Professional Documents
Culture Documents
05/27/2018 – by Mod_GuideK 0
Which statement about the difference between a denial.of.service attack and a distributed
denial.of service attack is true?
A. dos attacks only use flooding to compromise a network, and DDOS attacks m=only use
other methods?
B. Dos attacks are launched from one host, and DDOS attacks are lunched from multiple
hosts.
C. Dos attacks are lunched from one host, and DDOS attacks are lunched from multiple
hosts
D. DDos attacks are lunched from one host, and DOS attacks are lunched from multiple
hosts
E. Dos attacks and DDOS attacks have no differences
HIDE ANSWERS
Correct Answer: B
05/27/2018 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: A -------- C (from Microsoft website)
Which international standard is for general risk management, including the principles and
guidelines for managing risk?
05/27/2018 – by Mod_GuideK 2
Which international standard is for general risk management, including the principles and
guidelines for managing risk?
A. ISO 27001
B. ISO 27005
C. ISP 31000
D. ISO 27002
HIDE ANSWERS
Correct Answer: C (ISO 31000)
Which process continues to be recorded in the process table after it has ended and the
status is returned to the parent?
05/27/2018 – by Mod_GuideK 3
Which process continues to be recorded in the process table after it has ended and the status is
returned to the parent?
A. daemon
B. zombie
C. orphan
D. child
HIDE ANSWERS
Correct Answer: C (B by some people as zombie process suits ???)
Which kind of attack does an attacker use known information in encrypted files to break
the encryption scheme for the rest of A. known.plaintext
05/27/2018 – by Mod_GuideK 0
For which kind of attack does an attacker use known information in encrypted files to break the
encryption scheme for the rest of A. known.plaintext
B. known.ciphertext
C. unknown key
D. man in the middle
HIDE ANSWERS
Correct Answer: A
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
Which purpose of command and control for network aware malware is true?
05/27/2018 – by Mod_GuideK 0
Which purpose of command and control for network aware malware is true?
A. It helps the malware to profile the host
B. It takes over the user account
C. It contacts a remote server for command and updates
D. It controls and down services on the infected host
HIDE ANSWERS
Correct Answer: C
Which action is an attacker taking when they attempt to gain root access on the victims
system?
05/27/2018 – by Mod_GuideK 0
Which action is an attacker taking when they attempt to gain root access on the victims system?
A. privilege escalation
B. command injections
C. root kit
D. command and control
HIDE ANSWERS
Correct Answer: A
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: D
What type of algorithm uses the same key to encrypt and decrypt data?
05/27/2018 – by Mod_GuideK 0
What type of algorithm uses the same key to encrypt and decrypt data?
A. a symmetric algorithm
B. an asymetric algorithm
C. a Public Key infrastructure algorithm
D. an IP Security algorithm
HIDE ANSWERS
Correct Answer: A
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: BDE
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: D
05/27/2018 – by Mod_GuideK 0
Which three statements about host-based IPS are true? (Choose three)
A. It can view encrypted files
B. It can be deployed at the perimeter
C. It uses signature-based policies
D. It can have more restrictive policies than network-based IPS
E. It works with deployed firewalls
F. It can generate alerts based on behavior at the desktop level.
HIDE ANSWERS
Correct Answer: ADF
05/27/2018 – by Mod_GuideK 0
An attacker installs a rogue switch that sends superior BPDUs on your network.
What is a possible result of this activity?
A. The switch could offer fake DHCP addresses.
B. The switch could become the root bridge.
C. The switch could be allowed to join the VTP domain
D. The switch could become a transparent bridge.
HIDE ANSWERS
Correct Answer: B
05/27/2018 – by Mod_GuideK 0
You get an alert on your desktop computer showing that an attack was successful on the host but
up on investigation you see that occurred duration the attack.
Which reason is true?
A. The computer has HIDS installed on it
B. The computer has NIDS installed on it
C. The computer has HIPS installed on it
D. The computer has NIPS installed on it
HIDE ANSWERS
Correct Answer: A
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
Which of the following is true about heuristic-based algorithms?
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
How many broadcast domains are created if three hosts are connected to a Layer 2 switch
in full-duplex mode?
05/27/2018 – by Mod_GuideK 0
How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full-
duplex mode?
