An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

A. The computer has a HIPS installed on it.

B. The computer has a NIPS installed on it.

C. The computer has a HIDS installed on it.

D. The computer has a NIDS installed on it.

Which piece of information is needed for attribution in an investigation?

A. proxy logs showing the source RFC 1918 IP addresses

B. RDP allowed from the Internet

C. known threat actor behavior

D. 802.1x RADIUS authentication pass arid fail logs

What are two denial-of-service (DoS) attacks? (Choose two)

A. port scan

B. SYN flood

C. man-in-the-middle

D. phishing

E. teardrop

Refer to the exhibit.

What is occurring?

A. ARP flood

B. DNS amplification

C. ARP poisoning

D. DNS tunneling

Which step in the incident response process researches an attacking host through logs in a SIEM?

A. detection and analysis

B. preparation

C. eradication

D. containment

An investigator is examining a copy of an ISO file that is stored in CDFS format. What type of evidence is this file?

A. data from a CD copied using Mac-based system

B. data from a CD copied using Linux system

C. data from a DVD copied using Windows system

D. data from a CD copied using Windows

Which CVSS metric group identifies other components that are affected by a successful security attack?

A. scope

B. privileges required

C. integrity

D. attack vendor

Refer to the exhibit.

A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source. After the attacker produces many of failed login entries it successfully compromises the account. Which stakeholder is responsible for the incident response detection step?

A. employee 2

B. employee 3

C. employee 4

D. employee 5

Which risk approach eliminates activities posing a risk exposure?

A. risk acknowledgment

B. risk reduction

C. risk retention

D. risk avoidance

DRAG DROP

Refer to the exhibit.

Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

Select and Place: