Question 1

Refer to the exhibit.

What is occurring in this packet capture?

Options :

A : TCP port scan

B : TCP flood

C : DNS flood

D : DNS tunneling

Answer: B

Question 2

Refer to the exhibit.

What results from this script?

Options :

A : Seeds for existing domains are checked

B : A search is conducted for additional seeds

C : Domains are compared to seed rules

D : A list of domains as seeds is blocked

Answer: B

Question 3

An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?

#!/usr/bin/python import sys import requests

Options :

A : {1}, {2}

B : {1}, {3}

C : console_ip, api_token

D : console_ip, reference_set_name

Answer: C

Question 4

Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon -- Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

Options :

A : malware break

B : data theft

C : elevation of privileges

D : denial-of-service

Answer: C

Question 5

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

Options :

A : Modify the alert rule to ''output alert_syslog: output log''

B : Modify the output module rule to ''output alert_quick: output filename''

C : Modify the alert rule to ''output alert_syslog: output header''

D : Modify the output module rule to ''output alert_fast: output filename''

Answer: A