A. 4
B. 3
C. None
D. 1
HIDE ANSWERS
Correct Answer: D
What is one of the advantages of the mandatory access control (MAC) model?
05/27/2018 – by Mod_GuideK 0
What is one of the advantages of the mandatory access control (MAC) model?
A. Stricter control over the information access.
B. Easy and scalable.
C. The owner can decide whom to grant access to.
D. Complex to administer.
HIDE ANSWERS
Correct Answer: A
05/27/2018 – by Mod_GuideK 0
According to the attribute-based access control (ABAC) model, what is the subject location
considered?
A. Part of the environmental attributes
B. Part of the object attributes
C. Part of the access control attributes
D. None of the above
HIDE ANSWERS
Correct Answer: A
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: C
Which of the following are metrics that can measure the effectiveness of a runbook?
05/27/2018 – by Mod_GuideK 0
Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above
HIDE ANSWERS
Correct Answer: D
Which of the following are metrics that can measure the effectiveness of a runbook?
05/27/2018 – by Mod_GuideK 0
Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above
HIDE ANSWERS
Correct Answer: D
05/27/2018 – by Mod_GuideK 0
Stateful and traditional firewalls can analyze packets and judge them against a set of
predetermined rules called access control lists (ACLs).
They inspect which of the following elements within a packet? (Choose Two)
A. Session headers
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information
HIDE ANSWERS
Correct Answer: CD
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: BC
05/27/2018 – by Mod_GuideK 0
05/27/2018 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: B
Which devices?
05/27/2018 – by Mod_GuideK 0
Cisco pxGrid has a unified framework with an open API designed In a hub-and-spoke
architecture. pxGrid is used to enable the sharing of contextual-based Information from which
devices?
A. From a Cisco ASA to the Cisco OpenDNS service
B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS
devices and the Cisco ASA
HIDE ANSWERS
Correct Answer: D
05/27/2018 – by Mod_GuideK 0
What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
(Select all that apply.)
A. Each station can transmit and receive at the same time.
B. It avoids collisions.
C. It makes use of backoff time.
D. It uses a collision avoidance algorithm to transmit.
HIDE ANSWERS
Correct Answer: AB
What is PHI?
05/27/2018 – by Mod_GuideK 0
What is PHI?
A. Protected HIPAA information
B. Protected health information
C. Personal health information
D. Personal human information
HIDE ANSWERS
Correct Answer: B
08/09/2017 – by Mod_GuideK 23
HIDE ANSWERS
Correct Answer:
what does the v509v3 indicatess to? ( i remember the choices choose 3)
a.publice key of the certificate
b.private key of the certificate
c.subject of the certificate
a.) asynchronous
b.)discressionary
c) least priviledge
d.) RBAC
The FMC can share HTML, PDF and CSV data type that relate to a specific event type data.
Which specific event type data?
A. Connection
B. Host
C. Netflow
D. Intrusion
Answer: D
Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above
Answer: D
What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
(Select all that apply.)
A. Each station can transmit and receive at the same time.
B. It avoids collisions.
C. It makes use of backoff time.
D. It uses a collision avoidance algorithm to transmit.
Answer: AB
Stateful and traditional firewalls can analyze packets and judge them against a set of
predetermined rules called access control lists (ACLs).
They inspect which of the following elements within a packet? (Choose Two)
A. Session headers
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information
Answer: CD
Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke
architecture. pxGrid is used to enable the sharing of contextual-based information from which
devices?
A. From a Cisco ASA to the Cisco OpenDNS service
B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS
devices
and the Cisco ASA
Which international standard is for general risk management, including the principles and
guideline for managing risk?
A. ISO 31000
B. ISO 27001
C. ISO 27005
D. ISO 27002
Answer: A
Which statement about the difference between a denial-of-service attack and a distributed denial
of service attack is true?
A. Dos attack are launched from one host, and DDoS attack are launched from multiple host.
B. DoS attack and DDoS attack have no differences.
C. DDoS attacks are launched from one host, and DoS attacks are launched from multiple host.
D. Dos attack only use flooding to compromise a network, and DDoS attacks only use other
methods.
