Which statement about the difference between a denial.of.service attack and a distributed denial.of service attack is true?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which statement about the difference between a denial.of.service attack and a distributed denial.of service attack is true? A. dos attacks only use flooding to compromise a network, and DDOS attacks m=only use other methods? B. Dos attacks are launched from one host, and DDOS attacks are lunched from multiple hosts. C. Dos attacks are lunched from one host, and DDOS attacks are lunched from multiple hosts D. DDos attacks are lunched from one host, and DOS attacks are lunched from multiple hosts E. Dos attacks and DDOS attacks have no differences HIDE ANSWERS Correct Answer: B Which purpose can Windows management instrumentation be used?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 1 1 For which purpose can Windows management instrumentation be used? A. Remote viewing of a computer B. Remote blocking of malware on a computer C. Remote reboot of a computer D. Remote start of a computer HIDE ANSWERS Correct Answer: A -------- C (from Microsoft website) Which international standard is for general risk management, including the principles and guidelines for managing risk?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 2 2 Which international standard is for general risk management, including the principles and guidelines for managing risk? A. ISO 27001 B. ISO 27005 C. ISP 31000 D. ISO 27002 HIDE ANSWERS
Correct Answer: C (ISO 31000)
Which process continues to be recorded in the process table after it has ended and the status is returned to the parent?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 3 3 Which process continues to be recorded in the process table after it has ended and the status is returned to the parent? A. daemon B. zombie C. orphan D. child HIDE ANSWERS Correct Answer: C (B by some people as zombie process suits ???) Which kind of attack does an attacker use known information in encrypted files to break the encryption scheme for the rest of A. known.plaintext
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 For which kind of attack does d oes an attacker use known information in encrypted files to break the encryption scheme for the rest of A. known.plaintext kno wn.plaintext B. known.ciphertext C. unknown key D. man in the middle HIDE ANSWERS Correct Answer: A Which technology is network level encrypted not natively incorporated?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 In which technology is network level encrypted not natively incorporated? A. Kerberos B. ssl C. tls D. IPsec HIDE ANSWERS Correct Answer: A
Which purpose of command and control for network aware malware is true?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which purpose of command and control con trol for network aware malware is true? A. It helps the malware to profile the host B. It takes over the user account C. It contacts a remote server for command and updates D. It controls and down services on the infected host HIDE ANSWERS Correct Answer: C Which action is an attacker taking when they attempt to gain root access on the victims system?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which action is an attacker taking when they attempt to gain root access ac cess on the victims system? A. privilege escalation B. command injections C. root kit D. command and control HIDE ANSWERS Correct Answer: A Which vulnerability is an example of Shellshock?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which vulnerability is an example of Shellshock? A. SQL injection B. heap Overflow C. cross site scripting D. command injection HIDE ANSWERS Correct Answer: D What type of algorithm uses the same key to encrypt and decrypt data?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 What type of algorithm uses the same key to encrypt and decrypt data? A. a symmetric algorithm
B. an asymetric algorithm C. a Public Key infrastructure algorithm D. an IP Security algorithm
HIDE ANSWERS Correct Answer: A Which actions can a promiscuous IPS take to mitigate an attack?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which actions can a promiscuous IPS take to mitigate an attack? A. modifying packets B. requesting connection blocking C. denying packets D. resetting the TCP connection E. requesting host blocking F. denying frames HIDE ANSWERS Correct Answer: BDE Which Statement about personal firewalls is true?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which Statement about personal firewalls is true? A. They are resilient against kernal attacks B. They can protect email messages and private documents in a similar way to a VPN C. They can protect the network against attacks D. They can protect a system by denying probing requests HIDE ANSWERS Correct Answer: D Which three statements about host-based IPS are true?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which three statements about host-based IPS are true? (Choose three) A. It can view encrypted files B. It can be deployed at the perimeter C. It uses signature-based policies D. It can have more restrictive policies than network-based IPS E. It works with deployed firewalls F. It can generate alerts based on behavior at the desktop level.
