Question 201
What is obtained using NetFlow?
A. full packet capture
B. session data
C. application logs
D. network downtime report
Question 202
What are the two differences between stateful and deep packet inspection? (Choose two.)
A. Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
B. Stateful inspection is capable of packet data inspections, and deep packet inspection is not.
C. Deep packet inspection is capable of malware blocking, and stateful inspection is not.
D. Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports.
E. Deep packet inspection operates on Layer 3 and 4, and stateful inspection operates on Layer 3 of the OSI model.
Question 203
An engineer received a flood of phishing emails from HR with the source address HRjacobrn@company.
com. What is the threat actor in this scenario?
A. sender
B. phishing email
C. receiver
D. HR
Question 204
Syslog collecting software is installed on the server. For the log containment, a disk with FAT type partition is used. An engineer determined that log files are being corrupted when the 4 GB file size is exceeded. Which action resolves the issue?
A. Use NTFS partition for log containment.
B. Use the Ext4 partition because it can hold files up to 16 TB.
C. Use FAT32 to exceed the limit of 4 GB.
D. Add space to the existing partition and lower the retention period.
Question 205
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?
A. evidence collection order
B. volatile data collection
C. data integrity
D. data preservation
Question 206
What are two denial-of-service (DoS) attacks? (Choose two.)
A. port scan
B. phishing
C. man-in-the-middle
D. teardrop
E. SYN flood
Question 207
What is the difference between discretionary access control (DAC) and role-based access control (RBAC)?
A. DAC administrators pass privileges to users and groups, and in RBAC, permissions are applied to specific groups.
B. DAC requires explicit authorization for a given user on a given object, RBAC requires specific conditions.
C. RBAC is an extended version of DAC where you can add an extra level of authorization based on time.
D. RBAC access is granted when a user meets specific conditions, and in DAC, permissions are applied on user and group levels.
Question 208
Refer to the exhibit. Which field contains DNS header information if the payload is a query or response?
A. ID
B. Z
C. QR
D. TC
Question 209
What is the difference between a threat and an exploit?
A. An exploit is an attack path, and a threat represents a potential vulnerability.
B. An exploit is an attack vector, and a threat is a potential path the attack must go through.
C. A threat is a potential attack on an asset, and an exploit takes advantage of the vulnerability of the asset.
D. A threat is a result of utilizing flow in a system, and an exploit is a result of gaining control over the system.
Question 210
Refer to the exhibit. A SOC engineer is analyzing the provided Cuckoo Sandbox report for a file that has been downloaded from an URL, received via email. What is the state of this file?
A. The file was identified as PE32 executable for MS Windows and the Yara filed lists it as Trojan.
B. The file was detected as executable and was matched by PEiD threat signatures for further analysis.
C. The file was detected as executable, but no suspicious features are identified.
D. The calculated SHA256 hash of the file was matched and identified as malicious.