Answer: A
You discover that a foreign government hacked one of the defense contractors in your country
and stole intellectual property. In this situation, which option is considered the threat agent?
A. method in which the hack occurred
B. defense contractor that stored the intellectual property
C. intellectual property that was stolen
D. foreign government that conducted the attack
Answer: A
After a large influx of network traffic to externally facing devices, you begin investigating what
appear to be a denial of service attack. When you review packets capture data, you notice that the
traffic is a single SYN packet to each port. Which kind of attack is this?
A. SYN flood.
B. Host profiling.
C. Traffic fragmentation.
D. Port scanning.
Answer: D
Which definition of common event format is terms of a security information and event
management solution is true?
A. A type of event log used to identify a successful user login.
B. A TCP network media protocol.
C. Event log analysis certificate that stands for certified event forensics.
D. A standard log event format that is used for log collection.
Answer: D
Which term describes reasonable effort that must be made to obtain relevant information to
facilitate appropriate courses of action?
A. Due diligence.
B. Ethical behavior.
C. Decision making.
D. Data mining.
Answer: A
According to the common vulnerability scoring system, which term is associated with scoring
multiple vulnerabilities that are exploit in the course of a single attack?
A. chained score
B. risk analysis
C. vulnerability chaining
D. confidentiality
Answer: C
Which purpose of Command and Control for network aware malware is true?
A. It contacts a remote server for commands and updates.
B. It controls and shuts down services on the infected host.
C. It helps the malware to profile the host
D. It takes over the user account.
Answer: A
Which of the following access control models use security labels to make access decisions?
A. Discretionary access control (DAC)
B. Mandatory access control (MAC)
C. Role-based access control (RBAC)
D. Identity-based access control (IBAC)
Answer: B
Q).what type of attack is shell shock? i think the answer is command injection since the word
shell is in the name.
– A question about SYN flood. Gives the scenario that using a Full Packet Capture tool, you
notice multiple SYN messages, this is an example of what?
Possible answer: SYN flood
– There was a question about ciphers. The scenario was attacker known some information in the
cipher text of several messages and also knows something about the plaintext that underlies the
cipher-text. (This scenario describes both a Known-plaintext Attack and a Meet-in-the-middle
Attack). Question ask which type ot attack of it.
A possible answer was man-in-the-middle, which is obviously wrong. Leaving Known-plaintext
Attack as the best option.
– Question about SIEM provide HTML, PDF and CSV format and asked what is it?
(I don’t know what this question means)
– Question said that a foreign government attacks your defense weapons contractor and stole
intellectual property, that foreign government is defined as what?
1) Defense Weapons Contractor who stole intellectual property
2) Foreign government who conduct attack
3) Intellectual property got stolen
4) method used by foreign government to hack
(Don’t sure the correct answer, maybe 2)? Don’t understand very well)
– Question making a statement like Microsoft PPTP used RC4 is stream cipher, what attacks is it
vulnerable to when the same key is used twice.
Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to
deduce the plaintext or key from just that information, using statistical analysis
– A question about CVSS was how is scoring handled when multiple vulnerabilities are found in
the same attack.
Vulnerability Chaining (While not a formal metric, guidance on scoring multiple vulnerabilities
is provided with Vulnerability Chaining. https://www.first.org/cvss/cvss-v30-
user_guide_v1.1.pdf)
– There was an ISO implementing guidance for general risk management question.
Answer given
ISO 27001 to 27005. This person selected 270002, which he thought is correct after memorizing
the titles for IS0 27001 – 27005
– There was question about what is the command to see every process on the Linux system.
Maybe this answer is ps -ef
– one that asked something like, what event types does FMC record? FMC = Firepower
Management Center
– something similar to, what cryptography is used on Digital Certificates? The answers included:
SHA-256
SHA-512
RSA 4096
I think answers are SHA-256 and SHA-384 if it appears on the answers list.
08/09/2017 – by Mod_GuideK 4
Which two features must a next generation firewall include? (Choose two.)
A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system
HIDE ANSWERS
Correct Answer: CE
Which term represents a weakness in a system that could lead to the system being
compromised?
08/09/2017 – by Mod_GuideK 0
Which term represents a weakness in a system that could lead to the system being compromised?
