attack
عرض الإجابة
اجابة صحيحة: AD
السؤال #27
Refer to the exhibit.What information is depicted?
A. IS data
B. etFlow data
C. etwork discovery event
D. PS event data
عرض الإجابة
اجابة صحيحة: B
السؤال #28
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.Which type of evidence is this?
A. est evidence
B. rima facie evidence
C. ndirect evidence
D. hysical evidence
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Which piece of information is needed for attribution in an investigation?
A. roxy logs showing the source RFC 1918 IP addresses
B. DP allowed from the Internet
C. nown threat actor behavior
D. 02
عرض الإجابة
اجابة صحيحة: C
السؤال #30
Refer to the exhibit.This request was sent to a web application server driven by a database. Which type of web server attack is represented?
A. arameter manipulation
B. eap memory corruption
C. ommand injection
D. lind SQL injection
عرض الإجابة
اجابة صحيحة: D
السؤال #31
An analyst discovers that a legitimate security alert has been dismissed. Which signature caused this impact on network traffic?
A. rue negative
B. alse negative
C. alse positive
D. rue positive
عرض الإجابة
اجابة صحيحة: B
السؤال #32
Refer to the exhibit.Which type of log is displayed?
A. DS
B. roxy
C. etFlow
D. ys
عرض الإجابة
اجابة صحيحة: A
السؤال #33
A malicious file has been identified in a sandbox analysis tool.Which piece of information is needed to search for additional downloads of this file by other hosts?
A. ile header type
B. ile size
C. ile name
D. ile hash value
عرض الإجابة
اجابة صحيحة: D
السؤال #34
An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish this goal?
A. ase64 encoding
B. LS encryption
C. HA-256 hashing
D. OT13 encryption
عرض الإجابة
اجابة صحيحة: B
السؤال #35
An analyst is investigating an incident in a SOC environment.Which method is used to identify a session from a group of logs?
A. equence numbers
B. P identifier
C. -tuple
D. imestamps
عرض الإجابة
اجابة صحيحة: C
السؤال #36
One of the objectives of information security is to protect the CIA of information and systems.What does CIA mean in this context?
A. onfidentiality, identity, and authorization
B. onfidentiality, integrity, and authorization
C. onfidentiality, identity, and availability
D. onfidentiality, integrity, and availability
عرض الإجابة
اجابة صحيحة: D
السؤال #37
An analyst is exploring the functionality of different operating systems.What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
A. he system detected an XSS attack
B. omeone is trying a brute force attack on the network
C. nother device is gaining root access to the system
D. privileged user successfully logged into the system
عرض الإجابة
اجابة صحيحة: D
السؤال #38
How is NetFlow different from traffic mirroring?
A. etFlow collects metadata and traffic mirroring clones data
B. raffic mirroring impacts switch performance and NetFlow does not
C. raffic mirroring costs less to operate than NetFlow
D. etFlow generates more data than traffic mirroring
عرض الإجابة
اجابة صحيحة: A
السؤال #39
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.Which technology should be used to accomplish this task?
A. pplication whitelisting/blacklisting
B. etwork NGFW
C. ost-based IDS
D. ntivirus/antispyware software
عرض الإجابة
اجابة صحيحة: A
السؤال #40
What is the practice of giving an employee access to only the resources needed to accomplish their job?
A. rinciple of least privilege
B. rganizational separation
C. eparation of duties
D. eed to know principle
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?
A. orgery attack
B. laintext-only attack
C. iphertext-only attack
D. eet-in-the-middle attack
عرض الإجابة
اجابة صحيحة: C
السؤال #42
Which process is used when IPS events are removed to improve data integrity?
A. ata availability
B. ata normalization
C. ata signature
D. ata protection
عرض الإجابة
اجابة صحيحة: B
السؤال #43
Which event is user interaction?
A. aining root access
B. xecuting remote code
C. eading and writing file permission
D. pening a malicious file
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. ecision making
B. apid response
C. ata mining
D. ue diligence
عرض الإجابة
اجابة صحيحة: A
السؤال #45
An engineer is investigating a case of the unauthorized usage of the "Tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
A. agged protocols being used on the network
B. ll firewall alerts and resulting mitigations
C. agged ports being used on the network
D. ll information and data within the datagram
عرض الإجابة
اجابة صحيحة: C
السؤال #46
Which two elements are used for profiling a network? (Choose two.)
A. egal
B. ompliance
C. egulated
D. ontractual
عرض الإجابة
اجابة صحيحة: AB
السؤال #47
How does an SSL certificate impact security between the client and the server?
A. y enabling an authenticated channel between the client and the server
B. y creating an integrated channel between the client and the server
C. y enabling an authorized channel between the client and the server
D. y creating an encrypted channel between the client and the server
عرض الإجابة
اجابة صحيحة: D
السؤال #48
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
A. D data copy prepared in Windows
B. D data copy prepared in Mac-based system
C. D data copy prepared in Linux system
D. D data copy prepared in Android-based system
عرض الإجابة
اجابة صحيحة: A
السؤال #49
Which step in the incident response process researches an attacking host through logs in a SIEM?
