A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

A. file header type

B.

file size

C.

file name

D.

file hash value

What is the difference between deep packet inspection and stateful inspection?

A.

Deep packet inspection is more secure than stateful inspection on Layer 4 

B.

Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7

C.

Stateful inspection is more secure than deep packet inspection on Layer 7

D.

Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4

Refer to the exhibit.

Which kind of attack method is depicted in this string?

A.

cross-site scripting

B.

man-in-the-middle

C.

SQL injection

D.

denial of service

Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

A.

syslog messages

B.

full packet capture

C.

NetFlow

D.

firewall event logs

Refer to the exhibit.

In which Linux log file is this output found?

A.

/var/log/authorization.log

B.

/var/log/dmesg

C.

var/log/var.log

D.

/var/log/auth.log

Which two components reduce the attack surface on an endpoint? (Choose two.)

A.

secure boot

B.

load balancing

C.

increased audit log levels

D.

restricting USB ports

E.

full packet captures at the endpoint

An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?

A.

queries Linux devices that have Microsoft Services for Linux installed

B.

deploys Windows Operating Systems in an automated fashion

C.

is an efficient tool for working with Active Directory

D.

has a Common Information Model, which describes installed hardware and software

An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?

A.

sequence numbers

B.

IP identifier

C.

5-tuple

D.

timestamps

What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)

A.

Untampered images are used in the security investigation process

B.

Tampered images are used in the security investigation process

C.

The image is tampered if the stored hash and the computed hash match

D.

Tampered images are used in the incident recovery process

E.

The image is untampered if the stored hash and the computed hash match

Refer to the exhibit.

Which type of log is displayed?

A.

proxy

B.

NetFlow

C.

IDS

D.

sys

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.
Which identifier tracks an active program?

A.

application identification number

B.

process identification number

C.

runtime identification number

D.

process identification number

Which metric is used to capture the level of access needed to launch a successful attack?

A.

privileges required

B.

user interaction

C.

attack complexity

D.

attack vector