While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic for multiple devices by modifying the IP header.
Which technology makes this behavior possible?

1. A. encapsulation
2. B. TOR
3. C. tunneling
4. D. NAT

Correct Answer: D
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

Which tool provides a full packet capture from network traffic?

1. A. Nagios
2. B. CAINE
3. C. Hydra
4. D. Wireshark

Correct Answer: D

Refer to the exhibit.

An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?

1. A. The file will appear legitimate by evading signature-based detection.
2. B. The file will not execute its behavior in a sandbox environment to avoid detection.
3. C. The file will insert itself into an application and execute when the application is run.
4. D. The file will monitor user activity and send the information to an outside source.

Correct Answer: B

An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

1. A. Recover from the threat.
2. B. Analyze the threat.
3. C. Identify lessons learned from the threat.
4. D. Reduce the probability of similar threats.

Correct Answer: A
Per: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

1. A. least privilege
2. B. need to know
3. C. integrity validation
4. D. due diligence

Correct Answer: A