A. etection and analysis
B. reparation
C. radication
D. ontainment
عرض الإجابة
اجابة صحيحة: A
السؤال #50
What causes events on a Windows system to show Event Code 4625 in the log messages?
A. n access attempt was made from the Mosaic web browser
B. successful access attempt was made to retrieve the password file
C. successful access attempt was made to retrieve the root of the website
D. denied access attempt was made to retrieve the password file
عرض الإجابة
اجابة صحيحة: B
السؤال #51
What is the virtual address space for a Windows process?
A. hysical location of an object in memory
B. et of pages that reside in the physical memory
C. ystem-level memory protection feature built into the operating system
D. et of virtual memory addresses that can be used
عرض الإجابة
اجابة صحيحة: D
السؤال #52
Refer to the exhibit.Which application protocol is in this PCAP file?
A. SH
B. CP
C. LS
D. TTP
عرض الإجابة
اجابة صحيحة: D
السؤال #53
Which evasion technique is a function of ransomware?
A. xtended sleep calls
B. ncryption
C. esource exhaustion
D. ncoding
عرض الإجابة
اجابة صحيحة: B
السؤال #54
Refer to the exhibit.What should be interpreted from this packet capture?
A. 1
B. 92
C. 92
D. 1
عرض الإجابة
اجابة صحيحة: B
السؤال #55
Which security monitoring data type requires the largest storage space?
A. ransaction data
B. tatistical data
C. ession data
D. ull packet capture
عرض الإجابة
اجابة صحيحة: D
السؤال #56
At a company party a guest asks questions about the company's user account format and password complexity. How is this type of conversation classified?
A. hishing attack
B. assword Revelation Strategy
C. iggybacking
D. ocial Engineering
عرض الإجابة
اجابة صحيحة: D
السؤال #57
A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?
A. ompany assets that are threatened
B. ustomer assets that are threatened
C. erpetrators of the attack
D. ictims of the attack
عرض الإجابة
اجابة صحيحة: B
السؤال #58
A system administrator is ensuring that specific registry information is accurate.Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?
A. ile extension associations
B. ardware, software, and security settings for the system
C. urrently logged in users, including folders and control panel settings
D. ll users on the system, including visual settings
عرض الإجابة
اجابة صحيحة: B
السؤال #59
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?
A. otal throughput on the interface of the router and NetFlow records
B. utput of routing protocol authentication failures and ports used
C. unning processes on the applications and their total network usage
D. eep packet captures of each application flow and duration
عرض الإجابة
اجابة صحيحة: C
السؤال #60
Refer to the exhibit.What is the potential threat identified in this Stealthwatch dashboard?
A. policy violation is active for host 10
B. host on the network is sending a DDoS attack to another inside host
C. here are three active data exfiltration alerts
D. policy violation is active for host 10
عرض الإجابة
اجابة صحيحة: C
السؤال #61
Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?
A. ypertext Transfer Protocol
B. SL Certificate
C. unneling
D. PN
عرض الإجابة
اجابة صحيحة: B
السؤال #62
Refer to the exhibit.Which event is occurring?
A. binary named "submit" is running on VM cuckoo1
B. binary is being submitted to run on VM cuckoo1
C. binary on VM cuckoo1 is being submitted for evaluation
D. URL is being evaluated to see if it has a malicious binary
عرض الإجابة
اجابة صحيحة: B
السؤال #63
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?
A. etScout
B. cpdump
C. olarWinds
D. etsh
عرض الإجابة
اجابة صحيحة: B
السؤال #64
Which signature impacts network traffic by causing legitimate traffic to be blocked?
A. alse negative
B. rue positive
C. rue negative
D. alse positive
عرض الإجابة
اجابة صحيحة: D
السؤال #65
Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?
A. lientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
B. lientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods
C. lientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods
D. lientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods
عرض الإجابة
اجابة صحيحة: C
السؤال #66
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. apping interrogation replicates signals to a separate port for analyzing traffic
B. apping interrogations detect and block malicious traffic
C. nline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. nline interrogation detects malicious traffic but does not block the traffic
عرض الإجابة
اجابة صحيحة: A
السؤال #67
Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?
A. esource exhaustion
B. unneling
C. raffic fragmentation
D. iming attack
عرض الإجابة
اجابة صحيحة: A
السؤال #68
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.What is the initial event called in the NIST SP800-61?
A. nline assault
B. recursor
C. rigger
D. nstigator
عرض الإجابة
اجابة صحيحة: B
السؤال #69
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
A. ueries Linux devices that have Microsoft Services for Linux installed
B. eploys Windows Operating Systems in an automated fashion
C. s an efficient tool for working with Active Directory
D. as a Common Information Model, which describes installed hardware and software
عرض الإجابة
اجابة صحيحة: BE
السؤال #70
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: AB
السؤال #71
Which attack method intercepts traffic on a switched network?
A. enial of service
B. RP cache poisoning
C. HCP snooping
D. ommand and control
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.