What is the principle of defense-in-depth?

A.

Agentless and agent-based protection for security are used.

B.

Several distinct protective layers are involved.

C.

Access control models are involved.

D.

Authentication, authorization, and accounting mechanisms are used.

Refer to the exhibit.

Which component is identifiable in this exhibit?

A.

Trusted Root Certificate store on the local machine

B.

Windows PowerShell verb

C.

Windows Registry hive

D.

local service in the Windows Services Manager

What is a difference between tampered and untampered disk images?

A.

Tampered images have the same stored and computed hash.

B.

Tampered images are used as evidence.

C.

Untampered images are used for forensic investigations.

D.

Untampered images are deliberately altered to preserve as evidence

How does a certificate authority impact security?

A.

It validates client identity when communicating with the server.

B.

It authenticates client identity when requesting an SSL certificate.

C.

It authenticates domain identity when requesting an SSL certificate.

D.

It validates the domain identity of the SSL certificate.

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

A.

Hypertext Transfer Protocol

B.

SSL Certificate

C.

Tunneling

D.

VPN

Which tool provides a full packet capture from network traffic?

A.

Nagios

B.

CAINE

C.

Hydra

D.

Wireshark

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

A.

Modify the settings of the intrusion detection system.

B.

Design criteria for reviewing alerts.

C.

Redefine signature rules.

D.

Adjust the alerts schedule.

Which technology on a host is used to isolate a running application from other
applications?

A.

sandbox

B.

application allow list

C.

application block list

D.

host-based firewall

Which security technology allows only a set of pre-approved applications to run on a system?

A.

application-level blacklisting

B.

host-based IPS

C.

application-level whitelisting

D.

antivirus

What is the impact of false positive alerts on business compared to true positive?

A.

True positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

B.

True positive alerts are blocked by mistake as potential attacks affecting application availability.

C.

False positives affect security as no alarm is raised when an attack has taken place, resulting in a potential breach.

D.

False positive alerts are blocked by mistake as potential attacks affecting application availability.

What is a difference between an inline and a tap mode traffic monitoring?

A.

Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.

B.

Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.

C.

Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.

D.

Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.

Which filter allows an engineer to filter traffic in Wireshark to further analyze the PCAP file by only showing the traffic for LAN 10.11.x.x, between workstations and servers without the Internet?

A.

src=10.11.0.0/16 and dst=10.11.0.0/16

B.

ip.src==10.11.0.0/16 and ip.dst==10.11.0.0/16

C.

ip.src=10.11.0.0/16 and ip.dst=10.11.0.0/16

D.

src==10.11.0.0/16 and dst==10.11.0.0/16