Cyber security Operations exam Fundamentals Questions with Correct Answers

Which three technologies should be included in a security information and event management system in a soc Correct Answer Security monitoring. Intrusion prevention. Vulnerability tracking. How is a source IP address used in a standard ACL? Correct Answer It is used to determine the default gateway of the router that has the ACL applied. Two statements that describe access attacks Correct Answer Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Why is Diffie-Hellman algorithm typically avoided for encrypting data? Correct Answer The large numbers used by DH make it to slow for bulk data transfers. Which metric class in the CVSS Basic Metric Group identifies the impacts on Confidentiality, Integrity and Availability? Correct Answer Impact. How might DNS be used by a threat actor to create mayhem? Correct Answer Collect personal information and encodes the data in outgoing DNS queries. Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What does the number 6337 indicate? Correct Answer The process id of the tcpdump command What is the responsibility of the human resources department when handling a security incident? Correct Answer Apply disciplinary measures if an incident is caused by an employee. Malicious traffic is correctly identified as a threat. (malware) Correct Answer true positive Normal traffic is incorrectly identified as a threat. (email) Correct Answer false positive Uses a hierarchy of authoritative time sources to send term information between devices on the network. Correct Answer NTP