Match the Linux host-based firewall application with its description. Explanation & Hint: iptables: This is a rule-based access control and logging system for Linux packet filtering based on IP addresses…
Match the network-based antimalware solution to the function. (Not all options are used.) Explanation & Hint: Web Security Appliance - This is generally responsible for providing filtering of websites and…
What best describes the destination IPv4 address that is used by multicasting? a single IP multicast address that is used by all destinations in a group an IP address that…
What are three goals of a port scan attack? (Choose three.) to discover system passwords to identify operating systems to identify active services to identify peripheral configurations to determine potential…
In which phase of the NIST incident response life cycle is evidence gathered that can assist subsequent investigations by authorities? preparation detection and analysis containment, eradication, and recovery postincident activities…
What information is gathered by the CSIRT when determining the scope of a security incident? the networks, systems, and applications affected by an incident the strategies and procedures used for…
According to NIST standards, which incident response stakeholder is responsible for coordinating an incident response with other stakeholders to minimize the damage of an incident? IT support management legal department…
What is defined in the SOP of a computer security incident response capability (CSIRC)? the procedures that are followed during an incident response the metrics for measuring incident response capabilities…
Which meta-feature element in the Diamond Model describes information gained by the adversary? results direction resources methodology Answers Explanation & Hints: The meta-feature element results are used to delineate what…
When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to block a potential back door creation? (Choose two.) Conduct damage…
Why would threat actors prefer to use a zero-day attack in the Cyber Kill Chain weaponization phase? to get a free malware package to launch a DoS attack toward the…
A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet.…
What two shared sources of information are included within the MITRE ATT&CK framework? (Choose two.) details about the handling of evidence including times, places, and personnel involved eyewitness evidence from…
According to NIST, which step in the digital forensics process involves drawing conclusions from data? collection examination analysis reporting Answers Explanation & Hints: NIST describes the digital forensics process as…
Which tool included in the Security Onion includes the capability of designing custom dashboards? Squert Sguil Kibana OSSEC Answers Explanation & Hints: Dashboards are usually interactive and provide a combination…
Which technology is a major standard consisting of a pattern of symbols that describe data to be matched in a query? POSIX Sguil Squert OSSEC Answers Explanation & Hints: A…
How is the hash value of files useful in network security investigations? It is used to decode files. It verifies confidentiality of files. It is used as a key for…
Which HIDS is integrated into the Security Onion and uses rules to detect changes in host-based operating parameters caused by malware through system calls? Bro Snort OSSEC Suricata Answers Explanation…
How does an application program interact with the operating system? sending files using processes making API calls accessing BIOS or UEFI Answers Explanation & Hints: Application programs interact with an…
Which type of events should be assigned to categories in Sguil? true positive true negative false positive false negative Answers Explanation & Hints: Sguil includes seven pre-built categories that can…