What is the threat actor in this scenario?
An engineer received a flood of phishing emails from HR with the source address HRjacobm@companycom. What is the threat actor in this scenario? A. phishing email B. sender C. HR D. receiver
200-201 v.2
What is the difference between vulnerability and risk?
What is the difference between vulnerability and risk? A. A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself. B. A risk is a potential threat that an exploit…
What is occurring?
Refer to the exhibit. What is occurring? A. ARP flood B. DNS amplification C. ARP poisoning D. DNS tunneling
Which field contains DNS header information if the payload is a query or a response?
Refer to the exhibit. Which field contains DNS header information if the payload is a query or a response? A. Z B. ID C. TC D. QR
Refer to the exhibit.
Refer to the exhibit. An engineer is analyzing a PCAP file after a recent breach An engineer identified that the attacker used an aggressive ARP scan to scan the hosts and found web and SSH servers. Further analysis showed several…
What is the difference between the ACK flag and the RST flag?
What is the difference between the ACK flag and the RST flag? A. The RST flag approves the connection, and the ACK flag terminates spontaneous connections. B. The ACK flag confirms the received segment, and the RST flag terminates the…
Which of these describes SOC metrics in relation to security incidents?
Which of these describes SOC metrics in relation to security incidents? A. time it takes to detect the incident B. time it takes to assess the risks of the incident C. probability of outage caused by the incident D. probability…
How does agentless monitoring differ from agent-based monitoring?
How does agentless monitoring differ from agent-based monitoring? A. Agentless can access the data via API. while agent-base uses a less efficient method and accesses log data through WMI. B. Agent-based monitoring is less intrusive in gathering log data, while…
Which category does this event fall under as defined in the Cyber Kill Chain?
A security engineer notices confidential data being exfiltrated to a domain “Ranso4134-mware31- 895” address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network…
Which technology must the engineer implement in this scenario’?
An organization is cooperating with several third-party companies. Data exchange is on an unsecured channel using port 80 Internal employees use the FTP service to upload and download sensitive data An engineer must ensure confidentiality while preserving the integrity of…