NEW QUESTION 1
What are the metric values for confidentiality impact in the CVSS v3.0 framework?

• A. high, low, none
• B. open, closed, obsolete
• C. high, low
• D. high, medium, none

Answer: A

NEW QUESTION 2
Which of the following has been used to evade IDS / IPS devices?

• A. SNMP
• B. HTTP
• C. TNP
• D. Fragmentation

Answer: D

NEW QUESTION 3
Which two potions are the primary 5-tuple components? (Choose two)

• A. destination IP address
• B. header length
• C. sequence number
• D. checksum
• E. source IP address

Answer: AE

NEW QUESTION 4
Which event artifact can be used to identify HTTP GET requests for a specific file?

• A. HTTP status code
• B. TCP ACK
• C. destination IP
• D. URI

Answer: D

NEW QUESTION 5
According to NIST what option is unnecessary for containment strategy?

• A. The delayed containment
• B. Monitoring with methods other than sandboxing

Answer: AB

NEW QUESTION 6
During which phase of the forensic process are tools and techniques used to extract the relevant information from the collective data?

• A. examination
• B. reporting
• C. collection
• D. investigation

Answer: A

Explanation: Examinations involve forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data. Forensic tools and techniques appropriate to the types of data that were collected are executed to identify and extract the relevant information from the collected data while protecting its integrity. Examination may use a combination of automated tools and manual processes.

NEW QUESTION 7
Which analyzing technique describe the outcome as well as how likely each outcome is?

• A. deterministic
• B. exploratory
• C. probabilistic
• D. descriptive

Answer: C

NEW QUESTION 8
Refer to the exhibit.

Which packet contains a file that is extractable within Wireshark?

• A. 1986
• B. 2318
• C. 2542
• D. 2317

Answer: C

NEW QUESTION 9
According to NIST SP800-86, which action describes volatile data collection?

• A. collection of data during a system reboot
• B. collection of data that contains malware
• C. collection of date before system reboot
• D. collection of data after system reboot

Answer: C

NEW QUESTION 10
Which of the following are the three metrics, or "scores," of the Common Vulnerability Scoring System (CVSS)? (Select all that apply.)

• A. Baseline score
• B. Base score
• C. Environmental score
• D. Temporal score

Answer: BCD

NEW QUESTION 11
Which option filters a LibPCAP capture that used a host as a gateway?

• A. tcp|udp] [src|dst] port <port>
• B. [src|dst] net <net> [{mask <mask>}|{len <len>}]
• C. ether [src|dst] host <ehost>
• D. gateway host <host>

Answer: D

Explanation: This primitive allows you to filter on packets that used host as a gateway. That is, where the Ethernet source or destination was host but neither the source nor destination IP address was host.

NEW QUESTION 12
Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?

• A. data analytics
• B. asset attribution
• C. threat actor attribution
• D. evidence collection

Answer: A

NEW QUESTION 13
From a security perspective, why is it important to employ a clock synchronization protocol on a network?

• A. so that everyone knows the local time
• B. to ensure employees adhere to work schedule
• C. to construct an accurate timeline of events when responding to an incident
• D. to guarantee that updates are pushed out according to schedule

Answer: C

Explanation: The Importance of Time Synchronization for Your NetworkIn modern computer networks time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Time also provides the only frame of reference between all devices on the network. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. Following are just a few specific reasons:Tracking security breaches, network usage, or problems affecting a large number of components can be nearly impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one network node to be mapped to a corresponding event on another.To reduce confusion in shared filesystems, it is important for the modification times to be consistent, regardless of what machine the filesystems are on.

NEW QUESTION 14
How do you enforce network access control automatically?

• A. IGMP
• B. SNMP
• C. 802.1X
• D. Port Security

Answer: C

NEW QUESTION 15
Which HTTP header field is usually used in forensics to identify the type of browser used?

• A. accept-language
• B. user-agent
• C. referrer
• D. host

Answer: B

NEW QUESTION 16
Which option is the common artifact used to uniquely identify a detected file?

• A. file size
• B. file extension
• C. file timestamp
• D. file hash

Answer: D

NEW QUESTION 17
Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)?

• A. Cisco CloudLock
• B. Cisco's Active Threat Analytics (ATA)
• C. Cisco Managed Firepower Service
• D. Cisco Jasper

Answer: B

NEW QUESTION 18
Which of the following is typically a responsibility of a PSIRT?

• A. Configure the organization's firewall
• B. Monitor security logs
• C. Investigate security incidents in a security operations center (SOC)
• D. Disclose vulnerabilities in the organization's products and services

Answer: D

NEW QUESTION 19
What is a listening port?

Answer:

Explanation: A port that remains open and waiting for incoming connections

NEW QUESTION 20
Which option has a drastic impact on network traffic because it can cause legitimate traffic to be blocked?

• A. true positive
• B. true negative
• C. false positive
• D. false negative

Answer: C