A. vulnerability
B. threat
C. exploit
D. risk
HIDE ANSWERS
Correct Answer: A
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 5
08/09/2017 – by Mod_GuideK 0
Which three options are types of Layer 2 network attack? (Choose three.)
A. ARP attacks
B. brute force attacks
C. spoofing attacks
D. DDOS attacks
E. VLAN hopping
F. botnet attacks
HIDE ANSWERS
Correct Answer: ACE
08/09/2017 – by Mod_GuideK 0
If a router has four interfaces and each interface is connected to four switches, how many
broadcast domains are present on the router?
A. 1
B. 2
C. 4
D. 8
HIDE ANSWERS
Correct Answer: C
Where does routing occur within the DoD TCP/IP reference model?
08/09/2017 – by Mod_GuideK 0
Where does routing occur within the DoD TCP/IP reference model?
A. application
B. internet
C. network
D. transport
HIDE ANSWERS
Correct Answer: B
Which NTP command configures the local device as an NTP reference clock source?
08/09/2017 – by Mod_GuideK 0
Which NTP command configures the local device as an NTP reference clock source?
A. ntp peer
B. ntp broadcast
C. ntp master
D. ntp server
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
08/09/2017 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: B
08/09/2017 – by Mod_GuideK 0
For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
HIDE ANSWERS
Correct Answer: A
Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?
08/09/2017 – by Mod_GuideK 0
Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: A
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets
can be sent across networks?
08/09/2017 – by Mod_GuideK 0
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can
be sent across networks?
A. Internet Control Message Protocol
B. Address Resolution Protocol
C. Session Initiation Protocol
D. Transmission Control Protocol/Internet Protocol
HIDE ANSWERS
Correct Answer: B
Which definition of the virtual address space for a Windows process is true?
08/09/2017 – by Mod_GuideK 1
Which definition of the virtual address space for a Windows process is true?
A. actual physical location of an object in memory
B. set of virtual memory addresses that it can use
C. set of pages that are currently resident in physical memory
D. system-level memory protection feature that is built into the operating system
HIDE ANSWERS
Correct Answer: B
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 11
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 1
If a web server accepts input from the user and passes it to a bash shell, to which attack method
is it vulnerable?
A. input validation
B. hash collision
C. command injection
D. integer overflow
HIDE ANSWERS
Correct Answer: C
Which definition describes the main purpose of a Security Information and Event
Management solution ?
08/09/2017 – by Mod_GuideK 0
Which definition describes the main purpose of a Security Information and Event Management
solution ?
A. a database that collects and categorizes indicators of compromise to evaluate and search
for potential security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall
filtering
C. a relay server or device that collects then forwards event logs to another log collection
device
D. a security product that collects, normalizes, and correlates event log data to provide
holistic views of the security posture
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 4
According to RFC 1035 which transport protocol is recommended for use with DNS queries?
A. Transmission Control Protocol
B. Reliable Data Protocol
C. Hypertext Transfer Protocol
D. User Datagram Protocol
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 0
One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?
A. Confidentiality, Integrity, and Availability
B. Confidentiality, Identity, and Availability
C. Confidentiality, Integrity, and Authorization
D. Confidentiality, Identity, and Authorization
HIDE ANSWERS
Correct Answer: A
Which term represents the practice of giving employees only those permissions necessary to
perform their specific role within an organization?
08/09/2017 – by Mod_GuideK 1
Which term represents the practice of giving employees only those permissions necessary to
perform their specific role within an organization?
A. integrity validation
B. due diligence
C. need to know
D. least privilege
HIDE ANSWERS
Correct Answer: D
Which term represents the chronological record of how evidence was collected- analyzed,
preserved, and transferred?
08/09/2017 – by Mod_GuideK 0
Which term represents the chronological record of how evidence was collected- analyzed,
preserved, and transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
HIDE ANSWERS
Correct Answer: C
Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?
08/09/2017 – by Mod_GuideK 9
Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?
(Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple
B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP
addresses
E. Identify the malware variant carried by ^n SMTP connection
HIDE ANSWERS
Correct Answer: AD (BE ???)
Which security monitoring data type is associated with application server logs?
08/09/2017 – by Mod_GuideK 0
Which security monitoring data type is associated with application server logs?
