QUESTION 56
Which of the following Windows features is used to enable Security Auditing in Windows?

QUESTION 57
What does the HTTP status codes 1XX represents?

QUESTION 58
Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

QUESTION 59
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

What does this event log indicate?

QUESTION 60
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

QUESTION 61
What type of event is recorded when an application driver loads successfully in Windows?

QUESTION 62
Which encoding replaces unusual ASCII characters with “%” followed by the character’s two-digit ASCII code expressed in hexadecimal?

QUESTION 63
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?

QUESTION 64
Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

QUESTION 65
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

QUESTION 66
Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?

QUESTION 67
If the SIEM generates the following four alerts at the same time:
I.Firewall blocking traffic from getting into the network alerts
II.SQL injection attempt alerts
III.Data deletion attempt alerts
IV.Brute-force attempt alerts
Which alert should be given least priority as per effective alert triaging?

QUESTION 68
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((%3C)|<)((%69)|i|(%
49))((%6D)|m|(%4D))((%67)|g|(%47))[^n]+((%3E)|>)/|.
What does this event log indicate?

QUESTION 69
Bonney’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

QUESTION 70
Which of the log storage method arranges event logs in the form of a circular buffer?

QUESTION 71
Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 – 11008: User ‘enable_15’ executed the ‘configure term’ command What does the security level in the above log indicates?

QUESTION 72
Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?

QUESTION 73
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

QUESTION 74
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?