| How does an SSL certificate impact security between the client and the server? |
| What is the practice of giving employees only those permissions necessary to perform their specific role within an organization? |
| What is an example of social engineering attacks? |
| What does an attacker use to determine which network ports are listening on a potential target device? |
| What is the relationship between a vulnerability and a threat? |
| Which attack method intercepts traffic on a switched network? |
| What is the difference between an attack vector and attack surface? |
| What is a difference between signature-based and behavior-based detection? |
| Refer to the exhibit. What is occurring in this network traffic? |
| Which type of data consists of connection level, application-specific records generated from network traffic? |
| A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described? |
| An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack? |
| Which security principle is violated by running all processes as root or administrator? |
| How does a certificate authority impact security? |
| One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context? |
| What is the difference between a threat and a risk? |
| Which data format is the most efficient to build a baseline of traffic seen over an extended period of time? |
| A network engineer discovers that a foreign government hacked one of the defense contractors in their home country and stole intellectual property. What is the threat agent in this situation? |
| What makes HTTPS traffic difficult to monitor? |
| Refer to the exhibit. What information is depicted? |
| Refer to the exhibit. What is occurring in this network? |
| What is the virtual address space for a Windows process? |
| What is the difference between the ACK flag and the RST flag in the NetFlow log session? |
| A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident? |
| An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs? |
| An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.) |
| Which action prevents buffer overflow attacks? |
| Which evasion technique is a function of ransomware? |
| What is a benefit of agent-based protection when compared to agentless protection? |
| Which event is user interaction? |
| Refer to the exhibit. Which two elements in the table are parts of the 5-tuple? (Choose two.) |
| Why is encryption challenging to security monitoring? |
| Which process is used when IPS events are removed to improve data integrity? |
| Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number? |
| Refer to the exhibit. What should be interpreted from this packet capture? |
| Which security principle requires more than one person is required to perform a critical task? |
| How does an attacker observe network traffic exchanged between two users? |
| Which data type is necessary to get information about source/destination ports? |
| What is a difference between SOAR and SIEM? |
| When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password? |
| What is the function of a command and control server? |
| What is rule-based detection when compared to statistical detection? |
| What is vulnerability management? |
| How is attacking a vulnerability categorized? |
| An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network. What is the impact of this traffic? |
| What is a difference between SIEM and SOAR? |
| Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key? |
| What is the difference between deep packet inspection and stateful inspection? |
| Which event is a vishing attack? |
| Refer to the exhibit. Which type of log is displayed? |
| Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones? |
| What is a purpose of a vulnerability management framework? |
| A user received a malicious attachment but did not run it. Which category classifies the intrusion? |
| What is the principle of defense-in-depth? |
| What are the two characteristics of the full packet captures? (Choose two.) |
| Refer to the exhibit. Which type of log is displayed? |
| Which metric is used to capture the level of access needed to launch a successful attack? |
| What is the difference between statistical detection and rule-based detection models? |
| Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action? |
| What is the practice of giving an employee access to only the resources needed to accomplish their job? |
| Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake? |
| What is the difference between mandatory access control (MAC) and discretionary access control (DAC)? |
| Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file? |
| What is the difference between the rule-based detection when compared to behavioral detection? |
| What specific type of analysis is assigning values to the scenario to see expected outcomes? |
| When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification. Which information is available on the server certificate? |
| How is NetFlow different from traffic mirroring? |
| A security incident occurred with the potential of impacting business services. Who performs the attack? |