HIDE ANSWERS Correct Answer: ADF What is a possible result of this activity?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity? A. The switch could offer fake DHCP addresses. B. The switch could become the root bridge. C. The switch could be allowed to join the VTP domain D. The switch could become a transparent bridge. HIDE ANSWERS Correct Answer: B Which reason is true?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 You get an alert on your desktop computer showing that an attack was successful on the host but up on investigation you see that occurred duration the attack. Which reason is true? A. The computer has HIDS installed on it B. The computer has NIDS installed on it C. The computer has HIPS installed on it D. The computer has NIPS installed on it HIDE ANSWERS Correct Answer: A Where are configuration records stored?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Where are configuration records stored? A. In a CMDB B. In a MySQL DB C. In a XLS file D. There is no need to store them HIDE ANSWERS Correct Answer: A
Which of the following is true about heuristic-based algorithms?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which of the following is true about heuristic-based al gorithms? A. Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize the possibility of false positives. B. Heuristic-based algorithms do not require fine tuning. C. Heuristic-based algorithms support advanced malware protection. D. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and tuning. HIDE ANSWERS Correct Answer: A How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full-duplex mode?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 How many broadcast domains are created if three hosts are connected to a Layer 2 switch in fullduplex mode? A. 4 B. 3 C. None D. 1 HIDE ANSWERS Correct Answer: D What is one of the advantages of the mandatory access control (MAC) model?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 What is one of the advantages of the mandatory access control (MAC) model? A. Stricter control over the information access. B. Easy and scalable. C. The owner can decide whom to grant access to. D. Complex to administer. HIDE ANSWERS Correct Answer: A What is the subject location considered?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0
According to the attribute-based access control (ABAC) model, what is the subject location considered? A. Part of the environmental attributes B. Part of the object attributes C. Part of the access control attributes D. None of the above HIDE ANSWERS Correct Answer: A Which case should an employee return his laptop to the organization?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 In which case should an employee return his laptop to the organization? A. When moving to a different role B. Upon termination of the employment C. As described in the asset return policy D. When the laptop is end of lease HIDE ANSWERS Correct Answer: C
Which of the following are metrics that can measure the effectiveness of a runbook?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which of the following are metrics that can measure the effectiveness of a runbook? A. Mean time to repair (MTTR) B. Mean time between failures (MTBF) C. Mean time to discover a security incident D. All of the above HIDE ANSWERS Correct Answer: D
Which of the following are metrics that can measure the effectiveness of a runbook?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which of the following are metrics that can measure the effectiveness of a runbook? A. Mean time to repair (MTTR) B. Mean time between failures (MTBF)
C. Mean time to discover a security incident D. All of the above
HIDE ANSWERS Correct Answer: D Which of the following elements within a packet?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists (ACLs). (ACLs). They inspect which of the following elements within a packet? (Choose Two) A. Session headers B. NetFlow flow information C. Source and destination ports and source and destination IP addresses D. Protocol information HIDE ANSWERS Correct Answer: CD
Which of the following are Cisco cloud security solutions?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Which of the following are Cisco cloud security solutions? A. CloudDLP B. OpenDNS C. CloudLock D. CloudSLS HIDE ANSWERS Correct Answer: BC
What is a trunk link used for?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 What is a trunk link used for? A. To pass multiple virtual LANs B. To connect more than two switches C. To enable Spanning Tree Protocol D. To encapsulate Layer 2 frames
HIDE ANSWERS Correct Answer: A
Which OSI layer does a router typically operate?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 At which OSI layer does a router typically operate? A. Transport B. Network C. Data link D. Application HIDE ANSWERS Correct Answer: B
Which devices?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 Cisco pxGrid has a unified framework with an open API designed In a hub-and-spoke architecture. pxGrid is used to enable the sharing of contextual-based Information from which devices? A. From a Cisco ASA to the Cisco OpenDNS service B. From a Cisco ASA to the Cisco WSA C. From a Cisco ASA to the Cisco FMC D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA HIDE ANSWERS Correct Answer: D
What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 What are the advantages of a full-duplex transmission mode compared to half-duplex mode? (Select all that apply.) A. Each station can transmit and receive at the same time. B. It avoids collisions. C. It makes use of backoff time. D. It uses a collision avoidance algorithm to transmit.
HIDE ANSWERS Correct Answer: AB
What is PHI?
05/27/2018 – 05/27/2018 – by by Mod_GuideK Mod_GuideK 0 0 What is PHI? A. Protected HIPAA information B. Protected health information C. Personal health information D. Personal human information HIDE ANSWERS Correct Answer: B
Drag and Drop
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 23 23 Drag and Drop Drag the data source on the left to the left to the correct data type on the right. Select and Place:
HIDE ANSWERS Correct Answer:
what does the v509v3 indicatess to? ( i remember the choices choose 3) a.publice key of the certificate b.private key of the certificate c.subject of the certificate d.(cant remember the two) what is a heartbleed attack? a.)command injection b.) buffer overlow c.)i dont know d.) i cant remmber how can you correlacte ntp in a accurate time something a.) asynchronous b.) get time from each network device c.)get from ad/ domain controller d.)synchronous time what access control is from the root administrator far as i remember the choices is
1.)mandatory b.)discressionary c) least priviledge d.) RBAC The FMC can share HTML, PDF and CSV data type that relate to a specific event type data. Which specific event type data? A. Connection B. Host C. Netflow D. Intrusion Answer: D Which of the following are metrics that can measure the effectiveness of a runbook? A. Mean time to repair (MTTR) B. Mean time between failures (MTBF) C. Mean time to discover a security incident D. All of the above Answer: D In which case should an employee return his laptop to the organization? A. When moving to a different role B. Upon termination of the employment C. As described in the asset return policy D. When the laptop is end of lease Answer: C What are the advantages of a full-duplex transmission mode compared to half-duplex mode? (Select all that apply.) A. Each station can transmit and receive at the same time. B. It avoids collisions. C. It makes use of backoff time. D. It uses a collision avoidance algorithm to transmit. Answer: AB Stateful and traditional firewalls can analyze packets an d judge them against a set of of predetermined rules called access control lists (ACLs). (ACLs). They inspect which of the following elements within a packet? (Choose Two) A. Session headers B. NetFlow flow information C. Source and destination ports and source and destination IP addresses D. Protocol information Answer: CD
Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke architecture. pxGrid is used to enable the sh aring of contextual-based information from which devices? A. From a Cisco ASA to the Cisco OpenDNS service B. From a Cisco ASA to the Cisco WSA C. From a Cisco ASA to the Cisco FMC D. From a Cisco ISE session directory to other pol icy network systems, such as Cisco IOS devices and the Cisco ASA For which purpose can Windows management instrumentation be used? A. Remote viewing of a computer B. Remote blocking of malware on a computer C. Remote reboot of a computer D. Remote start of a computer Answer: A Which international standard is for general risk management, including the principles and guideline for managing risk? A. ISO 31000 B. ISO 27001 C. ISO 27005 D. ISO 27002 Answer: A Which statement about the difference between a denial-of-service attack and a distributed denial of service attack is true? A. Dos attack are launched from one host, and DDoS attack are launched from multiple host. B. DoS attack and DDoS attack have no differences. C. DDoS attacks are launched from one host, and DoS attacks are launched from multiple host. D. Dos attack only use flooding to compromise a network, and DDoS attacks a ttacks only use other methods. Answer: A You discover that a foreign government hacked one of the defense contractors in your country and stole intellectual property. In this situation, which option is considered the threat agent? A. method in which the hack occurred B. defense contractor that stored the intellectual property C. intellectual property that was stolen D. foreign government that conducted the attack Answer: A After a large influx of network traffic to externally facing devices, you begin investigating what appear to be a denial of service attack. When you review packets capture data, you notice that the traffic is a single SYN packet to each port. Which kind of attack is this? A. SYN flood.
