Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?
An engineer must configure network systems to detect command-and-control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology must be used to accomplish this task?
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
Refer to the exhibit.
A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source After the attacker produces many of failed login entries, it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and
identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?
What are the two differences between stateful and deep packet inspection? (Choose two )
An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?
Exhibit.
An engineer received a ticket about a slowdown of a web application, Drug analysis of traffic, the engineer suspects a possible attack on a web server. How should the engineer interpret the Wiresharat traffic capture?
What is the difference between deep packet inspection and stateful inspection?
What is personally identifiable information that must be safeguarded from unauthorized access?
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?
Which process is used when IPS events are removed to improve data integrity?
Which metric is used to capture the level of access needed to launch a successful attack?
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?
Which data type is necessary to get information about source/destination ports?
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation?
An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?
Refer to the exhibit.
A workstation downloads a malicious docx file from the Internet and a copy is sent to FTDv. The FTDv sends the file hash to FMC and the tile event is recorded What would have occurred with stronger data visibility?
Refer to the exhibit.
Which kind of attack method is depicted in this string?
Which type of data consists of connection level, application-specific records generated from network traffic?
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom. What is the threat actor in this scenario?
Which type of data must an engineer capture to analyze payload and header information?
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)
After a large influx of network traffic to externally facing devices, a security engineer begins investigating what appears to be a denial of service attack When the packet capture data is reviewed, the engineer notices that the traffic is a single SYN packet to each port Which type of attack is occurring?
Which type of data collection requires the largest amount of storage space?
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin.The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?
What should an engineer use to aid the trusted exchange of public keys between user tom0411976943 and dan1968754032?
Refer to the exhibit.
What is the potential threat identified in this Stealthwatch dashboard?
Which event artifact is used to identify HTTP GET requests for a specific file?
A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions. Which identifier tracks an active program?
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Drag and drop the access control models from the left onto the correct descriptions on the right.
Which HTTP header field is used in forensics to identify the type of browser used?
Refer to the exhibit Drag and drop the element names from the left onto the corresponding pieces of the PCAP file on the right.
Which type of attack is a blank email with the subject "price deduction" that contains a malicious attachment?
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers A SOC analyst checked the endpoints and discovered that they are infected and became part of the botnet Endpoints are sending multiple DNS requests but with spoofed IP addresses of valid external sources What kind of attack are infected endpoints involved in1?
What describes the concept of data consistently and readily being accessible for legitimate users?
Which system monitors local system operation and local network access for violations of a security policy?
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?
Refer to the exhibit.
An attacker scanned the server using Nmap.
What did the attacker obtain from this scan?
Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?
What is a collection of compromised machines that attackers use to carry out a DDoS attack?
Refer to the exhibit.
An attacker gained initial access to the company s network and ran an Nmap scan to advance with the lateral movement technique and to search the sensitive data Which two elements can an attacker identify from the scan? (Choose two.)
Refer to the exhibit.
Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
An engineer received an alert affecting the degraded performance of a critical server Analysis showed a heavy CPU and memory load What is the next step the engineer should take to investigate this resource usage7
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
What is the impact of false positive alerts on business compared to true positive?