NEW QUESTION 1
While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header,
Which option is making this behavior possible?

• A. TOR
• B. NAT
• C. encapsulation
• D. tunneling

Answer: B

NEW QUESTION 2
which international standard is for general risk management, including the principles and guidelines for managing risk?

• A. ISO 27001
• B. ISO 27005
• C. IS0 31000
• D. ISO 27002

Answer: C

NEW QUESTION 3
Where is a host-based intrusion detection system located?

• A. on a particular end-point as an agent or a desktop application
• B. on a dedicated proxy server monitoring egress traffic
• C. on a span switch port
• D. on a tap switch port

Answer: A

NEW QUESTION 4
Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?

• A. chain of evidence
• B. evidence chronology
• C. chain of custody
• D. record of safekeeping

Answer: C

NEW QUESTION 5
which data type is the most beneficial to recreate ABinary file for malware analysis

• A. Alert
• B. Session
• C. Statistical
• D. Extracted Content Data

Answer: B

NEW QUESTION 6
Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?

• A. HTTP/TLS
• B. IPv4/IPv6
• C. TCP/UDP
• D. ATM/ MPLS

Answer: B

NEW QUESTION 7
Which two features must a next generation firewall include? (Choose two.)

• A. data mining
• B. host-based antivirus
• C. application visibility and control
• D. Security Information and Event Management
• E. intrusion detection system

Answer: CE

NEW QUESTION 8
Which definition of vulnerability is true?

• A. an exploitable unpatched and unmitigated weakness in software
• B. an incompatible piece of software
• C. software that does not have the most current patch applied
• D. software that was not approved for installation

Answer: A

NEW QUESTION 9
Which option is an advantage to using network-based anti-virus versus host-based anti-virus?

• A. Network-based has the ability to protect unmanaged devices and unsupported operating systems.
• B. There are no advantages compared to host-based antivirus.
• C. Host-based antivirus does not have the ability to collect newly created signatures.
• D. Network-based can protect against infection from malicious files at rest.

Answer: A

NEW QUESTION 10
Which data can be obtained using NetFlow?

• A. session data
• B. application logs
• C. network downtime
• D. report full packet capture

Answer: A

NEW QUESTION 11
which protocol helps to synchronizes and correlate events across multiple network devices:

• A. NTP
• B. time zone
• C. SNMP
• D. CDP

Answer: A

NEW QUESTION 12
which security principle is violated by running all processes as root/admin

• A. RBAC
• B. Principle of least privilege
• C. Segregation of duty

Answer: B

NEW QUESTION 13
Drag the data source on the left to the left to the correct data type on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Wireshark = Full packet capture Netflow = Session Data
Server log = Transaction Data IPS = Alert data

NEW QUESTION 14
What is a trunk link used for?

• A. To pass multiple virtual LANs
• B. To connect more than two switches
• C. To enable Spanning Tree Protocol
• D. To encapsulate Layer 2 frames

Answer: A

NEW QUESTION 15
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?

• A. connection event
• B. endpoint event
• C. NetFlow event
• D. intrusion event

Answer: D

NEW QUESTION 16
What Linux commands show the process for all users?

• A. ps –a
• B. ps –u
• C. ps –d
• D. ps –m

Answer: A

NEW QUESTION 17
Which term represents the likely hood of potential danger that could take advantage of a weakness in a system?

• A. vulnerability
• B. risk
• C. threat
• D. exploit

Answer: B

NEW QUESTION 18
Where does routing occur within the DoD TCP/IP reference model?

• A. application
• B. internet
• C. network
• D. transport

Answer: B

NEW QUESTION 19
Which technology allows a large number of private IP addresses to be represented by a smaller
number of public IP addresses?

• A. NAT
• B. NTP
• C. RFC 1631
• D. RFC 1918

Answer: A

NEW QUESTION 20
Which definition of a process in Windows is true?

• A. running program
• B. unit of execution that must be manually scheduled by the application
• C. database that stores low-level settings for the OS and for certain applications
• D. basic unit to which the operating system allocates processor time

Answer: A

NEW QUESTION 21
Which hash algorithm is the weakest?

• A. SHA-512
• B. RSA 4096
• C. SHA-1
• D. SHA-256

Answer: C

NEW QUESTION 22
What are the advantages of a full-duplex transmission mode compared to half-duplex mode? (Select all that apply.)

• A. Each station can transmit and receive at the same time.
• B. It avoids collisions.
• C. It makes use of back off time.
• D. It uses a collision avoidance algorithm to transmit.

Answer: AB

NEW QUESTION 23
Which tool is commonly used by threat actors on a webpage to take advantage of the software vulnerabilities of a system to spread malware?

• A. exploit kit
• B. root kit
• C. vulnerability kit
• D. script kiddie kit

Answer: B

NEW QUESTION 24
Which description is an example of whaling?

• A. When attackers target specific individuals
• B. When attackers target a group of individuals
• C. When attackers go after the CEO
• D. When attackers use fraudulent websites that look like legitimate ones

Answer: C

NEW QUESTION 25
Which two activities are examples of social engineering? (Choose two)

• A. receiving call from the IT department asking you to verify your username/password to maintain the account
• B. receiving an invite to your department's weekly WebEx meeting
• C. sending a verbal request to an administrator to change the password to the account of a user the administrator does know
• D. receiving an email from MR requesting that you visit the secure HR website and update your contract information
• E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company

Answer: AD

NEW QUESTION 26
......