600-199 Exam Questions
60 real 600-199 exam questions with expert-verified answers and explanations. Page 2 of 2.
- Question #51
What does the acronym "CSIRT" stand for?
- Question #52
Which publication from the ISO covers security incident response?
- Question #53
As a part of incident response, which action should be performed?
- Question #54
Which action is recommended to prevent an incident from spreading?
- Question #55
What is the most important reason for documenting an incident?
- Question #56
Which three tools should be used for incident response? (Choose three.)
- Question #57
In what sequence do the proper eradicate/recovery steps take place? 1) Re-image 2) Restore 3) Patch 4) Backup
- Question #58
Which four tools are used during an incident to collect data? (Choose four.)
- Question #59
Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?
- Question #60
Which two options are advantages of an application layer firewall? (Choose two.)