B. Host profiling. C. Traffic fragmentation. D. Port scanning. Answer: D Which definition of common event format is terms of a security information and event management solution is true? A. A type of event log used to identify a successful user login. B. A TCP network media protocol. C. Event log analysis certificate that stands for certified event forensics. D. A standard log event format that is used for log collection. Answer: D Which definition of a Linux daemon is true? A. Process that is causing harm to the system by either using up system resources or causing a critical crash. B. Long – Long – running running process that is the child at the init process. C. Process that has no parent process. D. Process that is starved at the CPU. Answer: B Which term describes reasonable effort that must be made to obtain relevant information to facilitate appropriate courses of action? A. Due diligence. B. Ethical behavior. C. Decision making. D. Data mining. Answer: A According to the common vulnerability scoring system, which term is associated with scoring multiple vulnerabilities that are exploit in the course of a single attack? A. chained score B. risk analysis C. vulnerability chaining D. confidentiality Answer: C In which format are NetFlow records stored? A. hexadecimal B. base 10 C. binary D. ASCII Answer: C Which purpose of Command and Control for network aware malware is true? A. It contacts a remote server for commands and updates.
B. It controls and shuts down services on th e infected host. C. It helps the malware to profile the host D. It takes over the user account. Answer: A Which of the following access control models use security labels to make access decisions? A. Discretionary access control (DAC) B. Mandatory access control (MAC) C. Role-based access control (RBAC) D. Identity-based access control (IBAC) Answer: B Q).what type of attack is shell shock? i think the answer is command injection since the word shell is in the name.
– Which Which format Netflow uses? Base10 ASCII Binary Hexadecimal – A A question about SYN flood. Gives the scenario that using a Full Packet Capture tool, you notice multiple SYN messages, this is an example of what? Possible answer: SYN flood There was a question about ab out ciphers. The scenario was attacker known some information in the – There cipher text of several messages and also knows kno ws something about the plaintext that underlies the cipher-text. (This scenario describes both a Known-plaintext Attack and a Meet-in-the-middle Attack). Question ask which type ot attack of it. A possible answer was man-in-the-middle, which is obviously wrong. Leavin g Known-plaintext Attack as the best option. – Question Question ask about daemon process. a processes that detaches themselves from the script that starts them and continue to run in the background. The answer ended with something like, ‘it is spawned from an parent init process.’ – Question Question ask about zombie process. the answer was something like, completed processes that are n ot yet removed from the kernel’s process table – Question Question about SIEM provide HTML, PDF and CSV format and asked what is it? (I don’t know what this question means) – Question Question said that a foreign government attacks a ttacks your defense weapons contractor and stole intellectual property, that foreign government is defined as what?
1) Defense Weapons Contractor who stole intellectual property 2) Foreign government who conduct attack 3) Intellectual property got stolen 4) method used by foreign government to hack (Don’t sure the correct answer, maybe 2)? Don’t understand very well) – Question Question making a statement like Microsoft PPTP used RC4 is stream cipher, what attacks is it vulnerable to when the same key is used twice. Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to deduce the plaintext or key k ey from just that information, using statistical analysis – A A question about CVSS was how is scoring handled when multiple vulnerabilities are found in the same attack. Vulnerability Chaining (While not a formal metric, guidance on scoring multiple vulnerabilities is provided with Vulnerability Chaining. https://www.first.org/cvss/cvss-v30user_guide_v1.1.pdf ) – Several Several question and/or answers had RFC numbers. The ones about DNS you really only need to know that DNS queries use UDP port 53 and Zone transfers used TCP port 53, in the quoted RFCs. Answer given include UDP 53 and TCP 53 – There There was an ISO implementing guidance for general risk management question. Answer given ISO 27001 to 27005. This person selected 270002, which he thought is correct after memorizing the titles for IS0 27001 – 27001 – 27005 27005 – There There was question about what is the command to see every process on the Linux system. Maybe this answer is ps -ef one that asked something like, what event types does FMC record? FMC = Firepower – one Management Center – something something similar to, what cryptography is used on Digital Certificates? The answers included: SHA-256 SHA-512 RSA 4096 I think answers are SHA-256 and SHA-384 S HA-384 if it appears on the answers list. – SIEM SIEM Common Event Format, what is it? He didn’t remember the exact question but given that syslog syslog message format is used as a transport mechanism for a Common Event Format, He’d look for something related to that in an answer. – A A question about what device terminate broadcast domains. Router is the answer
– A A question making a statement like, RC4 is stream cipher, what attacks is it vulnerable to when the same key is used twice. Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to deduce the plaintext or key k ey from just that information, using statistical analysis Netflow data type –binary, hexadecimal, base10 or decimal. Standards helps organizations keep information assets secure- iso 27001 Read about hashing attacks like known plain text, known cypher text, cypher txt only and meet in the middle. Read about ps -ef - ef Linux command.. Read about Linux zombie process, parent process, child process, orphan process…
Read about cvss.
