A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
Correct Answer:
C
Refer to the exhibit.
Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.
Solution:
Does this meet the goal?
Correct Answer:
A
What is the difference between statistical detection and rule-based detection models?
Correct Answer:
B
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
Correct Answer:
C
https://techdifferences.com/difference-between-steganography-and-cryptography.html#:~:text=The steganog
Which two elements are used for profiling a network? (Choose two.)
Correct Answer:
AB
A network profile should include some important elements, such as the following:
Total throughput – the amount of data passing from a given source to a given destination in a given period of time
Session duration – the time between the establishment of a data flow and its termination Ports used – a list of TCP or UDP processes that are available to accept data
Critical asset address space – the IP addresses or the logical location of essential systems or data
Profiling data are data that system has gathered, these data helps for incident response and to detect incident Network profiling = throughput, sessions duration, port used, Critical Asset Address Space Host profiling = Listening ports, logged in accounts, running processes, running tasks,applications
