An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?
Correct Answer:
B
A precursor is a sign that a cyber-attack is about to occur on a system or network. An indicator is the actual alerts that are generated as an attack is happening. Therefore, as a security professional, it's important to know where you can find both precursor and indicator sources of information.
The following are common sources of precursor and indicator information: 
Security Information and Event Management (SIEM) Anti-virus and anti-spam software File integrity checking applications/software Logs from various sources (operating systems, devices, and applications) People who report a security incident https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Refer to the exhibit.
An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?
Correct Answer:
C
Which data type is necessary to get information about source/destination ports?
Correct Answer:
B
Session data provides information about the five tuples; source IP address/port number, destination IP address/port number and the protocol
What is Connectivity Data? According to IBM - Connectivity data defines how entities are connected in the network. It includes connections between different devices, and VLAN-related connections within the same
device https://www.ibm.com/docs/en/networkmanager/4.2.0?topic=relationships-connectivity-data
What is obtained using NetFlow?
Correct Answer:
A
Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?
Correct Answer:
B