Which two features must a next generation firewall include?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 4 4 Which two features must a next generation firewall include? (Choose two.) A. data mining B. host-based antivirus C. application visibility and control D. Security Information and Event Management E. intrusion detection system HIDE ANSWERS Correct Answer: CE Which term represents a weakness in a system that could lead to the system being compromised?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which term represents a weakness in a system that c ould lead to the system being compromised? A. vulnerability B. threat C. exploit D. risk HIDE ANSWERS Correct Answer: A Which definition of Windows Registry is true?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 2 2 Which definition of Windows Registry is true? A. set of pages that are currently resident m physical memory B. basic unit to which the operating system allocates processor time C. set of virtual memory addresses D. database that stores low-level settings for the operating system HIDE ANSWERS Correct Answer: D Which definition of the IIS Log Parser tool is true?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 1 1 Which definition of the IIS Log Parser tool is true? A. a logging module for IIS that allows you to log to a database B. a data source control to connect to your data source C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies D. a powerful versatile tool that verifies the integrity of the log files HIDE ANSWERS Correct Answer: C Drag and Drop
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 5 5 Drag and Drop Drag the technology on the left to the data type the technology provides on the right. Select and Place:
HIDE ANSWERS Correct Answer:
Which three options are types of Layer 2 network attack?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which three options are types of Layer 2 network attack? (Choose three.) A. ARP attacks B. brute force attacks C. spoofing attacks D. DDOS attacks
E. VLAN hopping F. botnet attacks
HIDE ANSWERS Correct Answer: ACE How many broadcast domains are present on the router?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 If a router has four interfaces and each interface is connected to four switches, how man y broadcast domains are present on the router? A. 1 B. 2 C. 4 D. 8 HIDE ANSWERS Correct Answer: C
Where does routing occur within the DoD TCP/IP reference model?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Where does routing occur within the DoD TCP /IP reference model? A. application B. internet C. network D. transport HIDE ANSWERS Correct Answer: B
Which NTP command configures the local device as an NTP reference clock source?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which NTP command configures the local device as an NTP reference clock source? A. ntp peer B. ntp broadcast C. ntp master D. ntp server HIDE ANSWERS
Correct Answer: C
Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which technology allows a large number of private IP addresses to be represented by b y a smaller number of public IP addresses? A. NAT B. NTP C. RFC 1631 D. RFC 1918 HIDE ANSWERS Correct Answer: A
Which statement about digitally signing a document is true?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 1 1 Which statement about digitally signing a document is true? A. The document is hashed and then the document is encrypted with the private key. B. The document is hashed and then the hash is encrypted with the private key. C. The document is encrypted and then the document is hashed with the public key D. The document is hashed and then the document is encrypted with the public key. HIDE ANSWERS Correct Answer: B
Which reason can HTTPS traffic make security monitoring difficult?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 For which reason can HTTPS traffic make security monitoring difficult? A. encryption B. large packet headers C. Signature detection takes longer. D. SSL interception HIDE ANSWERS Correct Answer: A
Which directory is commonly used on Linux systems to store log files, including syslog and apache access logs?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which directory is commonly used on Linux systems to store log files, including syslog and apache access logs? A. /etc/log B. /root/log C. /lib/log D. /var/log HIDE ANSWERS Correct Answer: D
Which encryption algorithm is the strongest?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 1 1 Which encryption algorithm is the strongest? A. AES B. CES C. DES D. 3DES HIDE ANSWERS Correct Answer: A Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks? A. Internet Control Message Protocol B. Address Resolution Protocol C. Session Initiation Protocol D. Transmission Control Protocol/Internet Protocol HIDE ANSWERS Correct Answer: B Which definition of the virtual address space for a Windows process is true?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 1 1 Which definition of the virtual address space for a Windows process is true? A. actual physical location of an object in memory B. set of virtual memory addresses that it can use C. set of pages that are currently resident in physical memory D. system-level memory protection feature that is built into the operating system HIDE ANSWERS Correct Answer: B Which information security property is supported by encryption?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which information security property is supported by encryption? A. sustainability B. integrity C. confidentiality D. availability HIDE ANSWERS Correct Answer: C Which situation indicates application-level white listing?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 11 11 Which situation indicates application-level white listing? A. Allow everything and deny specific executable files. B. Allow specific executable files and deny specific executable files. C. Writing current application attacks on a whiteboard daily. D. Allow specific files and deny everything else. HIDE ANSWERS Correct Answer: D Which attack method is it vulnerable?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 1 1 If a web server accepts input from the user and passes it to a bash shell, to which attack method is it vulnerable? A. input validation B. hash collision
C. command injection D. integer overflow
HIDE ANSWERS Correct Answer: C Which definition describes the main purpose of a Security Information and Event Management solution ?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which definition describes the main purpose of a Security Information and Event Management solution ? A. a database that collects and categorizes indicators of compromise to evaluate and search for potential security threats B. a monitoring interface that manages firewall access control lists for duplicate firewall filtering C. a relay server or device that collects then forwards event logs to another log collection device D. a security product that collects, normalizes, and correlates event log data to provide holistic views of the security posture HIDE ANSWERS Correct Answer: D Which option is a purpose of port scanning?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which option is a purpose of port scanning? A. Identify the Internet Protocol of the target system. B. Determine if the network is up or down C. Identify which ports and services are open on the target host. D. Identify legitimate users of a system. HIDE ANSWERS Correct Answer: C Which transport protocol is recommended for use with DNS queries?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 4 4 According to RFC 1035 which wh ich transport protocol is recommended for use with DNS queries? A. Transmission Control Protocol B. Reliable Data Protocol
C. Hypertext Transfer Protocol D. User Datagram Protocol
HIDE ANSWERS Correct Answer: D What does CIA mean in this context?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context? contex t? A. Confidentiality, Integrity, and Availability B. Confidentiality, Identity, and Availability C. Confidentiality, Integrity, and Authorization D. Confidentiality, Identity, and Authorization HIDE ANSWERS Correct Answer: A Which term represents the practice of giving employees only those permissions necessary to perform their specific role within an organization?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 1 1 Which term represents the practice of giving employees onl y those permissions necessary to perform their specific role within an organization? A. integrity validation B. due diligence C. need to know D. least privilege HIDE ANSWERS Correct Answer: D Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred? A. chain of evidence B. evidence chronology C. chain of custody D. record of safekeeping
HIDE ANSWERS Correct Answer: C Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 9 9 Which two tasks can be performed p erformed by analyzing the logs of a traditional stateful firewall? (Choose two.) A. Confirm the timing of network connections differentiated by the TCP 5-tuple B. Audit the applications used within a social networking web site. C. Determine the user IDs involved in an instant messaging exchange. D. Map internal private IP addresses to dynamically translated external public IP addresses E. Identify the malware variant carried by ^n SMTP connection HIDE ANSWERS Correct Answer: AD (BE ???) Which security monitoring data type is associated with application server logs?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which security monitoring data type is associated with application server logs? A. alert data B. statistical data C. session data D. transaction data HIDE ANSWERS Correct Answer: D Where is a host-based intrusion detection system located?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Where is a host-based intrusion detection system located? A. on a particular end-point as an agent or a desktop application B. on a dedicated proxy server monitoring egress traffic C. on a span switch port D. on a tap switch port HIDE ANSWERS Correct Answer: A Which hash algorithm is the weakest?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 0 0 Which hash algorithm is the weakest? A. SHA-512 B. RSA 4096 C. SHA-1 D. SHA-256 HIDE ANSWERS Correct Answer: C Which problem is a possible explanation of this situation?
