Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?

• A.action on objectives
• B.installation
• C.reconnaissance
• D.exploitation

Comment: *

Name: *

Email: *

Verification: *

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

• A.weaponization
• B.delivery
• C.exploitation
• D.reconnaissance

Comment: *

Name: *

Email: *

Verification: *

What is a difference between signature-based and behavior-based detection?

• A.Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
• B.Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
• C.Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
• D.Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Comment: *

Name: *

Email: *

Verification: *

Which metric is used to capture the level of access needed to launch a successful attack?

• A.privileges required
• B.user interaction
• C.attack complexity
• D.attack vector

Comment: *

Name: *

Email: *

Verification: *