Refer to the exhibit.

An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server Which display filters should the analyst use to filter the FTP traffic?

• A.tcpport = FTP
• B.tcp.port==21
• C.dstport = 21
• D.dstport == FTP

Comment: *

Name: *

Email: *

Verification: *

An analyst is using the SIEM platform and must extract a custom property from a Cisco device and capture the phrase, "File: Clean." Which regex must the analyst import?

• A.File: Clean
• B.^Parent File Clean$
• C.File: Clean (.*)
• D.^File: Clean$

Comment: *

Name: *

Email: *

Verification: *

What is an example of social engineering attacks?

• A.receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company
• B.receiving an invitation to the department's weekly WebEx meeting
• C.sending a verbal request to an administrator who knows how to change an account password
• D.receiving an email from human resources requesting a visit to their secure website to update contact information

Comment: *

Name: *

Email: *

Verification: *

What is threat hunting?

• A.Managing a vulnerability assessment report to mitigate potential threats.
• B.Focusing on proactively detecting possible signs of intrusion and compromise.
• C.Pursuing competitors and adversaries to infiltrate their system to acquire intelligence data.
• D.Attempting to deliberately disrupt servers by altering their availability

Comment: *

Name: *

Email: *

Verification: *

A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders After further investigation, the analyst learns that customers claim that they cannot access company servers According to NIST SP800-61, in which phase of the incident response process is the analyst?

• A.containment, eradication, and recovery
• B.detection and analysis
• C.post-incident activity
• D.preparation

Comment: *

Name: *

Email: *

Verification: *