What kind of SIEM deployment architecture the organization is planning to implement?
An organization is implementing and deploying the SIEM with following capabilities. What kind of SIEM deployment architecture the organization is planning to implement? A. Cloud, MSSP Managed B. Self-hosted, Jointly Managed C. Self-hosted, Self-Managed D. Self-hosted, MSSP Managed
What does this indicate?
Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads. What does this indicate? A. Concurrent VPN Connections Attempt B. DNS Exfiltration Attempt C. Covering Tracks Attempt D. DHCP Starvation Attempt Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8gZaKq_PuAhWGi1wKHfQTC0oQFjAAegQIARAD&url=https%3A%2F%2Fconf.splunk.com%2Fsession%2F2014%2Fconf2014_FredWilmotSanfordOwings_Splunk_Security.pdf&usg=AOvVaw3ZLfzGqM-VUG7xKtze67ac
Which of the following formula is used to calculate the EPS of the organization?
Which of the following formula is used to calculate the EPS of the organization? A. EPS = average number of correlated events / time in seconds B. EPS = number of normalized events / time in seconds C. EPS = number of security events / time in seconds D. EPS = number of correlated events […]
Which of the following technique involves scanning the headers of IP packets leaving a network to make sure th
Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network? A. Egress Filtering B. Throttling C. Rate Limiting D. Ingress Filtering Reference: https://grokdesigns.com/wp-content/uploads/2018/04/CEH-v9-Notes.pdf (99)
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions? A. $ tailf /var/log/sys/kern.log B. $ tailf /var/log/kern.log C. # tailf /var/log/messages D. # tailf /var/log/sys/messages Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major? A. High B. Extreme C. Low D. Medium Reference: https://www.moheri.gov.om/userupload/Policy/IT%20Risk%20Management%20Framework.pdf (17)
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation us
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM? A. /etc/ossim/reputation B. /etc/ossim/siem/server/reputation/data C. /etc/siem/ossim/server/reputation.data D. /etc/ossim/server/reputation.data
What does level 0 indicate?
The Syslog message severity levels are labelled from level 0 to level 7. What does level 0 indicate? A. Alert B. Notification C. Emergency D. Debugging
Which of the following formula represents the risk?
Which of the following formula represents the risk? A. Risk = Likelihood × Severity × Asset Value B. Risk = Likelihood × Consequence × Severity C. Risk = Likelihood × Impact × Severity D. Risk = Likelihood × Impact × Asset Value
Which encoding replaces unusual ASCII characters with “%” followed by the character’s two-digit
Which encoding replaces unusual ASCII characters with “%” followed by the character’s two-digit ASCII code expressed in hexadecimal? A. Unicode Encoding B. UTF Encoding C. Base64 Encoding D. URL Encoding Reference: https://ktflash.gitbooks.io/ceh_v9/content/125_countermeasures.html