An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?

• A.IP identifier
• B.sequence numbers
• C.5-tuple
• D.timestamps

Comment: *

Name: *

Email: *

Verification: *

What is a difference between inline traffic interrogation and traffic mirroring?

• A.Inline inspection acts on the original traffic data flow
• B.Traffic mirroring passes live traffic to a tool for blocking
• C.Traffic mirroring inspects live traffic for analysis and mitigation
• D.Inline traffic copies packets for analysis and security

Comment: *

Name: *

Email: *

Verification: *

What is the difference between deep packet inspection and stateful inspection?

• A.Deep packet inspection allows visibility on Layer 7 and stateful inspection allows visibility on Layer 4
• B.Stateful inspection verifies contents at Layer 4 and deep packet inspection verifies connection at Layer 7
• C.Stateful inspection is more secure than deep packet inspection on Layer 7
• D.Deep packet inspection is more secure than stateful inspection on Layer 4

Comment: *

Name: *

Email: *

Verification: *

What do the Security Intelligence Events within the FMC allow an administrator to do?

• A.View any malicious files that a host has downloaded.
• B.See if a host is connecting to a known-bad domain.
• C.Check for host-to-server traffic within your network.
• D.Verify host-to-host traffic within your network.

Comment: *

Name: *

Email: *

Verification: *

What is a difference between inline traffic interrogation and traffic mirroring?

• A.Inline inspection acts on the original traffic data flow
• B.Traffic mirroring passes live traffic to a tool for blocking
• C.Traffic mirroring inspects live traffic for analysis and mitigation
• D.Inline traffic copies packets for analysis and security

Comment: *

Name: *

Email: *

Verification: *