David, a cybersecurity researcher, found a new way to hack the company’s system without having the antivirus react to the breach. Which term relates to his discovery?

A. Zero-day

B. Stealth technique

C. Fileless attack

D. Virus

E. Bypass technique

?

What is the name of the method that exposes data leakage by giving different versions of a sensitive document to each of several suspects and seeing which version gets leaked?

A. Valhala

B. TrapX

C. Sandbox

D. Canary trap

?

A large company experienced leakage of employee information and the company discovered that the leak took place following a phishing email. What should be done to prevent a future data leak?

A. Use antivirus and email security.

B. Analyze and categorize the data.

C. Encrypt sensitive data.

D. All of the above.

?

Which of the following is not true about how an organization should protect itself from malicious emails?

A. Open malicious emails and investigate them.

B. Use email encryption.

C. Use strong passwords.

D. Use spam filters and malware scanners.

?

Which of the following systems should be installed to analyze an organization’s network traffic?

A. Snort

B. Splunk

C. pfSense

D. Demisto

?

What is the purpose of log parsing in a system such as Splunk?

A. To separate data into parts that are easier to handle.

B. For easy forwarding by the forwarders.

C. To generate alerts in the network.

D. To receive better logs from the Event Viewer.

?

As an analysts in a SOC department, you are responsible for checking IP addresses and verifying that they are not included in four different blacklists. To avoid the repetitive task, you decide to implement a playbook. Which SOAR capability should you use?

A. Security Incident Response

B. Security Operation Automation

C. Incident Case Management

D. Triage & Identification

?

An entropy inspection of a file indicates high entropy measuring, what can be assumed from that?

A. It is a regular text file.

B. The file may be encrypted or compressed.

C. It is a compressed executable file.

D. The content of the file is malicious.

?

Why should employee and visitor access to an organization be audited?

A. To help track events in case of an incident or breach, and to locate the cause.

B. To intimidate employees.

C. To identify and prevent suspicious activities at the entrance.

D. To stop hackers.

?

What does the PPT triad represent in the context of organizational security?

A. The required balance for operational security.

B. How to secure the weakest link in an organization.

C. How to isolate sensitive data in an organization.

D. All of the above.

?