Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
A.Modify the settings of the intrusion detection system.
B.Design criteria for reviewing alerts.
C.Redefine signature rules.
D.Adjust the alerts schedule.
What is the impact of false positive alerts on business compared to true positive?
A.True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.
B.True positive alerts are blocked by mistake as potential attacks affecting application availability.
C.False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.
D.False positive alerts are blocked by mistake as potential attacks affecting application availability.
An engineer needs to fetch logs from a proxy server and generate actual events according to the data received.
Which technology should the engineer use to accomplish this task?
B.Email Security Appliance
C.Web Security Appliance
Refer to the exhibit. Which technology generates this log?
Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?
A.src=10.11.0.0/16 and dst=10.11.0.0/16
B.ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16
C.ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16
D.src==10.11.0.0/16 and dst==10.11.0.0/16
Which tool provides a full packet capture from network traffic?
A company is using several network applications that require high availability and responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the engineer obtain for this analysis?
A.total throughput on the interface of the router and NetFlow records
B.output of routing protocol authentication failures and ports used
C.running processes on the applications and their total network usage
D.deep packet captures of each application flow and duration
Refer to the exhibit. What is depicted in the exhibit?
A.Windows Event logs
Which technology should be used to implement a solution that makes routing decisions based on HTTP header, uniform resource identifier, and SSL session ID attributes?
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
Which incidence response step includes identifying all hosts affected by an attack?
A.detection and analysis
D.containment, eradication, and recovery
Which two elements are used for profiling a network? (Choose two.)
Which category relates to improper use or disclosure of PII data?
Which type of evidence supports a theory or an assumption that results from initial evidence?
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
What is personally identifiable information that must be safeguarded from unauthorized access?
A.date of birth
B.driver's license number
In a SOC environment, what is a vulnerability management metric?
A.code signing enforcement
B.full assets scan
C.internet exposed devices
D.single factor authentication
A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?
A.CD data copy prepared in Windows
B.CD data copy prepared in Mac-based system
C.CD data copy prepared in Linux system
D.CD data copy prepared in Android-based system
Which two elements of the incident response process are stated in NIST Special Publication 800-61 r2? (Choose two.)
A.detection and analysis
Refer to the exhibit. What does this output indicate?
A.HTTPS ports are open on the server.
B.SMB ports are closed on the server.
C.FTP ports are open on the server.
D.Email ports are closed on the server.
Which metric should be used when evaluating the effectiveness and scope of a Security Operations Center?
A.The average time the SOC takes to register and assign the incident.
B.The total incident escalations per week.
C.The average time the SOC takes to detect and resolve the incident.
D.The total incident escalations per month.
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
- If the process is unsuccessful, a negative value is returned.
- If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?
A.parent directory name of a file pathname
B.process spawn scheduled
C.macros for managing CPU sets
D.new process created by parent process
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
A.Recover from the threat.
B.Analyze the threat.
C.Identify lessons learned from the threat.
D.Reduce the probability of similar threats.
Refer to the exhibit. What is shown in this PCAP file?
A.Timestamps are indicated with error.
B.The protocol is TCP.
C.The User-Agent is Mozilla/5.0.
D.The HTTP GET is encoded.
What is a difference between tampered and untampered disk images?
A.Tampered images have the same stored and computed hash.
B.Tampered images are used as evidence.
C.Untampered images are used for forensic investigations.
D.Untampered images are deliberately altered to preserve as evidence
Drag and Drop Question
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Drag and Drop Question
Drag and drop the elements from the left into the correct order for incident handling on the right.
2021 Latest Braindump2go 200-201 PDF and 200-201 VCE Dumps Free Share: