Question 1

The SOC team has confirmed a potential indicator of compromise on an isolated endpoint. The team has narrowed the potential malware type to a new trojan family. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling the event?

Options :

A : Perform an AV scan on the infected endpoint.

B : Isolate the infected endpoint from the network.

C : Prioritize incident handling based on the impact.

D : Analyze the malware behavior.

Answer: D

Question 2

What is the impact of false negative alerts when compared to true negative alerts?

Options :

A : A false negative is someone trying to hack into the system and no alert is raised, and a true negative is an event that never happened and an alert was not raised.

B : A true negative is an alert for an exploit attempt when no attack was detected, and a false negative is when no attack happens and an alert is still raised.

C : A true negative is a legitimate attack that triggers a brute force alert, and a false negative is when no alert and no attack is occurring.

D : A false negative is an event that alerts for injection attack when no attack is happening, and a true negative is an attack that happens and an alert that is appropriately raised.

Answer: A

Question 3

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

Options :

A : A policy violation is active for host 10.10.101.24.

B : A host on the network is sending a DDoS attack to another inside host.

C : There are two active data exfiltration alerts.

D : A policy violation is active for host 10.201.3.149.

Answer: C

Question 4

Refer to the exhibit.

A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted What is occurring?

Options :

A : indicators of denial-of-service attack due to the frequency of requests

B : garbage flood attack attacker is sending garbage binary data to open ports

C : indicators of data exfiltration HTTP requests must be plain text

D : cache bypassing attack: attacker is sending requests for noncacheable content

Answer: C

Question 5

Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

Options :

A : Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7

B : Employee 1, Employee 2, Employee 4, Employee 5

C : Employee 4, Employee 6, Employee 7

D : Employee 2, Employee 3, Employee 4, Employee 5

Answer: D

Smartly Prepare Exam with Free Online 200-201 Practice Test

Buying Options: