Question No : 1
What is the impact of false positive alerts on business compared to true positive?

• A.True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.
• B.True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless.
• C.False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.
• D.False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.

Show Answers

Answer:

Question No : 2
Which event is a vishing attack?

• A.obtaining disposed documents from an organization
• B.using a vulnerability scanner on a corporate network
• C.setting up a rogue access point near a public hotspot
• D.impersonating a tech support agent during a phone call

Show Answers

Answer:
Explanation:
Reference: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html#~types-of-phishing-attacks

Question No : 3
Refer to the exhibit.



A security analyst is investigating unusual activity from an unknown IP address Which type of evidence is this file1?

• A.indirect evidence
• B.best evidence
• C.corroborative evidence
• D.direct evidence

Show Answers

Answer:

Question No : 4
Why is HTTPS traffic difficult to screen?

• A.HTTPS is used internally and screening traffic (or external parties is hard due to isolation.
• B.The communication is encrypted and the data in transit is secured.
• C.Digital certificates secure the session, and the data is sent at random intervals.
• D.Traffic is tunneled to a specific destination and is inaccessible to others except for the receiver.

Show Answers

Answer:

Question No : 5
Refer to the exhibit.



What is the potential threat identified in this Stealthwatch dashboard?

• A.A policy violation is active for host 10.10.101.24.
• B.A host on the network is sending a DDoS attack to another inside host.
• C.There are three active data exfiltration alerts.
• D.A policy violation is active for host 10.201.3.149.

Show Answers

Answer:
Explanation:
"EX" = exfiltration
And there are three.
Also the "suspect long flow" and "suspect data heading" suggest, for example, DNS exfiltration
https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/sm
c_users_guide/SW_6_9_0_SMC_Users_Guide_DV_1_2.pdf page 177.

Question No : 6
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?

• A.best evidence
• B.prima facie evidence
• C.indirect evidence
• D.physical evidence

Show Answers

Answer:
Explanation:
There are three general types of evidence:
--> Best evidence: can be presented in court in the original form (for example, an exact copy of a hard disk drive).
--> Corroborating evidence: tends to support a theory or an assumption deduced by some initial evidence. This corroborating evidence confirms the proposition.
--> Indirect or circumstantial evidence: extrapolation to a conclusion of fact (such as fingerprints, DNA evidence, and so on).

Question No : 7
Which vulnerability type is used to read, write, or erase information from a database?

• A.cross-site scripting
• B.cross-site request forgery
• C.buffer overflow
• D.SQL injection

Show Answers

Answer:

Question No : 8
What ate two categories of DDoS attacks? (Choose two.)

• A.split brain
• B.scanning
• C.phishing
• D.reflected
• E.direct

Show Answers

Answer:

Question No : 9
Refer to the exhibit.



Which two elements in the table are parts of the 5-tuple? (Choose two.)

• A.First Packet
• B.Initiator User
• C.Ingress Security Zone
• D.Source Port
• E.Initiator IP

Show Answers

Answer:

Question No : 10
What is the difference between an attack vector and attack surface?

• A.An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
• B.An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.
• C.An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
• D.An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Show Answers

Answer: