When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Which metric is used to capture the level of access needed to launch a successful attack?
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)
A user received an email attachment named "Hr405-report2609-empl094.exe" but did not run it. Which category of the cyber kill chain should be assigned to this type of event?
The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?
At a company party a guest asks questions about the company’s user account format and password complexity. How is this type of conversation classified?
Drag and drop the uses on the left onto the type of security system on the right.
An engineer is analyzing a recent breach where confidential documents were altered and stolen by the receptionist Further analysis shows that the threat actor connected an externa USB device to bypass security restrictions and steal data The engineer could not find an external USB device Which piece of information must an engineer use for attribution in an investigation?
Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?
An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?
Syslog collecting software is installed on the server For the log containment, a disk with FAT type partition is used An engineer determined that log files are being corrupted when the 4 GB tile size is exceeded. Which action resolves the issue?
Which step in the incident response process researches an attacking host through logs in a SIEM?
According to the NIST SP 800-86. which two types of data are considered volatile? (Choose two.)
What is the practice of giving an employee access to only the resources needed to accomplish their job?
An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of the communication. Which technology must the engineer implement in this scenario'?
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
Refer to the exhibit.
An engineer received a ticket about a slowed-down web application The engineer runs the #netstat -an command. How must the engineer interpret the results?
What is the impact of false positive alerts on business compared to true positive?
What are the two characteristics of the full packet captures? (Choose two.)
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?