Refer to the exhibit.

Which application protocol is in this PCAP file?

• A.SSH
• B.HTTP
• C.TLS
• D.TCP

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit. Which packet contains a file that is extractable within Wireshark?

• A.2317
• B.1986
• C.2318
• D.2542

Comment: *

Name: *

Email: *

Verification: *

A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?

• A.event name, log source, time, source IP, and host name
• B.event name, log source, time, source IP, and username
• C.protocol, log source, source IP, destination IP, and host name
• D.protocol, source IP, source port, destination IP, and destination port

Comment: *

Name: *

Email: *

Verification: *

An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

• A.Recover from the threat.
• B.Analyze the threat.
• C.Identify lessons learned from the threat.
• D.Reduce the probability of similar threats.

Comment: *

Name: *

Email: *

Verification: *

Which technology on a host is used to isolate a running application from other applications?

• A.application block list
• B.sandbox
• C.application allow list
• D.host-based firewall

Comment: *

Name: *

Email: *

Verification: *