What will a threat actor do to create a back door on a compromised target according to the Cyber Kill Chain model? Collect and exfiltrate data. Add services and autorun…
Which activity is typically performed by a threat actor in the installation phase of the Cyber Kill Chain? Harvest email addresses of user accounts. Obtain an automated tool to deliver…
What is the goal of an attack in the installation phase of the Cyber Kill Chain? Break the vulnerability and gain control of the target. Establish command and control (CnC)…
When dealing with a security threat and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations on a system? (Choose two.)…
Place the evidence collection priority from most volatile to least volatile as defined by the IETF guidelines. Explanation & Hint: According to the IETF (Internet Engineering Task Force) guidelines for…
Which type of evidence supports an assertion based on previously obtained evidence? best evidence corroborating evidence direct evidence indirect evidence Answers Explanation & Hints: Corroborating evidence is evidence that supports…
How is the event ID assigned in Sguil? Each event in the series of correlated events is assigned a unique ID. All events in the series of correlated events are…
Which two types of network traffic are from protocols that generate a lot of routine traffic? (Choose two.) SSL traffic STP traffic IPsec traffic routing updates traffic Windows security auditing…
What is indicated by a true negative security alert classification? An alert is verified to be an actual security incident. Normal traffic is correctly ignored and erroneous alerts are not…
What are two elements that form the PRI value in a syslog message? (Choose two.) facility header severity hostname timestamp Answers Explanation & Hints: The PRI in a syslog message…
Which three pieces of information are found in session data? (Choose three.) user name source and destination port numbers Layer 4 transport protocol source and destination IP addresses source and…
How does using HTTPS complicate network security monitoring? HTTPS can be used to infiltrate DNS queries. HTTPS adds complexity to captured packets. Web browser traffic is directed to infected servers.…
What are the three impact metrics contained in the CVSS 3.0 Base Metric Group? (Choose three.) attack vector availability confidentiality exploit integrity remediation level Answers Explanation & Hints: The Common…
A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element? the list of TCP or UDP processes…
Which statement describes the anomaly-based intrusion detection approach? It compares the operations of a host against a well-defined security policy. It compares the signatures of incoming traffic to a known…
Match the description to the antimalware approach. (Not all options are used.) Answers Explanation & Hints: Antimalware programs may detect viruses using three different approaches: signature-based - by recognizing various…
Which three algorithms are designed to generate and verify digital signatures? (Choose three.) IKE AES DSA RSA 3DES ECDSA Answers Explanation & Hints: There are three Digital Signature Standard (DSS)…
What three services are offered by FireEye? (Choose three.) blocks attacks across the web identifies and stops email threat vectors identifies and stops latent malware on files creates firewall rules…
A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.) encryption for only the password of a user encryption…
A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file…