How does an attacker observe network traffic exchanged between two users?

• A.port scanning
• B.man-in-the-middle
• C.command injection
• D.denial of service

Comment: *

Name: *

Email: *

Verification: *

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

• A.The threat actor gained access to the system by known credentials.
• B.The threat actor used the teardrop technique to confuse and crash login services.
• C.The threat actor used an unknown vulnerability of the operating system that went undetected.
• D.The threat actor used a dictionary-based password attack to obtain credentials.

Comment: *

Name: *

Email: *

Verification: *

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?

• A.online assault
• B.precursor
• C.trigger
• D.instigator

Comment: *

Name: *

Email: *

Verification: *

A malicious file has been identified in a sandbox analysis tool.

Which piece of information is needed to search for additional downloads of this file by other hosts?

• A.file header type
• B.file size
• C.file name
• D.file hash value

Comment: *

Name: *

Email: *

Verification: *

How is NetFlow different than traffic mirroring?

• A.NetFlow generates more data than traffic mirroring
• B.Traffic mirroring costs less to operate than NetFlow
• C.Traffic mirroring impacts switch performance and NetFlow does not
• D.NetFlow collects metadata and traffic mirroring clones data

Comment: *

Name: *

Email: *

Verification: *