Which system monitors local system operation and local network access for violations of a security policy?

1. A. host-based intrusion detection
2. B. systems-based sandboxing
3. C. host-based firewall
4. D. antivirus

Correct Answer: A
HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

Refer to the exhibit.

What is the potential threat identified in this Stealthwatch dashboard?

1. A. A policy violation is active for host 10.10.101.24.
2. B. A host on the network is sending a DDoS attack to another inside host.
3. C. There are three active data exfiltration alerts.
4. D. A policy violation is active for host 10.201.3.149.

Correct Answer: C
"EX" = exfiltration And there are three.
Also the "suspect long flow" and "suspect data heading" suggest, for example, DNS exfiltration
https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/smc_users_guide/SW_6 page 177.

Which category relates to improper use or disclosure of PII data?

1. A. legal
2. B. compliance
3. C. regulated
4. D. contractual

Correct Answer: C

What is a difference between SIEM and SOAR?

1. A. SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.
2. B. SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
3. C. SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.
4. D. SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.

Correct Answer: B

Refer to the exhibit.

Which type of log is displayed?

1. A. proxy
2. B. NetFlow
3. C. IDS
4. D. sys

Correct Answer: B