Question 161
An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving a SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?
A. incorrect TCP handshake
B. incorrect UDP handshake
C. incorrect OSI configuration
D. incorrect snaplen configuration
Question 162
Refer to the exhibit. What is shown in this PCAP file?
A. The User-Agent is Mozilla/5.0.
B. Timestamps are indicated with error.
C. The HTTP GET is encoded.
D. The protocol is TCP.
Question 163
Which regular expression is needed to capture the IP address 192.168.20.232?
A. ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}
B. ^(?:[0-9]{1,3}\.)*
C. ^)?:[0-9]{1,3}\.){1,4}
D. ^([0-9].{3})
Question 164
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?
A. Run "ps -u" to find out who executed additional processes that caused a high load on a server
B. Run "ps -ef" to understand which processes are taking a high amount of resources
C. Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion
D. Run "ps -m" to capture the existing state of daemons and map required processes to find the gap
Question 165
Refer to the exhibit. Which component is identifiable in this exhibit?
A. Windows Registry hive
B. Trusted Root Certificate store on the local machine
C. Windows PowerShell verb
D. local service in the Windows Services Manager
Question 166
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?
A. online assault
B. precursor
C. trigger
D. instigator
Question 167
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. CSIRT
B. PSIRT
C. public affairs
D. management
Question 168
Which incidence response step includes identifying all hosts affected by an attack?
A. detection and analysis
B. post-incident activity
C. preparation
D. containment, eradication, and recovery
Question 169
Which two elements are used for profiling a network? (Choose two.)
A. session duration
B. total throughput
C. running processes
D. listening ports
E. OS fingerprint
Question 170
Which category relates to improper use or disclosure of PII data?
A. legal
B. compliance
C. regulated
D. contractual
