A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

• A.delivery
• B.weaponization
• C.action on objectives
• D.reconnaissance

Comment: *

Name: *

Email: *

Verification: *

Which data type is necessary to get information about source/destination ports?

• A.statistical data
• B.session data
• C.connectivity data
• D.alert data

Comment: *

Name: *

Email: *

Verification: *

A security expert is working on a copy of the evidence, an ISO file that is saved in CDFS format. Which type of evidence is this file?

• A.CD data copy prepared in Linux system
• B.CD data copy prepared in Windows
• C.CD data copy prepared in Android-based system
• D.CD data copy prepared in Mac-based system

Comment: *

Name: *

Email: *

Verification: *

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?

• A.instigator
• B.precursor
• C.trigger
• D.online assault

Comment: *

Name: *

Email: *

Verification: *

Drag and drop the event term from the left onto the description on the right.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *