- (Exam Topic 1)
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus on company systems?
Correct Answer:
D
- (Exam Topic 3)
An analyst is reviewing the output from some recent network enumeration activities. The following entry relates to a target on the network:
Based on the above output, which Of the following tools or techniques is MOST likely being used?
Correct Answer:
A
- (Exam Topic 2)
A security analyst inspects the header of an email that is presumed to be malicious and sees the following:
Which of the following is inconsistent with the rest of the header and should be treated as suspicious?
Correct Answer:
C
- (Exam Topic 1)
An analyst performs a routine scan of a host using Nmap and receives the following output:
Which of the following should the analyst investigate FIRST?
Correct Answer:
A
- (Exam Topic 3)
Which of the following is an advantage of SOAR over SIEM?
Correct Answer:
C
SOAR systems and services tend to add a layer of workflow management. That means that SOAR deployments may actually ingest SIEM alerts and other data and then apply workflows and automation to them. SIEM and SOAR tools can be difficult to distinguish from each other, with one current difference being the broader range of tools that SOAR services integrate with. The same vendors who provide SIEM capabilities also provide SOAR systems in many cases with Splunk, Rapid7, and IBM (QRadar) all included. There are differences, however, as ITSM tools like ServiceNow play in the space as well. As an analyst, you need to know that SOAR services and tools exist and can be leveraged to cover additional elements beyond what traditional SIEM systems have historically handled.