A. alert data
B. statistical data
C. session data
D. transaction data
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 3
A user reports difficulties accessing certain external web pages, When examining traffic to and
from the external domain in full packet captures, you notice many SYNs that have the same
sequence number, source, and destination IP address, but have different payloads. Which
problem is a possible explanation of this situation?
A. insufficient network resources
B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection
HIDE ANSWERS
Correct Answer: D
Which tool is commonly used by threat actors on a webpage to take advantage of the
softwarevulnerabilitiesof a system to spread malware?
08/09/2017 – by Mod_GuideK 0
Which tool is commonly used by threat actors on a webpage to take advantage of the
softwarevulnerabilitiesof a system to spread malware?
A. exploit kit
B. root kit
C. vulnerability kit
D. script kiddie kit
HIDE ANSWERS
Correct Answer: A
08/09/2017 – by Mod_GuideK 0
Refer to the exhibit. During an analysis this list of email attachments is found. Which files
contain the same content?
A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
Which statement does the discretionary access control security model grant or restrict
access ?
08/09/2017 – by Mod_GuideK 5
Based on which statement does the discretionary access control security model grant or restrict
access ?
A. discretion of the system administrator
B. security policy defined by the owner of an object
C. security policy defined by the system administrator
D. role of a user within an organization
HIDE ANSWERS
Correct Answer: B
Which cryptographic key is contained in an X.509 certificate?
08/09/2017 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: B
08/09/2017 – by Mod_GuideK 9
HIDE ANSWERS
Correct Answer: AD
08/09/2017 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: D (C???)
Which two actions are valid uses of public key infrastructure?
08/09/2017 – by Mod_GuideK 8
Which two actions are valid uses of public key infrastructure? (Choose two )
A. ensuring the privacy of a certificate
B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate
HIDE ANSWERS
Correct Answer: AC (BC ??)
08/09/2017 – by Mod_GuideK 0
Which two terms are types of cross site scripting attacks? (Choose two )
A. directed
B. encoded
C. stored
D. reflected
E. cascaded
HIDE ANSWERS
Correct Answer: CD
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an
NTP server to overwhelm their target?
08/09/2017 – by Mod_GuideK 1
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP
server to overwhelm their target?
A. man in the middle
B. denial of service
C. distributed denial of service
D. replay
HIDE ANSWERS
Correct Answer: C
Which flags indicate that an HTTP connection was stopped by a security appliance, like a
firewall, before it could be built fully?
08/09/2017 – by Mod_GuideK 2
In NetFlow records, which flags indicate that an HTTP connection was stopped by a security
appliance, like a firewall, before it could be built fully?
A. ACK
B. SYN ACK
C. RST
D. PSH, ACK
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: B
Which evasion technique does this attempt indicate?
08/09/2017 – by Mod_GuideK 4
An intrusion detection system begins receiving an abnormally high volume of scanning from
numerous sources. Which evasion technique does this attempt indicate?
A. traffic fragmentation
B. resource exhaustion
C. timing attack
D. tunneling
HIDE ANSWERS
Correct Answer: B (A ???)
While viewing packet capture data, you notice that one IP is sending and receiving traffic
for multiple devices by modifying the IP header, Which option is making this behavior
possible?
08/09/2017 – by Mod_GuideK 0
While viewing packet capture data, you notice that one IP is sending and receiving traffic for
multiple devices by modifying the IP header, Which option is making this behavior possible?
A. TOR
B. NAT
C. encapsulation
D. tunneling
HIDE ANSWERS
Correct Answer: B
Which layer?
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
Which two protocols are used for email (Choose two )
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: DE
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: AB
Which security monitoring data type requires the most storage space?
08/09/2017 – by Mod_GuideK 1
Which security monitoring data type requires the most storage space?
A. full packet capture
B. transaction data
C. statistical data
D. session data
HIDE ANSWERS
Correct Answer: A
Which type of exploit normally requires the culprit to have prior access to the target
system?
08/09/2017 – by Mod_GuideK 1
Which type of exploit normally requires the culprit to have prior access to the target system?
A. local exploit
B. denial of service
C. system vulnerability
D. remote exploit
HIDE ANSWERS
Correct Answer: A
Which identifier is used to describe the application or process that submitted a log
message?
