لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Topic 1What is the practice of giving employees only those permissions necessary to perform their specific role within anorganization?
A. least privilege
B. need to know
C. integrity validation
D. due diligence
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
A. SFlow
B. NetFlow
C. NFlow
D. IPFIX
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Topic 1Which principle is being followed when an analyst gathers information relevant to a security incident to determine theappropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Topic 1Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
عرض الإجابة
اجابة صحيحة: D
السؤال #5
When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification. Which information is available on the server certificate?
A. server name, trusted subordinate CA, and private key
B. trusted subordinate CA, public key, and cipher suites
C. trusted CA name, cipher suites, and private key
D. server name, trusted CA, and public key
عرض الإجابة
اجابة صحيحة: D
السؤال #6
What is a difference between SI EM and SOAR security systems?
A. OAR ingests numerous types of logs and event data infrastructure components and SIEM can fetch data from endpoint security software and external threat intelligence feeds
B. OAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks
C. IEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts
D. IEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data antivirus logs, firewall logs, and hashes of downloaded files
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Topic 1Which security principle requires more than one person is required to perform a critical task?
A. least privilege
B. need to know
C. separation of duties
D. due diligence
عرض الإجابة
اجابة صحيحة: C
السؤال #8
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor. Which type of evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence
عرض الإجابة
اجابة صحيحة: C
السؤال #9
What does the output indicate about the server with the IP address 172.18.104.139?
A. open ports of a web server
B. open port of an FTP server
C. open ports of an email server
D. running processes of the server
عرض الإجابة
اجابة صحيحة: C
السؤال #10
What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. SOAR receives information from a single platform and delivers it to a SIEM
D. SIEM receives information from a single platform and delivers it to a SOAR
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Topic 1What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
B. MAC is the strictest of all levels of control and DAC is object-based access
C. DAC is controlled by the operating system and MAC is controlled by an administrator
D. DAC is the strictest of all levels of control and MAC is object-based access
عرض الإجابة
اجابة صحيحة: B
السؤال #12
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
A. The computer has a HIPS installed on it
B. The computer has a NIPS installed on it
C. The computer has a HIDS installed on it
D. The computer has a NIDS installed on it
عرض الإجابة
اجابة صحيحة: D
السؤال #13
This request was sent to a web application server driven by a database. Which type of web server attack is represented?
A. parameter manipulation
B. heap memory corruption
C. command injectionD
عرض الإجابة
اجابة صحيحة: BE
السؤال #14
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers A SOC analyst checked the endpoints and discovered that they are infected and became part of the botnet Endpoints are sending multiple DNS requests but with spoofed IP addresses of valid external sources What kind of attack are infected endpoints involved in1?
A. NS hijacking
B. NS tunneling
C. NS flooding
D. NS amplification
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Topic 1A user received a malicious attachment but did not run it.Which category classifies the intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Topic 1What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Topic 1An analyst is investigating an incident in a SOC environment.Which method is used to identify a session from a group of logs?
A. sequence numbers
B. IP identifier
C. 5-tuple
D. timestamps
عرض الإجابة
اجابة صحيحة: C
السؤال #18
What is the expected result when the "Allow subdissector to reassemble TCP streams" feature is enabled?
A. insert TCP subdissectors
B. extract a file from a packet capture
C. disable TCP streams
D. unfragment TCP
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Refer to the exhibit. A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?
A. mployee 5
B. mployee 3
C. mployee 4
D. mployee 2
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Which regular expression matches "color" and "colour"?
A. colo?ur
B. col[0−8]+our
C. colou?r
D. col[0−9]+our
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Topic 1What is the virtual address space for a Windows process?
A. physical location of an object in memory
B. set of pages that reside in the physical memory
C. system-level memory protection feature built into the operating system
D. set of virtual memory addresses that can be used
عرض الإجابة
اجابة صحيحة: D
السؤال #22
A cyberattacker notices a security flaw in a software that a company is using They decide to tailor a specific worm to exploit this flaw and extract saved passwords from the software To which category of the Cyber Kill Cham model does this event belong?
A. econnaissance
B. elivery
C. eaponization
D. xploitation
عرض الإجابة
اجابة صحيحة: C
السؤال #23
What is the potential threat identified in this Stealthwatch dashboard?
A. Host 10
B. Host 152
C. Traffic to 152
D. Host 10
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Topic 1One of the objectives of information security is to protect the CIA of information and systems.What does CIA mean in this context?
A. confidentiality, identity, and authorization
B. confidentiality, integrity, and authorization
C. confidentiality, identity, and availability
D. confidentiality, integrity, and availability
عرض الإجابة
اجابة صحيحة: D
السؤال #25
Topic 1What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. SOAR receives information from a single platform and delivers it to a SIEM
D. SIEM receives information from a single platform and delivers it to a SOAR
عرض الإجابة
اجابة صحيحة: A
السؤال #26
Topic 1Which security principle is violated by running all processes as root or administrator?
A. principle of least privilege
B. role-based access control
C. separation of duties
D. trusted computing base
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Topic 1What is rule-based detection when compared to statistical detection?
A. proof of a user's identity
B. proof of a user's action
C. likelihood of user's action
D. falsification of a user's identity
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which application protocol is in this PCAP file?
A. SSH
B. TCP
C. TLS
D. HTTP
عرض الإجابة
اجابة صحيحة: B
السؤال #29
A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs. Which technology should be used to accomplish this task?
A. application whitelisting/blacklisting
B. network NGFWC
D. antivirus/antispyware software
عرض الإجابة
اجابة صحيحة: D
السؤال #30
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policiesD
عرض الإجابة
اجابة صحيحة: D
السؤال #31
Topic 1How is attacking a vulnerability categorized?
A. action on objectives
B. delivery
C. exploitation
D. installation
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Topic 1Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
C. data signature
D. data protection
عرض الإجابة
اجابة صحيحة: B
السؤال #33
An employee received an email from a colleague's address asking for the password for the domain controller. The employee noticed a missing letter within the sender's address. What does this incident describe?
A. rute-force attack
B. nsider attack
C. houlder surfing
D. ocial engineering
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.