Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
Which security principle requires more than one person is required to perform a critical task?
A. least privilege
B. need to know
C. separation of duties
D. due diligence
How is attacking a vulnerability categorized?
A. action on objectives
What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?
A. confidentiality, identity, and authorization
B. confidentiality, integrity, and authorization
C. confidentiality, identity, and availability
D. confidentiality, integrity, and availability
What is rule-based detection when compared to statistical detection?
A. proof of a user's identity
B. proof of a user's action
C. likelihood of user's action
D. falsification of a user's identity
A user received a malicious attachment but did not run it. Which category classifies the intrusion?
Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
C. data signature
D. data protection
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?
A. sequence numbers
B. IP identifier