Question 71
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
Question 72
An analyst received an alert on their desktop computer showing that an attack was successful on the host.
After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
Question 73
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
Which type of evidence is this?
Question 74
Refer to the exhibit.
Which two elements in the table are parts of the 5-tuple? (Choose two.)
Which two elements in the table are parts of the 5-tuple? (Choose two.)
Question 75
What are the two characteristics of the full packet captures? (Choose two.)