What is the virtual address space for a Windows process?

A.

physical location of an object in memory

B.

Bset of pages that reside in the physical memory

C.

system-level memory protection feature built into the operating system

D.

set of virtual memory addresses that can be used

What is the function of a command and control server?

A.

It enumerates open ports on a network device

B.

It drops secondary payload into malware

C.

It is used to regain control of the network after a compromise

D.

It sends instruction to a compromised system

What is the practice of giving an employee access to only the resources needed to accomplish their job?

A.

principle of least privilege

B.

organizational separation

C.

separation of duties

D.

need to know principle

An analyst received an alert on their desktop computer showing that an attack was successful on the host.
After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the
reason for this discrepancy?

A.

The computer has a HIPS installed on it.

B.

The computer has a NIPS installed on it.

C.

The computer has a HIDS installed on it.

D.

The computer has a NIDS installed on it.

Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

A.

integrity

B.

confidentiality

C.

availability

D.

scope

How is attacking a vulnerability categorized?

A.

action on objectives

B.

delivery

C.

exploitation

D.

insta

A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and
writes to a new PHP file on the webserver. Which event category is described?

A.

reconnaissance

B.

action on objectives

C.

installation

D.

exploitation

Which type of attack occurs when an attacker is successful in eavesdropping on a
conversation between two
IP phones?

A.

known-plaintext

B.

replay

C.

dictionary

D.

man-in-the-middle

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

A.

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds
when the data for the payload is complete

B.

BT

C.

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

D.

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

A.

least privilege

B.

need to know

C.

integrity validation

D.

due diligence