Question 1

Refer to the exhibit.

What is occurring in this packet capture?

Options :

A : TCP port scan

B : TCP flood

C : DNS flood

D : DNS tunneling

Answer: B

Question 2

Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

Options :

A : exploitation

B : actions on objectives

C : delivery

D : reconnaissance

Answer: C

Question 3

Refer to the exhibit.

Where are the browser page rendering permissions displayed?

Options :

A : x-frame-options

B : x-xss-protection

C : x-content-type-options

D : x-test-debug

Answer: C

Question 4

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to

prevent this type of attack from reoccurring? (Choose two.)

Options :

A : Implement a patch management process.

B : Scan the company server files for known viruses.

C : Apply existing patches to the company servers.

D : Automate antivirus scans of the company servers.

E : Define roles and responsibilities in the incident response playbook.

Answer: A,D

Question 5

Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon -- Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

Options :

A : malware break

B : data theft

C : elevation of privileges

D : denial-of-service

Answer: C