SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.
B.
SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
C.
SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.
D.
SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.
Answer:
B
Explanation:
Explanation:
SIEM (Security Information and Event Management) systems are solutions that provide real-time analysis of security alerts generated by applications and network hardware. They collect, store, analyze, and report on log data for incident response, forensics, and regulatory compliance. On the other hand, SOAR (Security Orchestration Automation and Response) platforms allow organizations to collect data about security threats from multiple sources and respond to low-level security events without human assistance. References: Cisco Cybersecurity Operations Fundamentals
Phishing is considered a low-bandwidth attack because it does not require the use of significant network resources. Instead, it relies on social engineering to deceive individuals into providing sensitive information or clicking on malicious links, often through email or other communication methods1.
Question 74
Which tool provides a full packet capture from network traffic?
Options:
A.
Nagios
B.
CAINE
C.
Hydra
D.
Wireshark
Answer:
D
Explanation:
Explanation:
Wireshark is a widely-used network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It provides full packet capture capabilities, enabling detailed analysis of network traffic. References: This is supported by the CBROPS course materials, which discuss security monitoring and the analysis of network traffic, including full packet capture tools like Wireshark
Question 75
Refer to the exhibit.
What is occurring within the exhibit?
Options:
A.
regular GET requests
B.
XML External Entities attack
C.
insecure deserialization
D.
cross-site scripting attack
Answer:
A
Explanation:
Explanation:
Based on the image details, the exhibit shows a series of HTTP requests with the method GET, which are used to retrieve data from a web server. There is no evidence of any malicious payload or parameter in these requests, so they are likely regular GET requests. The other options are types of web application attacks that exploit different vulnerabilities, such as XML External Entities, insecure deserialization, and cross-site scripting. References := Cisco Cybersecurity