Question 1 During a security incident investigation. an analyst consults the company's SIEM and sees an event concerning

[answerhappygod]

Question 1
During a security incident investigation. an analyst consultsthe company's SIEM and sees an event concerning high traffic to aknown, malicious command-and-control server. The analyst would liketo determine the number of company workstations that may beimpacted by this issue. Which of the following can provide thisinformation?A. WAF logsB. DNS logsC. System logsD.Application logs
Question 2
A network security engineer is implementing a NAC solution. Thesolution should support machine-based authentication using EAP-TLS.Which of the following would the network security engineerimplement? A. SSOB. SMALC. 802.1XD.TACACS+
Question 3
An attacker has determined the best way to impact operations isto infiltrate third-party software vendors. Which of the followingvectors is being exploited? A. Social mediaB. CloudC. Supply chainD.Social engineering
Question 4
A security analyst is reviewing web-application logs and findsthe following log:
https://www.comptia.org/contact-us/%3Ff ... gs2Fpasswd
Which of the following attacks is being observed?
A. Drectory traversalB. XSSC. CSRFD.On-path attack
Question 5
Which of the following is a targeted attack aimed atcompromising users within a specific industry or group?
A. Watering holeB. TyposquattingC. HoaxD.Impersonation
Question 6
A security analyst is receiving several alerts per user and istrying to determine if various logins are malicious. The securityanalyst would like to create a baseline of normal operations andreduce noise.Which of the following actions should the security analystperform?
A. Adjust the data flow from authentication sources to theSIEMB. Disable email alerting and review the SIEM directly.C. Adjust the sensitivity levels of the SIEM correlationengine. D.Utilize behavioral analysis to enable the SIEM's learningmode.