Question 1

Which of the following behaviors does not help to identify adversary

Options :

A : DNS Tunneling

B :

None of these

C : Command line process execution, and the abuse of command line execution

D : Uncategorized Proxy Events

Answer: B

Question 2

The network operations center (NOC) improve blocking by

Options :

A : Secure web gateways (SWG)

B : Intrusion detection and intrusion prevention systems (IDS/IPS)

C :

Firewalls, next-generation firewalls (NGFW), application firewalls

D : All of these

Answer: D

Question 3

The step in CTI lifecycle involving usage of SIEM, is

Options :

A : Processing

B : Planning and Direction

C : Analysis

D : Collection

Answer: A

Question 4

Identify Behavioral Indicator

Options :

A : Profiles and habits

B : IP address, string, etc.

C : Hashes, IDS Signatures

D : None of these

Answer: A

Question 5

Which is an countermeasure to ARP spoofing

Options :

A : MAC-based security

B : WinTCPkill

C : Port-based security

D : Ethereal

Answer: A