|What is a Network Tap? A Cisco technology that provides statistics on packets flowing through a router or multilayer switch A passive device that forwards all traffic and physical layer errors to an analysis device A technology used to provide real-time reporting and long-term analysis of security events A feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device.
Which type of evidence cannot prove an IT security fact on its own? best corroborative indirect hearsay.
According to NIST, which step in the digital forensics process involves preparing and presenting information that results from scrutinizing data? examination collection reporting analysis.
What is privilege escalation? Everyone is given full rights by default to everything; rights are taken away only when someone abuses privileges. A security problem occurs when high-ranking corporate officials demand rights to systems or files they should not have. Vulnerabilities in systems are exploited to grant higher levels of privilege than someone, or some process should have. Someone is given rights because they have received a promotion.
Which PDU format is used when bits are received from the network medium by the NIC of a host? frame segment packet file.
Which statement is correct about network protocols? They are only required for the exchange of messages between devices on remote networks. Network protocols define the type of hardware that is used and how it is mounted in racks. They all function in the network access layer of TCP/IP. They define how messages are exchanged between the source and the destination.
What are three characteristics of an Information Security Management System (ISMS)? (Choose three.) It involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise. It consists of a management framework through which an organization identifies, analyzes, and addresses information security risks. It consists of a set of practices that are systematically applied to ensure continuous improvement in information security. It is a systematic and multilayered approach to cybersecurity. It addresses the inventory and control of hardware and software configurations of systems. It is based on the application of servers and security devices.
In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization including assessment of the likelihood of attacks and the impact of successful exploits on the organization vulnerability assessment risk analysis port scanning penetration testing.
Which NIST Cybersecurity Framework Core Function is concerned with the development and implementation of safeguards that ensure the delivery of critical infrastructure services? protect recover detect identify respond.
What is a characteristic of CybOX? The specification for an application layer protocol allows the communication of CTI over HTTPS. It enables the real-time exchange of cyber threat indicators between the U.S. Federal Government and the private sector. It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations. It is a set of specifications for exchanging cyberthreat information between organizations.
What part of the URL, http://www.cisco.com/index.html, represents the top-level DNS domain? index www http com.
In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet? inside local outside local inside global outside global.
A piece of malware has gained access to a workstation and issued a DNS lookup query to a CnC server. What is the purpose of this attack? to send stolen sensitive data with encoding to request a change of the IP address to masquerade the IP address of the workstation to check the domain name of the workstation.
What are two ways that ICMP can be a security threat to a company? (Choose two.) by corrupting network IP data packets by providing a conduit for DoS attacks by the infiltration of web pages by collecting information about a network by corrupting data between email servers and email recipients.
Which three IPv4 Header Fields have no equivalent in an IPv6 header? (Choose three.) fragment offset flag protocol version identification TTL.
A technician is troubleshooting a network connectivity problem. Pings to the local wireless router are successful, but pings to a server on the Internet are unsuccessful. Which CLI command could assist the technician in finding the location of the networking problem? ipconfig ipconfig/renew tracert msconfig.
Which ICMPv6 message type provides network addressing information to hosts that use SLAAC? neighbor solicitation neighbor advertisement router solicitation router advertisement.
Which three IP addresses are considered private addresses? (Choose three.) 172.17.254.4 18.104.22.168 10.234.2.1 22.214.171.124 126.96.36.199 192.168.5.29.
An administrator wants to create four subnetworks from the network address 192.168.1.0/24. What are the network address and subnet mask of the second useable subnet? subnetwork 192.168.1.32
subnet mask 255.255.255.240 subnetwork 192.168.1.64
subnet mask 255.255.255.192 subnetwork 192.168.1.128
subnet mask 255.255.255.192 subnetwork 192.168.1.8
subnet mask 255.255.255.224 subnetwork 192.168.1.64
subnet mask 255.255.255.240.
A user opens three browsers on the same PC to access www.cisco.com to search for certification course information. The Cisco web server sends a datagram as a reply to the request from one of the web browsers. Which information is used by the TCP/IP protocol stack in the PC to identify which of the three web browsers should receive the reply? the source IP address the destination port number the source port number the destination IP address.
A cybersecurity analyst needs to collect alert data. What are three detection tools to perform this task in the Security Onion architecture? (Choose three.) Wazuh CapME Zeek Kibana Sguil Wireshark.
Which debugging security tool is used by black hats to reverse engineer binary files when writing exploits? WinDbg Firesheep AIDE Skipfish.
Which two net commands are associated with network resource sharing? (Choose two.) net start net accounts net share net stop net use.
What is a key difference between the data captured by NetFlow and the data captured by Wireshark? NetFlow collects metadata from a network flow, whereas Wireshark captures full data packets. NetFlow provides transaction data, whereas Wireshark provides session data. NetFlow data shows network flow contents, whereas Wireshark data shows network flow statistics. NetFlow data is analyzed by tcpdump, whereas Wireshark data is analyzed by nfdump.
Which two options are window managers for Linux? (Choose two.) File Explorer Kali Gnome PenTesting KDE.
Which method can be used to harden a device? Allow USB auto-detection Maintain the use of the same passwords Use SSH and disable the root account access over SSH Allow default services to remain enabled.
