Question 191
What is the difference between vulnerability and risk?
A. A vulnerability represents a flaw in a security that can be exploited, and the risk is the potential damage it might cause.
B. A risk is potential threat that adversaries use to infiltrate the network, and a vulnerability is an exploit.
C. A risk is a potential threat that an exploit applies to, and a vulnerability represents the threat itself.
D. A vulnerability is a sum of possible malicious entry points, and a risk represents the possibility of the unauthorized entry itself.
Question 192
The security team has detected an ongoing spam campaign targeting the organization. The team's approach is to push back the cyber kill chain and mitigate ongoing incidents. At which phase of the cyber kill chain should the security team mitigate this type of attack?
A. installation
B. reconnaissance
C. actions
D. delivery
Question 193
What describes the concept of data consistently and readily being accessible for legitimate users?
A. accessibility
B. availability
C. integrity
D. confidentiality
Question 194
How does an attack surface differ from an attack vector?
A. An attack vector recognizes the potential outcomes of an attack, and the attack surface is choosing a method of an attack.
B. An attack vector matches components that can be exploited, and an attack surface classifies the potential path for exploitation.
C. An attack surface mitigates external vulnerabilities, and an attack vector identifies mitigation techniques and possible workarounds.
D. An attack surface identifies vulnerable parts for an attack, and an attack vector specifies which attacks are feasible to those parts.
Question 195
What describes the defense-in-depth principle?
A. defining precise guidelines for new workstation installations
B. implementing alerts for unexpected asset malfunctions
C. categorizing critical assets within the organization
D. isolating guest Wi-Fi from the local network
Question 196
What is a collection of compromised machines that attackers use to carry out a DDoS attack?
A. subnet
B. VLAN
C. command and control
D. botnet
Question 197
What is the difference between inline traffic interrogation (TAPS) and traffic mirroring (SPAN)?
A. SPAN ports filter out physical layer errors, making some types of analyses more difficult, and TAPS receives all packets, including physical errors.
B. TAPS replicates the traffic to preserve integrity, and SPAN modifies packets before sending them to other analysis tools.
C. TAPS interrogation is more complex because traffic mirroring applies additional tags to data, and SPAN does not alter integrity and provides full visibility within full-duplex networks.
D. SPAN results in more efficient traffic analysis, and TAPS is considerably slower due to latency caused by mirroring.
Question 198
A security engineer notices confidential data being exfiltrated to a domain `Ransome4144-mware73-978` address that is attributed to a known advanced persistent threat group. The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
A. reconnaissance
B. delivery
C. action on objectives
D. weaponization
Question 199
Which of these describes SOC metrics in relation to security incidents?
A. probability of outage caused by the incident
B. probability of compromise and impact caused by the incident
C. time it takes to assess the risks of the incident
D. time it takes to detect the incident
Question 200
What is a benefit of using asymmetric cryptography?
A. encrypts data with one key
B. decrypts data with one key
C. secure data transfer
D. fast data transfer
