- All Exams Instant Download
What is the connection status of the ICMP event?
Refer to the exhibit. What is the connection status of the ICMP event?A . blocked by a configured access policy ruleB . allowed by a configured access policy ruleC . blocked by an intrusion policy ruleD . allowed in the default actionView AnswerAnswer: B
Which additional element is needed to calculate the risk?
A company’s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events,...
Which change is needed to apply the restrictions?
Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company’s user creation policy: - minimum length: 3 - usernames can...
Which action should be taken when the HTTP response code 301 is received from a web application?
Which action should be taken when the HTTP response code 301 is received from a web application?A . Update the cached header metadata.B . Confirm the resource’s location.C . Increase the allowed user limit.D . Modify the session timeout setting.View AnswerAnswer: A
Which two steps mitigate attacks on the webserver from the Internet?
Refer to the exhibit. Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)A . Create an ACL on the firewall to allow only TLS 1.3B . Implement a proxy server in the DMZ networkC . Create an ACL on the firewall to allow only external connectionsD...
What is the threat in this Wireshark traffic capture?
Refer to the exhibit. What is the threat in this Wireshark traffic capture?A . A high rate of SYN packets being sent from multiple sources toward a single destination IPB . A flood of ACK packets coming from a single source IP to multiple destination IPsC . A high rate...
How is a SIEM tool used?
How is a SIEM tool used?A . To collect security data from authentication failures and cyber attacks and forward it for analysisB . To search and compare security data against acceptance standards and generate reports for analysisC . To compare security alerts against configured scenarios and trigger system responsesD ....
What is the next step in the malware analysis process?
The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis . What is the next step in the malware analysis process?A . Perform static...
What is a principle of Infrastructure as Code?
What is a principle of Infrastructure as Code?A . System maintenance is delegated to software systemsB . Comprehensive initial designs support robust systemsC . Scripts and manual configurations work together to ensure repeatable routinesD . System downtime is grouped and scheduled across the infrastructureView AnswerAnswer: B
Which action will improve the effectiveness of the process?
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?A . Block local to remote HTTP/HTTPS requests on the firewall for...
