Question 151
Which event artifact is used to identify HTTP GET requests for a specific file?
A. destination IP address
B. TCP ACK
C. HTTP status code
D. URI
Question 152
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. Tapping interrogation replicates signals to a separate port for analyzing traffic
B. Tapping interrogations detect and block malicious traffic
C. Inline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. Inline interrogation detects malicious traffic but does not block the traffic
Question 153
At which layer is deep packet inspection investigated on a firewall?
A. internet
B. transport
C. application
D. data link
Question 154
DRAG DROP -Drag and drop the access control models from the left onto its corresponding descriptions on the right.
Select and Place:
Question 155
DRAG DROP -Drag and drop the event term from the left onto the description on the right.
Select and Place:
Question 156
Refer to the exhibit. What is occurring?
A. insecure deserialization
B. cross-site scripting attack
C. XML External Entities attack
D. regular GET requests
Question 157
What is a difference between data obtained from Tap and SPAN ports?
A. SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.
B. Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.
C. SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.
D. Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination.
Question 158
DRAG DROP -Drag and drop the data source from the left onto the data type on the right.
Select and Place:
Question 159
A threat actor penetrated an organization's network. Using the 5-tuple approach, which data points should the analyst use to isolate the compromised host in a grouped set of logs?
A. event name, log source, time, source IP, and username
B. event name, log source, time, source IP, and host name
C. protocol, log source, source IP, destination IP, and host name
D. protocol, source IP, source port destination IP, and destination port
Question 160
What is a difference between an inline and a tap mode traffic monitoring?
A. Tap mode monitors packets and their content with the highest speed, while the inline mode draws a packet path for analysis.
B. Inline monitors traffic without examining other devices, while a tap mode tags traffic and examines the data from monitoring devices.
C. Inline mode monitors traffic path, examining any traffic at a wire speed, while a tap mode monitors traffic as it crosses the network.
D. Tap mode monitors traffic direction, while inline mode keeps packet data as it passes through the monitoring devices.
