Question 181
A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
- If the process is unsuccessful, a negative value is returned.
- If the process is successful, 0 value is returned to the child process, and the process ID is sent to the parent process.
Which component results from this operation?
A. parent directory name of a file pathname
B. process spawn scheduled
C. macros for managing CPU sets
D. new process created by parent process
Question 182
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
A. Recover from the threat.
B. Analyze the threat.
C. Identify lessons learned from the threat.
D. Reduce the probability of similar threats.
Question 183
A user received an email attachment named `Hr402-report3662-empl621.
exe` but did not run it. Which category of the cyber kill chain should be assigned to this type of event?
A. delivery
B. reconnaissance
C. weaponization
D. installation
Question 184
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
A. Analysis
B. Eradication
C. Detection
D. Recovery
Question 185
The SOC team has confirmed a potential indicator of compromise on an endpoint. The team has narrowed the executable file's type to a new trojan family.
According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this event?
A. Perform forensics analysis on the infected endpoint
B. Isolate the infected endpoint from the network
C. Prioritize incident handling based on the impact
D. Collect public information on the malware behavior
Question 186
What is an incident response plan?
A. an organizational approach to events that could lead to asset loss or disruption of operations
B. an organizational approach to security management to ensure a service lifecycle and continuous improvements
C. an organizational approach to disaster recovery and timely restoration of operational services
D. an organizational approach to system backup and data archiving aligned to regulations
Question 187
What is the impact of encryption?
A. Data is unaltered and its integrity is preserved.
B. Data is accessible and available to permitted individuals.
C. Confidentiality of the data is kept secure and permissions are validated.
D. Data is secure and unreadable without decrypting it.
Question 188
Refer to the exhibit. What must be interpreted from this packet capture?
A. IP address 192.168.88.12 is communicating with 192.168.88.149 with a source port 49098 to destination port 80 using TCP protocol.
B. IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 49098 to destination port 80 using TCP protocol.
C. IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 80 to destination port 49098 using TCP protocol.
D. IP address 192.168.88.12 is communicating with 192.168.88.149 with a source port 74 to destination port 49098 using TCP protocol.
Question 189
What is the difference between the ACK flag and the RST flag?
A. The RST flag approves the connection, and the ACK flag indicates that a packet needs to be resent.
B. The ACK flag marks the connection as reliable, and the RST flag indicates the failure within TCP Handshake.
C. The RST flag approves the connection, and the ACK flag terminates spontaneous connections.
D. The ACK flag confirms the received segment, and the RST flag terminates the connection.
Question 190
An automotive company provides new types of engines and special brakes for rally sports cars. The company has a database of inventions and patents for their engines and technical information. Customers can acces the database through the company's website after they register and identify themselves. Which type of protected data is accessed by customers?
A. IP data
B. PII data
C. PSI data
D. PHI data