08/09/2017 – by Mod_GuideK 1
Which identifier is used to describe the application or process that submitted a log message?
A. action
B. selector
C. priority
D. facility
HIDE ANSWERS
Correct Answer: D
Which concern is important when monitoring NTP servers for abnormal levels of traffic?
08/09/2017 – by Mod_GuideK 5
Which concern is important when monitoring NTP servers for abnormal levels of traffic?
A. Being the cause of a distributed reflection denial of service attack.
B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.
HIDE ANSWERS
Correct Answer: A
Which protocol is primarily supported by the third layer of the Open Systems
Interconnection reference model?
08/09/2017 – by Mod_GuideK 0
Which protocol is primarily supported by the third layer of the Open Systems Interconnection
reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS
HIDE ANSWERS
Correct Answer: B
Which term represents a potential danger that could take advantage of a weakness in a
system?
08/09/2017 – by Mod_GuideK 16
Which term represents a potential danger that could take advantage of a weakness in a system?
A. vulnerability
B. risk
C. threat
D. exploit
HIDE ANSWERS
Correct Answer: D (C????)
Which security principle states that more than one person is required to perform a critical
task?
08/09/2017 – by Mod_GuideK 1
Which security principle states that more than one person is required to perform a critical task?
A. due diligence
B. separation of duties
C. need to know
D. least privilege
HIDE ANSWERS
Correct Answer: B
08/09/2017 – by Mod_GuideK 3
You must create a vulnerability management framework. Which main purpose of this framework
is true?
A. Conduct vulnerability scans on the network.
B. Manage a list of reported vulnerabilities.
C. Identify remove and mitigate system vulnerabilities.
D. Detect and remove vulnerabilities in source code.
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: B
Which event occurs when a signature-based IDS encounters network traffic that triggers
an alert?
08/09/2017 – by Mod_GuideK 0
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?
A. connection event
B. endpoint event
C. NetFlow event
D. intrusion event
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
Which term describes the act of a user, without authority or permission, obtaining rights
on a system, beyond what were assigned?
08/09/2017 – by Mod_GuideK 0
Which term describes the act of a user, without authority or permission, obtaining rights on a
system, beyond what were assigned?
A. authentication tunneling
B. administrative abuse
C. rights exploitation
D. privilege escalation
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 2
Refer to the exhibit. A TFTP server has recently been installed in the Atlanta office. The network
administrator is located in the NY office and has attempted to make a connection to the TFTP
server. They are unable to backup the configuration file and Cisco IOS of the NY router to the
TFTP server
Which cause of this problem is true?
A. The TFTP server cannot obtain an address from a DHCP Server.
B. The TFTP server has an incorrect IP address.
C. The network administrator computer has an incorrect IP address
D. The TFTP server has an incorrect subnet mask.
HIDE ANSWERS
Correct Answer: A (B???)
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: C
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A
08/09/2017 – by Mod_GuideK 7
Which option is an advantage to using network-based anti-virus versus host-based anti- virus?
A. Network-based has the ability to protect unmanaged devices and unsupported operating
systems.
B. There are no advantages compared to host-based antivirus.
C. Host-based antivirus does not have the ability to collect newly created signatures.
D. Network-based can protect against infection from malicious files at rest.
HIDE ANSWERS
Correct Answer: A (D???)
Which evasion method involves performing actions slower than normal to prevent
detection?
08/09/2017 – by Mod_GuideK 3
Which evasion method involves performing actions slower than normal to prevent detection?
A. traffic fragmentation
B. tunneling
C. timing attack
D. resource exhaustion
HIDE ANSWERS
Correct Answer: C (A???)
08/09/2017 – by Mod_GuideK 3
HIDE ANSWERS
Correct Answer: A
Which protocol is expected to have NTP a user agent, host, and referrer headers in a
packet capture?
08/09/2017 – by Mod_GuideK 8
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet
capture?
A. NTP
B. HTTP
C. DNS
D. SSH
HIDE ANSWERS
Correct Answer: B
08/09/2017 – by Mod_GuideK 1
HIDE ANSWERS
Correct Answer: D
08/09/2017 – by Mod_GuideK 0
HIDE ANSWERS
Correct Answer: A