NEW QUESTION 1
Which incident handling is focused on minimizing the impact of an incident?

• A. Scoping
• B. Reporting
• C. Containment
• D. Eradication

Answer: D

NEW QUESTION 2
Which of the following is typically a responsibility of a PSIRT (Product SIRT)?

• A. Configure the organization’s firewall
• B. Monitor security logs
• C. Investigate security incidents in a SOC
• D. Disclosure vulnerabilities in the organization’s products and services

Answer: D

NEW QUESTION 3
Refer to exhibit.

Drag and drop the items from the left onto the correct 5-tuples on the right.

Answer:

Explanation: 192.168.1.1 = source ip 192.168.2.2 = destination ip 2196 = Source port
22 = Destination port TCP = protocol

NEW QUESTION 4
What are the metric values of the confidentiality based on the CVSS framework?

• A. Low-high
• B. Low –Medium-high
• C. High-Low-none
• D. High-none

Answer: C

NEW QUESTION 5
Which file system has 32 assigned to the address cluster of the allocation table?

• A. EXT4
• B. FAT32
• C. NTFS
• D. FAT16

Answer: C

NEW QUESTION 6
Which two HTTP header fields relate to intrusion analysis? (Choose two).

• A. user-agent
• B. host
• C. connection
• D. language
• E. handshake type

Answer: AB

Explanation: User-AgentContains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent. See also the Firefox user agent string reference.
HostSpecifies the domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.

NEW QUESTION 7
Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?

• A. CSIRT
• B. ICASI
• C. USIRP
• D. PSIRT

Answer: D

NEW QUESTION 8
Which two components are included in a 5-tuple? (Choose two.)

• A. port number
• B. destination IP address
• C. data packet
• D. user name
• E. host logs

Answer: AB

Explanation: The source and destination addresses are primary 5-tuple components. The source address is the IP address of the network that creates and sends a data packet, and the destination address is the recipient.

NEW QUESTION 9
Which goal of data normalization is true?

• A. Reduce data redundancy.
• B. Increase data redundancy.
• C. Reduce data availability.
• D. Increase data availability

Answer: A

Explanation: Data normalization is the process of intercepting and storing incoming data so it exists in one form only. This eliminates redundant data and protects the data’s integrity.

NEW QUESTION 10
Which precursor example is true?

• A. Admin finds their password has been changed
• B. A log scan indicating a port scan against a host
• C. A network device configuration has been changed

Answer: B

NEW QUESTION 11
What is the difference between deterministic and probabilistic assessment method? (Choose Two)

• A. At deterministic method we know the facts beforehand and at probabilistic method we make assumptions
• B. At probabilistic method we know the facts beforehand and at deterministic method we make assumptions
• C. Probabilistic method has an absolute nature
• D. Deterministc method has an absolute nature

Answer: AD

NEW QUESTION 12
Which of the following are examples of some of the responsibility of a corporate CSIRT and the policies it helps create? (Choose four)

• A. Scanning vendor customer network
• B. incident classification and handling
• C. Information classification and protection
• D. Information dissemination
• E. Record retentions and destruction

Answer: BCDE

NEW QUESTION 13
Which information must be left out of a final incident report?

• A. server hardware configurations
• B. exploit or vulnerability used
• C. impact and/or the financial loss
• D. how the incident was detected

Answer: A

NEW QUESTION 14
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800-61 r2?

• A. instigator
• B. precursor
• C. online assault
• D. trigger

Answer: B

Explanation: Signs of an incident fall into one of two categories: precursors and indicators. A precursor is a sign that an incident may occur in the future. An indicator is a sign that an incident may have occurred or may be occurring now.

NEW QUESTION 15
What is accomplished in the identification phase of incident handling?

• A. determining the responsible user
• B. identifying source and destination IP addresses
• C. defining the limits of your authority related to a security event
• D. determining that a security event has occurred

Answer: D

Explanation: From Cisco SECOPS Elearning course Identification phase is referenced as‘Identification: The SOC analyst performs continuous monitoring, and active cyber threat hunting. When a true positive incident has been detected, the incident response team is activated. During the investigation process, the SOC analyst or the incident response team may also contact the CERT/CC (or other security intelligence sources), which tracks Internet security activity and has the most current threat information.’

NEW QUESTION 16
You receive an alert for malicious code that exploits Internet Explorer and runs arbitrary code on the site visitor machine. The malicous code is on an external site that is being visited by hosts on your network. Which user agent in the HTTP headers in the requests from your internal hosts warrants further investigation?

• A. Mozilla/5.0 (compatible, MSIE 10.0, Windows NT 6.2, Trident 6.0)
• B. Mozilla/5.0 (XII; Linux i686; rv: 1.9.2.20) Gecko/20110805
• C. Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 4O0) Gecko/20100101
• D. Opera/9.80 (XII; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16

Answer: A

NEW QUESTION 17
Which component of the NIST SP800-61 r2 incident handling strategy reviews data?

• A. preparation
• B. detection and analysis
• C. containment, eradication, and recovery
• D. post-incident analysis

Answer: D

Explanation: 3.4.2 Using Collected Incident Data (which falls under post incident analysis in the aforementioned document)Lessons learned activities should produce a set of objective and subjective data regarding each incident.Over time, the collected incident data should be useful in several capacities. The data, particularly the total hours of involvement and the cost, may be used to justify additional funding of the incident response team. A study of incident characteristics may indicate systemic security weaknesses and threats, as wellas changes in incident trends. This data can be put back into the risk assessment process, ultimately leading to the selection and implementation of additional controls. Another good use of the data is measuring the success of the incident response team. If incident data is collected and stored properly, it should provide several measures of the success (or at least the activities) of the incident response team.Incident data can also be collected to determine if a change to incident response capabilities causes a corresponding change in the team’s performance (e.g., improvements in efficiency, reductions in costs).

NEW QUESTION 18
Which type of analysis assigns values to scenarios to see what the outcome might be in each scenario?

• A. deterministic
• B. exploratory
• C. probabilistic
• D. descriptive

Answer: A

Explanation: Deterministic Versus Probabilistic Analysis
In deterministic analysis, all data used for the analysis is known beforehand. Probabilistic analysis, on the other hand, is done assuming the likelihood that something will or has happened, but you don’t know exactly when or how.
Probabilistic methods institute powerful tools for use in many kinds of decision-making problems—in this case, cybersecurity event analysis. In this type of analysis, the analysis components suggest a “probabilistic Answer” to the results of the investigation, which is not a definitive result.
Deterministic analysis, you know and obtain “facts” about the incident, breach, affected applications, and so on. For instance, by analyzing applications using port-based analysis and similar methods, you can assume that the process is deterministic—especially when applications conform to the specifications of the standards.

NEW QUESTION 19
Which of the following are examples of some of the responsibilities of a corporate CSIRT and the policies it helps create? (Select all that apply.)

• A. Scanning vendor customer networks
• B. Incident classification and handling
• C. Information classification and protection
• D. Information dissemination
• E. Record retentions and destruction

Answer: BCDE

NEW QUESTION 20
Which of the following is an example of a coordination center?

• A. Cisco PSIRT
• B. Microsoft MSRC
• C. CERT division of the Software Engineering Institute (SEI)
• D. FIRST

Answer: C