In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.

What would be her next action according to the SOC workflow?

Which of the following can help you eliminate the burden of investigating false positives?

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.

Identify the stage in which he is currently in.

Which of the following directory will contain logs related to printer access?

Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?

According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?

NOTE: It is mandatory to answer the question before proceeding to the next one.

Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using threat actor TTPs, malware campaigns, tools used by threat actors.

1.Strategic threat intelligence

2.Tactical threat intelligence

3.Operational threat intelligence

4.Technical threat intelligence

Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.

What does this event log indicate?

Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance policies?

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.

What among the following should Wesley avoid from considering?

Which of the following factors determine the choice of SIEM architecture?

Which of the following command is used to enable logging in iptables?

If the SIEM generates the following four alerts at the same time:

I.Firewall blocking traffic from getting into the network alerts

II.SQL injection attempt alerts

III.Data deletion attempt alerts

IV.Brute-force attempt alerts

Which alert should be given least priority as per effective alert triaging?

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.

What kind of threat intelligence described above?

Which of the following stage executed after identifying the required event sources?

Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.

Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

Which of the following is a Threat Intelligence Platform?

Which of the following formula represents the risk?

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

Which encoding replaces unusual ASCII characters with "%" followed by the character’s two-digit ASCII code expressed in hexadecimal?

Identify the attack in which the attacker exploits a target system through publicly known but still unpatched vulnerabilities.

Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider (MSSP).

What kind of SIEM is Robin planning to implement?

Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?

Which of the following is a default directory in a Mac OS X that stores security-related logs?