An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is an example of social engineering attacks?
A. receiving an unexpected email from an unknown person with an attachment from someone in the same company
B. receiving an email from human resources requesting a visit to their secure website to update contact information
C. sending a verbal request to an administrator who knows how to change an account password
D. receiving an invitation to the department's weekly WebEx meeting
Refer to the exhibit. What is occurring in this network?
A. ARP cache poisoning
B. DNS cache poisoning
C. MAC address table overflow
D. MAC flooding attack
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A. syslog messages
B. full packet capture
D. firewall event logs
Which action prevents buffer overflow attacks?
A. variable randomization
B. using web based applications
C. input validation
D. using a Linux operating system
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
Refer to the exhibit. What should be interpreted from this packet capture?
A. 220.127.116.11 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 18.104.22.168 using TCP protocol.
C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 22.214.171.124 using UDP protocol.
D. 126.96.36.199 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP protocol.
What are the two characteristics of the full packet captures? (Choose two.)
A. Identifying network loops and collision domains.
B. Troubleshooting the cause of security and performance issues.
C. Reassembling fragmented traffic from raw data.
D. Detecting common hardware faults and identify faulty assets.
E. Providing a historical record of a network transaction.
Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
B. The file has an embedded non-Windows executable but no suspicious features are identified.
C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
DRAG DROP - Drag and drop the technology on the left onto the data type the technology provides on the right. Select and Place: