What is a difference between signature-based and behavior-based detection?

A.

Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.

B.

Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.

C.

Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.

D.

Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

A.

company assets that are threatened

B.

customer assets that are threatened

C.

perpetrators of the attack

D.

victims of the attack

How is NetFlow different from traffic mirroring?

A.

NetFlow collects metadata and traffic mirroring clones data.

B.

Traffic mirroring impacts switch performance and NetFlow does not.

C.

Traffic mirroring costs less to operate than NetFlow.

D.

NetFlow generates more data than traffic mirroring.

What is a difference between SIEM and SOAR?

A.

SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.

B.

SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.

C.

SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.

D.

SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.

What is the relationship between a vulnerability and a threat?

A.

A threat exploits a vulnerability

B.

A vulnerability is a calculation of the potential loss caused by a threat

C.

A vulnerability exploits a threat

D.

A threat is a calculation of the potential loss caused by a vulnerability

Which data type is necessary to get information about source/destination ports?

A.

statistical data

B.

session data

C.

connectivity data

D.

alert data

Which attack represents the evasion technique of resource exhaustion?

A.

SQL injection

B.

man-in-the-middle

C.

bluesnarfing

D.

denial-of-service

An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?

A.

incorrect TCP handshake

B.

incorrect UDP handshake

C.

incorrect OSI configuration

D.

incorrect snaplen configuration

At a company party a guest asks Question about the company’s user account format and password complexity. How is this type of conversation classified?

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

What is an incident response plan?

A.

an organizational approach to events that could lead to asset loss or disruption of operations

B.

an organizational approach to security management to ensure a service lifecycle and continuous improvements

C.

an organizational approach to disaster recovery and timely restoration ot operational services

D.

an organizational approach to system backup and data archiving aligned to regulations

A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
If the process is unsuccessful, a negative value is returned.
If the process is successful, 0 value is returned to the child process, and the
process ID is sent to the parent process.
Which component results from this operation?

A.

parent directory name of a file pathname

B.

process spawn scheduled

C.

macros for managing CPU sets

D.

new process created by parent process

What is a difference between data obtained from Tap and SPAN ports?

A.

Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.

B.

SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.

C.

SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.

D.

Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination