Which two techniques are used in a smurf attack? (Choose two.) reflection session hijacking amplification botnets resource exhaustion.
What are three goals of a port scan attack? (Choose three.) to discover system passwords to identify operating systems to identify active services to determine potential vulnerabilities to identify peripheral configurations to disable used ports and services
.
When establishing a network profile for an organization, which element describes the time between the establishment of a data flow and its termination? routing protocol convergence session duration total throughput bandwidth of the Internet connection.
A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element? The IP addresses or the logical location of essential systems or data The time between the establishment of a data flow and its termination The TCP and UDP daemons and ports that are allowed to be open on the server The list of TCP or UDP processes that are available to accept data.
When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server? software environment service accounts critical asset address space listening ports.
In addressing an identified risk, which strategy aims to shift some of the risk to other parties? risk avoidance risk reduction risk sharing risk retention.
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this? a type of logic bomb a type of ransomware a type of virus a type of worm.
What characterizes a threat actor? They are all highly-skilled individuals. They always try to cause some harm to an individual or organization. They always use advanced tools to launch attacks. They all belong to organized crime.
What subnet mask is represented by the slash notation /20? 255.255.255.248 255.255.224.0 255.255.255.192 255.255.240.0 255.255.255.0.
A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the network identifier of the device? 1000:00d8:0058:00ab 2001 2001:0db8:cafe:4500:1000:00d8:0058:00ab 2001:0db8:cafe:4500:1000 2001:0db8:cafe:4500.
What best describes the destination IPv4 address that is used by multicasting? A single IP multicast address that is used by all destinations in a group An IP address that is unique for each destination in the group A 48-bit address that is determined by the number of members in the multicast group A group address that shares the last 23 bits with the source IPv4 address.
A threat actor has identified the potential vulnerability of an organization's web server and is building an attack. What will the threat actor possibly do to build an attack weapon? Collect credentials of the web server developers and administrators. Install a web shell on the web server for persistent access. Obtain an automated tool in order to deliver the malware payload through the vulnerability. Create a point of persistence by adding services.
Which type of data would be considered an example of volatile data? Web browser cache Log files Memory registers Temp files.
What type of attack targets an SQL database using the input field of a user? XML injection SQL injection Buffer overflow Cross-site scripting.
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? CAM table attack DHCP spoofing IP address spoofing DHCP starvation.
Which wireless parameter is used by an Access Point to broadcast frames that include the SSID? passive mode active mode channel setting security mode.
How can statistical data be used to describe or predict network behavior? By displaying alert messages that are generated by Snort. By comparing normal network behavior to current network behavior. By recording conversations between network endpoints. By listing the results of user web surfing activities.
Which Windows Event Viewer log includes events regarding the operation of drivers, processes, and hardware? Application logs System logs Setup logs Security logs.
What is the primary objective of a Threat Intelligence Platform (TIP)? To provide a specification for an application layer protocol that allows the communication of CTI over HTTPS To provide a security operations platform that integrates and enhances diverse security tools and threat intelligence To aggregate the data in one place and present it in a comprehensible and usable format To provide a standardized schema for specifying, capturing, characterizing, and communicating events and properties of network operations.
An IT enterprise recommends using PKI applications (Public Key Infrastructure) to exchange information between employees securely. In which two cases might an organization use PKI applications to exchange data between users securely? (Choose two.) HTTPS web service File and directory access permission 802.1x authentication FTP transfers Local NTP server.
Which two statements describe the use of Asymmetric Algorithms? (Choose two.) Public and private keys may be used interchangeably. If a public key is used to encrypt the data, a public key must be used to decrypt the data. If a private key is used to encrypt the data, a public key must be used to decrypt the data. If a public key is used to encrypt the data, a private key must be used to decrypt the data. If a private key is used to encrypt the data, a private key must be used to decrypt the data.
Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology? Require remote access connections through IPsec VPN. Deploy a Cisco SSL Appliance. Deploy a Cisco ASA. Use a Syslog Server to capture network traffic.
What are two characteristics of the SLAAC method for IPv6 address configuration? (Choose two.) Clients send router advertisement messages to routers to request IPv6 addressing. IPv6 addressing is dynamically assigned to clients through the use of ICMPv6. This stateful method of acquiring an IPv6 address requires at least one DHCPv6 server. The default gateway of an IPv6 client on a LAN will be the link-local address of the router interface attached to the LAN. Router solicitation messages are sent by the router to offer IPv6 addressing to clients.
Which two ICMPv6 messages are used during the Ethernet MAC address resolution process? (Choose two.) router solicitation neighbor advertisement router advertisement neighbor solicitation echo request.
Which device supports the use of SPAN (Switch port Analyze) to enable monitoring of malicious activity? Cisco IronPort Cisco Security Agent Cisco Catalyst Switch Cisco NAC.
