Updated

A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet.…

What two shared sources of information are included within the MITRE ATT&CK framework? (Choose two.) details about the handling of evidence including times, places, and personnel involved eyewitness evidence from…

According to NIST, which step in the digital forensics process involves drawing conclusions from data? collection examination analysis reporting Answers Explanation & Hints: NIST describes the digital forensics process as…

A cybersecurity analyst has been called to a crime scene that contains several technology items including a computer. Which technique will be used so that the information found on the…

Which tool included in the Security Onion includes the capability of designing custom dashboards? Squert Sguil Kibana OSSEC Answers Explanation & Hints: Dashboards are usually interactive and provide a combination…

Which technology is a major standard consisting of a pattern of symbols that describe data to be matched in a query? POSIX Sguil Squert OSSEC Answers Explanation & Hints: A…

How is the hash value of files useful in network security investigations? It is used to decode files. It verifies confidentiality of files. It is used as a key for…

Which HIDS is integrated into the Security Onion and uses rules to detect changes in host-based operating parameters caused by malware through system calls? Bro Snort OSSEC Suricata Answers Explanation…

How does an application program interact with the operating system? sending files using processes making API calls accessing BIOS or UEFI Answers Explanation & Hints: Application programs interact with an…

Which type of events should be assigned to categories in Sguil? true positive true negative false positive false negative Answers Explanation & Hints: Sguil includes seven pre-built categories that can…

What is the purpose for data reduction as it relates to NSM? to remove recurring data streams to make the alert data transmission fast to diminish the quantity of NSM…

Which tool is a Security Onion integrated host-based intrusion detection system? Sguil ELK Snort OSSEC Answers Explanation & Hints: OSSEC is a host-based intrusion detection system (HIDS) that is integrated…

Which term is used to describe the process of converting log entries into a common format? classification normalization standardization systemization Answers Explanation & Hints: For processing log entries, data normalization…

Which classification indicates that an alert is verified as an actual security incident? true positive true negative false positive false negative Answers Explanation & Hints: Alerts can be classified as…

A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert? false…

A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert? false negative false positive true positive true…

After a security monitoring tool identifies a malware attachment entering the network, what is the benefit of performing a retrospective analysis? A retrospective analysis can help in tracking the behavior…

Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident? SOC Manager Tier 1 personnel Tier 2…

A cybersecurity analyst is going to verify security alerts using the Security Onion. Which tool should the analyst visit first? Bro Sguil ELK CapME Answers Explanation & Hints: The primary…

Match the Snort rule source to the description. Explanation & Hint: GPL: This typically refers to the General Public License, and in the context of Snort, it may refer to…