Which type of evidence supports an assertion based on previously obtained evidence? best evidence corroborating evidence direct evidence indirect evidence Answers Explanation & Hints: Corroborating evidence is evidence that supports…
How is the event ID assigned in Sguil? Each event in the series of correlated events is assigned a unique ID. All events in the series of correlated events are…
Which two types of network traffic are from protocols that generate a lot of routine traffic? (Choose two.) SSL traffic STP traffic IPsec traffic routing updates traffic Windows security auditing…
What is indicated by a true negative security alert classification? An alert is verified to be an actual security incident. Normal traffic is correctly ignored and erroneous alerts are not…
What are two elements that form the PRI value in a syslog message? (Choose two.) facility header severity hostname timestamp Answers Explanation & Hints: The PRI in a syslog message…
Which three pieces of information are found in session data? (Choose three.) user name source and destination port numbers Layer 4 transport protocol source and destination IP addresses source and…
How does using HTTPS complicate network security monitoring? HTTPS can be used to infiltrate DNS queries. HTTPS adds complexity to captured packets. Web browser traffic is directed to infected servers.…
What are the three impact metrics contained in the CVSS 3.0 Base Metric Group? (Choose three.) attack vector availability confidentiality exploit integrity remediation level Answers Explanation & Hints: The Common…
A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element? the list of TCP or UDP processes…
Which statement describes the anomaly-based intrusion detection approach? It compares the operations of a host against a well-defined security policy. It compares the signatures of incoming traffic to a known…
Match the description to the antimalware approach. (Not all options are used.) Answers Explanation & Hints: Antimalware programs may detect viruses using three different approaches: signature-based - by recognizing various…
Which three algorithms are designed to generate and verify digital signatures? (Choose three.) IKE AES DSA RSA 3DES ECDSA Answers Explanation & Hints: There are three Digital Signature Standard (DSS)…
What three services are offered by FireEye? (Choose three.) blocks attacks across the web identifies and stops email threat vectors identifies and stops latent malware on files creates firewall rules…
A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.) encryption for only the password of a user encryption…
A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file…
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data? statement of scope statement of authority Internet access policy acceptable…
A flood of packets with invalid source IP addresses requests a connection on the network. The server busily tries to respond, resulting in valid requests being ignored. What type of…
What kind of ICMP message can be used by threat actors to perform network reconnaissance and scanning attacks? ICMP redirects ICMP unreachable ICMP mask reply ICMP router discovery Answers Explanation…
Which network monitoring tool is in the category of network protocol analyzers? SNMP SPAN Wireshark SIEM Answers Explanation & Hints: Wireshark is a network protocol analyzer used to capture network…
What are two monitoring tools that capture network traffic and forward it to network monitoring devices? (Choose two.) SIEM Wireshark SNMP SPAN network tap Answers Explanation & Hints: A network…