Which type of incident has occurred when nothing is reported, however an exploit has occurred?
Explanation: A false alert has no incidents reported, however an exploit has occurred.
Which type of alert has happened when an alert is received, but no incident has occurred?
Explanation: A positive alert happens when an alert is received, but no incident has occurred.
Which type of alert would have no incident reported and no incident has occurred?
Explanation: A true alert occurs when no incidents are reported and no incidents have occurred.
Which statement describes an operational characteristic of NetFlow?
Explanation: NetFlow does not capture the entire contents of a packet. Instead, NetFlow collects metadata, or data about the flow, not the flow data itself. NetFlow information can be viewed…
What is a feature of the tcpdump tool?
Explanation: The tcpdump command line tool is a packet analyzer that captures detailed packet protocol and content data. It can display packet captures in real time or write them to…
In a Cisco AVC system, in which module is NBAR2 deployed?
Explanation: AVC uses Cisco Next-Generation Network-Based Application Recognition (NBAR2) to discover and classify the applications in use on the network.
What are two popular SIEM platforms? (Choose two.)
Explanation: Security Information and Event Management (SIEM) is a technology that provides real-time reporting and long-term analysis of security events. Two SIEM platforms used by organizations are Splunk and Security…
Which type of security data can be used to describe or predict network behavior?
Explanation: Statistical data is created through the analysis of other forms of network data. Conclusions from these analyses can be used to describe or predict network behavior.
Which Windows log records events related to login attempts and operations related to file or object access?
Explanation: On a Windows host, security logs record events related to security, such as login attempts and operations related to file or object management and access.
What are two of the 5-tuples? (Choose two.)
Explanation: The components of a 5-tuple include a source IP address and port number, destination IP address and port number, and the protocol in use.