What are the two ways threat actors use NTP? (Choose two.) Threat actors use NTP systems to direct DDoS attacks. They place iFrames on a frequently used corporate web page. They encode stolen data as the subdomain portion where the nameserver is under control of an attacker. They place an attachment inside an email message. They attack the NTP infrastructure in order to corrupt the information used to log the attack.
Which threat actor can use two network protocols to exfiltrate data in traffic that is disguised as normal network traffic? (Choose two.) syslog DNS SMTP NTP HTTP.
Which application layer protocol is used to provide file-sharing and print services to Microsoft applications? SMB DHCP HTTP SMTP.
What information is required for a WHOIS query? FQDN of the domain Outside global address of the client ICANN lookup server address Link-local address of the domain owner.
Which tool included in the Security Onion is a series of software plugins that send different types of data to the Elasticsearch data stores? OSSEC Curator Beats ElastAlert.
Which term is used to describe the process of identifying the NSM-related data to be gathered? data archiving data normalization data reduction data retention.
An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.) All devices must have open authentication with the corporate network. The level of access of employees when connecting to the corporate network must be defined. Rights and activities permitted on the corporate network must be defined. All devices should be allowed to attach to the corporate network flawlessly. Safeguards must be put in place for any personal device being compromised. All devices must be insured against liability if used to compromise the corporate network.
Which device in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks but allows internal users within an organization to connect to untrusted networks? internal router IPS access layer switch firewall .
A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.) a single process for authentication and authorization separate processes for authentication and authorization hidden passwords during transmission encryption for all communication encryption for only the data.
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server. In contrast, the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework? authentication accounting automation authorization.
What are the three core functions provided by the Security Onion? (Choose three.) business continuity planning alert analysis security device management threat containment intrusion detection full packet capture.
What best describes the security threat of spoofing? Sending bulk emails to individuals, lists, or domains to prevent users from accessing email. Intercepting traffic between two hosts or inserting false information into traffic between two hosts. Making data appear to come from a source that is not the actual source. Sending abnormally large amounts of data to a remote server to prevent user access to the server services.
What is a property of the ARP table on a device? Every operating system uses the same timer to remove old entries from the ARP cache. An ARP table's entries are time-stamped and purged after the timeout expires. Static IP-to-MAC address entries are removed dynamically from the ARP table. Windows operating systems store ARP cache entries for 3 minutes.
A newly created company has fifteen Windows 10 computers that need to be installed before the company can open for business. What is a best practice that the technician should implement when configuring the Windows Firewall? The technician should create instructions for corporate users on how to allow an app through the Windows Firewall using the Administrator account. The technician should remove all default firewall rules and selectively deny traffic from reaching the company network. The technician should enable the Windows Firewall for inbound traffic and install other firewall software for outbound traffic control. After implementing third-party security software for the company, the technician should verify that the Windows Firewall is disabled.
What is a characteristic of a Trojan horse as it relates to network security? Malware is contained in a seemingly legitimate executable program. Extreme quantities of data are sent to a particular network device interface. Too much information is destined for a particular memory block, causing additional memory areas to be affected. An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
What technique is used in social engineering attacks? man-in-the-middle phishing buffer overflow sending junk email.
What are two evasion techniques that hackers use? (Choose two.) Phishing Trojan horse Reconnaissance Rootkit Pivot.
What are two drawbacks to using HIPS? (Choose two.) With HIPS, the success or failure of an attack cannot be readily determined. If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic. HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks. HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network. With HIPS, the network administrator must verify support for all the different operating systems used in the network.
What are the three functions provided by the Syslog service? (Choose three.) To gather logging information for monitoring and troubleshooting. To provide statistics on packets that are flowing through a Cisco device. To periodically poll agents for data. To specify the destinations of captured messages. To provide traffic analysis. To select the type of logging information that is captured.
A technician needs to verify file permissions on a specific Linux file. Which command would the technician use? sudo cd vi ls -l.
Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)? It is easier to use than other server operating systems. The administrator has control over specific security functions but not standard applications. More network applications are created for this environment. It can be acquired at no charge.
Which protocol or service uses UDP for a client-to-server communication and TCP for server-to-server communication DNS HTTP FTP SMTP.
Which two statements describe the characteristics of Symmetric Algorithms? (Choose two.) They provide confidentiality, integrity, and availability. They are commonly used with VPN traffic. They use a pair of a public key and a private key. They are referred to as a pre-shared key or secret key. They are commonly implemented in the SSL and SSH protocols.
What are two properties of a cryptographic hash function? (Choose two.) The hash function is one-way and irreversible. The input for a particular hash algorithm has to have a fixed size. Hash functions can be duplicated for authentication purposes. Complex inputs will produce complex hashes. The output is a fixed length.
Which two statements are characteristics of a virus? (Choose two.) A virus provides the attacker with sensitive data, such as passwords. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus typically requires end-user activation. A virus replicates itself by independently exploiting vulnerabilities in networks.
A virus can be dormant and then activate at a specific time or date.
|
