NEW QUESTION 1
What do the Security Intelligence Events within the FMC allow an administrator to do?

• A. See if a host is connecting to a known-bad domain.
• B. Check for host-to-server traffic within your network.
• C. View any malicious files that a host has downloaded.
• D. Verify host-to-host traffic within your network.

Answer: A

NEW QUESTION 2
Which process is used when IPS events are removed to improve data integrity?

• A. data availability
• B. data normalization
• C. data signature
• D. data protection

Answer: B

NEW QUESTION 3
Which HTTP header field is used in forensics to identify the type of browser used?

• A. referrer
• B. host
• C. user-agent
• D. accept-language

Answer: C

NEW QUESTION 4
Refer to the exhibit.

This request was sent to a web application server driven by a database. Which type of web server attack is represented?

• A. parameter manipulation
• B. heap memory corruption
• C. command injection
• D. blind SQL injection

Answer: D

NEW QUESTION 5
Which metric is used to capture the level of access needed to launch a successful attack?

• A. privileges required
• B. user interaction
• C. attack complexity
• D. attack vector

Answer: A

NEW QUESTION 6
What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

• A. least privilege
• B. need to know
• C. integrity validation
• D. due diligence

Answer: A

NEW QUESTION 7
How does an SSL certificate impact security between the client and the server?

• A. by enabling an authenticated channel between the client and the server
• B. by creating an integrated channel between the client and the server
• C. by enabling an authorized channel between the client and the server
• D. by creating an encrypted channel between the client and the server

Answer: D

NEW QUESTION 8
Drag and drop the security concept on the left onto the example of that concept on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 9
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

• A. forgery attack
• B. plaintext-only attack
• C. ciphertext-only attack
• D. meet-in-the-middle attack

Answer: C

NEW QUESTION 10
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

• A. CD data copy prepared in Windows
• B. CD data copy prepared in Mac-based system
• C. CD data copy prepared in Linux system
• D. CD data copy prepared in Android-based system

Answer: A

NEW QUESTION 11
Refer to the exhibit.

What is occurring in this network traffic?

• A. high rate of SYN packets being sent from a multiple source towards a single destination IP
• B. high rate of SYN packets being sent from a single source IP towards multiple destination IPs
• C. flood of ACK packets coming from a single source IP to multiple destination IPs
• D. flood of SYN packets coming from a single source IP to a single destination IP

Answer: D

NEW QUESTION 12
Which incidence response step includes identifying all hosts affected by an attack'?

• A. post-incident activity
• B. detection and analysis
• C. containment eradication and recovery
• D. preparation

Answer: A

NEW QUESTION 13
Which event artifact is used to identity HTTP GET requests for a specific file?

• A. destination IP address
• B. TCP ACK
• C. HTTP status code
• D. URI

Answer: D

NEW QUESTION 14
Which security principle is violated by running all processes as root or administrator?

• A. principle of least privilege
• B. role-based access control
• C. separation of duties
• D. trusted computing base

Answer: A

NEW QUESTION 15
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

• A. 2317
• B. 1986
• C. 2318
• D. 2542

Answer: D

NEW QUESTION 16
Which attack method intercepts traffic on a switched network?

• A. denial of service
• B. ARP cache poisoning
• C. DHCP snooping
• D. command and control

Answer: C

NEW QUESTION 17
What does an attacker use to determine which network ports are listening on a potential target device?

• A. man-in-the-middle
• B. port scanning
• C. SQL injection
• D. ping sweep

Answer: B

NEW QUESTION 18
Drag and drop the technology on the left onto the data type the technology provides on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 19
A system administrator is ensuring that specific registry information is accurate.
Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

• A. file extension associations
• B. hardware, software, and security settings for the system
• C. currently logged in users, including folders and control panel settings
• D. all users on the system, including visual settings

Answer: B

NEW QUESTION 20
......