Which two statements are correct about the advanced persistent threats (APTs)? (Choose two.) long-lasting attacks require no technical expertise financially demanding short-term commitment Explanation & Hint: The two correct statements…
What are two challenges in securing information using data digitalization? (Choose two.) higher information density wide attack surface hard to modify or replicate data requires significant resources to obtain access…
Which is a characteristic of cyberattack to be considered part of a cyber warfare operation? government funding non-political motives short-term commitment use of casual actions Explanation & Hint: A characteristic…
What is the purpose of Onion Router (Tor)? conceal location decrypt the originating traffic and IP address map exit IP address to a physical location block unauthorized access Explanation &…
Which tool can you use to detect and block malicious beaconing between a compromised host and a C2 server? Cisco Secure Firewall Cisco border router equipped with anomaly detection Splunk…
Which two options are valid examples of beaconing traffic that occurs within an organization’s network? (Choose two.) 6G wireless 802.11 WLAN keepalive traffic NTP traffic OSI Layer 1 IP traffic…
You are a newly-hired threat hunter and are familiarizing yourself with your organization’s network. You must establish a baseline of normal behavior before threat hunting can begin. Which tool would…
You work on an incident response team. You are tasked with identifying malicious beaconing traffic that is leaving your network and communicating with an external C2 server. Which traffic type…
You are a threat hunter who is analyzing traffic. You suspect that a host in your organization is attempting to establish a communication channel with a C2 server. Which traffic…
Which type of attack is where an attacker clears all traces and evidence that point to them or their activities? log tampering log poisoning log denial of service log redirection…
Which part of a syslog log contains a descriptive text about the event in a free text format? header body structured data message Explanation & Hint: In a syslog log,…
Which log analysis method requires a training phase? statistical advanced knowledge-based signature-based anomaly-based Explanation & Hint: The log analysis method that requires a training phase is "anomaly-based." Anomaly-based log analysis…
Which of the following is a standard protocol used for log retrieval as defined in RFC 3164? Syslog SNMP RESTful API NETCONF Explanation & Hint: The standard protocol used for…
Which is a time format used mainly on UNIX systems that uses integer values to represent data and time? Epoch UTC TAI GMT Explanation & Hint: The time format used…
Which log management component involves log parsing, normalization, indexing, and correlation? Logging Agent Log Collector Log Processor Log Management Console Explanation & Hint: The log management component that involves log…
What are the two most common log analysis challenges for the SOC? (Choose two.) SOC analysts being tasked to perform many additional tasks besides log analysis lack of proper training…
What are two common log retrieval methods? (Choose two.) static push pull dynamic Explanation & Hint: Two common log retrieval methods are: Push: In this method, log sources proactively send…
Which type of attack is where an attacker inputs malicious code into a log file? log tampering log poisoning log denial of service log redirection Explanation & Hint: The type…
Which is a method of logically arranging log entries based on their attributes? Log parsing Log normalization Log indexing Log correlation Log analysis Explanation & Hint: The method of logically…
Which step in log preprocessing is where a common data set descriptors schema is used? Log parsing Log normalization Log indexing Log correlation Log analysis Explanation & Hint: In log…