Which two options are valid examples of beaconing traffic that occurs within an organization’s network? (Choose two.) 6G wireless 802.11 WLAN keepalive traffic NTP traffic OSI Layer 1 IP traffic…
You are a newly-hired threat hunter and are familiarizing yourself with your organization’s network. You must establish a baseline of normal behavior before threat hunting can begin. Which tool would…
You work on an incident response team. You are tasked with identifying malicious beaconing traffic that is leaving your network and communicating with an external C2 server. Which traffic type…
You are a threat hunter who is analyzing traffic. You suspect that a host in your organization is attempting to establish a communication channel with a C2 server. Which traffic…
Which type of attack is where an attacker clears all traces and evidence that point to them or their activities? log tampering log poisoning log denial of service log redirection…
Which part of a syslog log contains a descriptive text about the event in a free text format? header body structured data message Explanation & Hint: In a syslog log,…
Which log analysis method requires a training phase? statistical advanced knowledge-based signature-based anomaly-based Explanation & Hint: The log analysis method that requires a training phase is "anomaly-based." Anomaly-based log analysis…
Which of the following is a standard protocol used for log retrieval as defined in RFC 3164? Syslog SNMP RESTful API NETCONF Explanation & Hint: The standard protocol used for…
Which is a time format used mainly on UNIX systems that uses integer values to represent data and time? Epoch UTC TAI GMT Explanation & Hint: The time format used…
Which log management component involves log parsing, normalization, indexing, and correlation? Logging Agent Log Collector Log Processor Log Management Console Explanation & Hint: The log management component that involves log…
What are the two most common log analysis challenges for the SOC? (Choose two.) SOC analysts being tasked to perform many additional tasks besides log analysis lack of proper training…
What are two common log retrieval methods? (Choose two.) static push pull dynamic Explanation & Hint: Two common log retrieval methods are: Push: In this method, log sources proactively send…
Which type of attack is where an attacker inputs malicious code into a log file? log tampering log poisoning log denial of service log redirection Explanation & Hint: The type…
Which is a method of logically arranging log entries based on their attributes? Log parsing Log normalization Log indexing Log correlation Log analysis Explanation & Hint: The method of logically…
Which step in log preprocessing is where a common data set descriptors schema is used? Log parsing Log normalization Log indexing Log correlation Log analysis Explanation & Hint: In log…
Which log analysis step involves the use of the correlating key? log parsing log normalization log indexing log correlation log analysis Explanation & Hint: The log analysis step that involves…
What are the two general types of log source categories? (Choose two.) network endpoint server client cloud on-prem Explanation & Hint: The two general types of log source categories are:…
Log parsing is considered which part of the overall log analysis process? Log preprocessing Log semantic processing Log normalization Log filtering Explanation & Hint: Log parsing is considered a part…
Which two actions could indicate suspicious behavior that deviates from the baseline and is certainly worth investigating further? (Choose two.) a lot of downloaded data such as software or web…
What is the purpose of using REGEX during PCAP analysis? deliver payloads from PCAP analysis define a search pattern reverse engineer suspicious files log event data and establish baseline Explanation…