A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert?
A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert? Explanation: A false negative is where no…
What information is contained in the options section of a Snort rule?
What information is contained in the options section of a Snort rule? Explanation: Snort rules consist of two sections, the rules header and the rule options. The rule options section…
What are two scenarios where probabilistic security analysis is best suited? (Choose two.)
What are two scenarios where probabilistic security analysis is best suited? (Choose two.) Explanation: Probabilistic analysis relies on statistical techniques that are designed to estimate the probability that an event…
Which classification indicates that an alert is verified as an actual security incident?
Which classification indicates that an alert is verified as an actual security incident? Explanation: Alerts can be classified as follows: True Positive: The alert has been verified to be an…
What are the three core functions provided by the Security Onion? (Choose three.)
What are the three core functions provided by the Security Onion? (Choose three.) Explanation: Security Onion is an open source suite of Network Security Monitoring (NSM) tools for evaluating cybersecurity…
A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?
A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do? Explanation: On Windows…
What is a key difference between the data captured by NetFlow and data captured by Wireshark?
What is a key difference between the data captured by NetFlow and data captured by Wireshark? Explanation: Wireshark captures the entire contents of a packet. NetFlow does not. Instead, NetFlow…
Which two services are provided by the NetFlow tool? (Choose two.)
Which two services are provided by the NetFlow tool? (Choose two.) Explanation: NetFlow efficiently provides an important set of services for IP applications including network traffic accounting, usage-based network billing,…
How does a web proxy device provide data loss prevention (DLP) for an enterprise?
How does a web proxy device provide data loss prevention (DLP) for an enterprise? Explanation: A web proxy device can inspect outgoing traffic as means of data loss prevention (DLP).…
Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?
Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation? Explanation: The Cisco Web Security Appliance (WSA) acts…