What are two uses of an access control list? (Choose two.) ACLs can control which areas a host can access on a network. Standard ACLs can restrict access to specific applications and ports. ACLs provide a basic level of security for network access. ACLs can permit or deny traffic based on the MAC address originating on the router. ACLs assist the router in determining the best path to a destination.
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.) SIP support 802.1X support password encryption utilization of transport layer protocols separate authentication and authorization processes.
Which approach can help block potential malware delivery methods on an Internet-faced web server, as described in the Cyber Kill Chain model? Audit the webserver to determine the origin of the exploit forensically. Collect malware files and metadata for future analysis. Build detections for the behavior of known malware. Analyze the infrastructure storage path used for files.
In the NIST Incident Response Process Life Cycle, which type of attack vector involves the use of brute force against devices, networks, or services? loss or theft media impersonation attrition.
What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.) The code has not been modified since it left the software publisher. The code is authentic and is actually sourced by the publisher. The code was encrypted with both a private and public key. The code contains no viruses. The code contains no errors.
When a user visits an online store website that uses HTTPS, the user browser queries the CA for a CRL. What is the purpose of this query? to check the length of the key used for the digital certificate to negotiate the best encryption to use to request the CA self-signed digital certificate to verify the validity of the digital certificate.
What are two potential network problems that can result from ARP operation? (Choose two.) Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent of intercepting network traffic. Manually configuring static ARP associations could facilitate ARP poisoning or MAC address spoofing. Multiple ARP replies result in the switch MAC address table containing entries that match the MAC addresses of hosts connected to the relevant switch port. Large numbers of ARP request broadcasts could cause the host MAC address table to overflow and prevent the host from communicating on the network. On large networks with low bandwidth, multiple ARP broadcasts could cause data communication delays.
What is the disadvantage of DDNS? DDNS is considered malignant and must be monitored by security software. DDNS is unable to co-exist on a network subdomain that also uses DNS. Using DDNS, a change in an IP address mapping can take over 24 hours and disrupt connectivity. Using free DDNS services, threat actors can quickly and easily generate subdomains and change DNS records.
Which host-based firewall uses a three-profile approach to configure the firewall functionality? TCP Wrapper nftables iptables Windows Firewall.
What is the benefit of converting log file data into a common schema? allows easy processing and analysis of datasets creates a data model based on fields of data from a source allows the implementation of partial normalization and inspection creates a set of regex-based field extractions.
Which core open source component of the Elastic Stack is responsible for accepting the data in its native format and making elements of the data consistent across all sources? Beats Elasticsearch Kibana Logstash.
A client is using SLAAC to obtain an IPv6 address for the interface. After an address has been generated and applied to the interface, what must the client do before it can begin to use this IPv6 address? It must wait for an ICMPv6 Router Advertisement message permitting to use of this address. It must send an ICMPv6 Neighbor Solicitation message to ensure that the address is not already in use on the network. It must send an ICMPv6 Router Solicitation message to request the address of the DNS server. It must send an ICMPv6 Router Solicitation message to determine what default gateway it should use.
Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification? assess discover verify prioritize assets.
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk? risk sharing risk retention risk reduction risk avoidance.
A help desk technician notices an increased number of calls relating to the performance of computers located at the manufacturing plant. The technician believes that the botnets are causing the issue. What are two purposes of botnets? (Choose two.) To transmit viruses or spam to computers on the same network. To record any keystrokes. To withhold access to a computer or files until money has been paid. To attack other computers. To gain access to the restricted part of the operating system.
Which two data types would be classified as personally identifiable information (PII)? (Choose two.) house thermostat reading hospital emergency use per region the average number of cattle per region vehicle identification number Facebook photographs.
Which statement defines the difference between session data and transaction data in logs? Session data is used to make predictions on network behaviors, whereas transaction data is used to detect network anomalies. Session data shows the result of a network session, whereas transaction data is in response to network threat traffic. Session data records a conversation between hosts, whereas transaction data focuses on the result of network sessions. Session data analyzes network traffic and predicts network behavior, whereas transaction data records network sessions.
An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy? Ask the user to stop immediately and inform the user that this constitutes grounds for dismissal. Revise the AUP immediately and get all users to sign the updated AUP. Create a firewall rule blocking the respective website Immediately suspend the network privileges of the user.
Which Cisco-sponsored certification is designed to provide the first step in acquiring the knowledge and skills to work with a SOC team? CCNA Data Center CCNA CyberOps Associate CCNA Cloud CCNA Security.
What are the two methods that a wireless NIC can use to discover an AP? (Choose two.) transmitting a probe request sending an ARP request broadcast initiating a three-way handshake receiving a broadcast beacon frame sending a multicast frame.
What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed? compiler penetration testing package manager rootkit.
A client device has initiated a secure HTTP request to a web browser. Which well-known port address number is associated with the destination address? 110 80 443 404.
A network administrator is reviewing server alerts because of reports of network slowness. The administrator confirms that an alert was an actual security incident. What is the security alert classification of this type of scenario? true negative false negative false positive true positive.
A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet? When the RTT value reaches zero. When the value in the TTL field reaches zero. When the router receives an ICMP Time Exceeded message. When the host responds with an ICMP Echo Reply message. When the values of both the Echo Request and Echo Reply messages reach zero.