What mechanism does the Linux operating system provide to control access to files?
A. privileges required
B. user interaction
C. file permissions
D. access complexity
Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?
A. confidentiality
B. integrity
C. availability
D. complexity
Which description of a retrospective malware detection is true?
A. You use Wireshark to identify the malware source.
B. You use historical information from one or more sources to identify the affected host or file.
C. You use information from a network analyzer to identify the malware source.
D. You use Wireshark to identify the affected host or file.
What is accomplished in the identification phase of incident handling?
A. determining the responsible user
B. identifying source and destination IP addresses
C. defining the limits of your authority related to a security event
D. determining that a security event has occurred
Which of the following is one of the main goals of the CSIRT?
A. To configure the organization's firewalls
B. To monitor the organization's IPS devices
C. To minimize and control the damage associated with incidents, provide guidance for mitigation, and work to prevent future incidents
D. To hire security professionals who will be part of the InfoSec team of the organization.
Employees are allowed access to internal websites. An employee connects to an internal website and IDS reports it as malicious behavior. What is this example of?
A. true positive
B. false negative
C. false positive
D. true negative
Which example of a precursor is true?
A. A notification that a host is infected with malware.
B. An admin finds their password has been changed.
C. A log indicating a port scan was run against a host
D. A device configuration changed from the baseline without an audit log entry.
What is the definition of availability accord to CVSSv3 framework?
A. This metric measures the impact to the confidentiality of the information resources that are managed by a software component due to a successfully exploited vulnerability.
B. This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.
C. This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
Which filter shows only SMTP and ICMP traffic on Wireshark?
A. tcp.eq 25 or icmp
B. tcp.port eq 25 or icmp
C. port eq 25 and icmp
D. tcp.port eq 25 also icmp
According to NIST-SP800-61R2, why is it important to keep clocks synchronized?
A. event correlation
B. to link with other countries easily
C. to not lose track of time
D. to measure the effectiveness of an attack