08/09/2017 – 08/09/2017 – by by Mod_GuideK Mod_GuideK 3 3 A user reports difficulties accessing certain external web pages, When ex amining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible explanation of this situation? A. insufficient network resources B. failure of full packet capture solution C. misconfiguration of web filter D. TCP injection HIDE ANSWERS Correct Answer: D Which tool is commonly used by threat actors on a webpage to take advantage of the softwarevulnerabilitiesof a system to spread malware? 08/09/2017 – by Mod_GuideK 0
Which tool is commonly used by threat actors on a webpage to take advantage of the softwarevulnerabilitiesof a system to spread malware? A. exploit kit B. root kit C. vulnerability kit D. script kiddie kit HIDE ANSWERS Correct Answer: A
Which files contain the same content? 08/09/2017 – by Mod_GuideK 0
Refer to the exhibit. During an analysis this list of email attachments is found. Which files contain the same content?
A. 1 and 4 B. 3 and 4 C. 1 and 3 D. 1 and 2 HIDE ANSWERS Correct Answer: C
Which network device is used to separate broadcast domains? 08/09/2017 – by Mod_GuideK 0
Which network device is used to separate broadcast domains? A. router B. repeater C. switch D. bridge HIDE ANSWERS Correct Answer: A
Which statement does the discretionary access control security model grant or restrict access ? 08/09/2017 – by Mod_GuideK 5
Based on which statement does the discretionary access control security model grant or restrict access ? A. discretion of the system administrator B. security policy defined by the owner of an object C. security policy defined by the system administrator D. role of a user within an organization HIDE ANSWERS Correct Answer: B
Which cryptographic key is contained in an X.509 certificate? 08/09/2017 – by Mod_GuideK 1
Which cryptographic key is contained in an X.509 certificate? A. symmetric B. public C. private D. asymmetric HIDE ANSWERS Correct Answer: B
Which two activities are examples of social engineering? 08/09/2017 – by Mod_GuideK 9
Which two activities are examples of social engineering? (Choose two) A. receiving call from the IT department asking you to verify your username/password to maintain the account B. receiving an invite to your department’s weekly WebEx meeting C. sending a verbal request to an administrator to change the password to the account of a user the administrator does know D. receiving an email from MR requesting that you visit the secure HR website and update your contract information E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company HIDE ANSWERS Correct Answer: AD
Which definition of a fork in Linux is true? 08/09/2017 – by Mod_GuideK 1
Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets D. new process created by a parent process HIDE ANSWERS Correct Answer: D (C???)
Which two actions are valid uses of public key infrastructure? 08/09/2017 – by Mod_GuideK 8
Which two actions are valid uses of public pu blic key infrastructure? (Choose two ) A. ensuring the privacy of a certificate B. revoking the validation of a certificate C. validating the authenticity of a certificate D. creating duplicate copies of a certificate E. changing ownership of a certificate HIDE ANSWERS Correct Answer: AC (BC ??)
Which two terms are types of cross site scripting attacks? 08/09/2017 – by Mod_GuideK 0
Which two terms are types of cross site scripting attacks? (Choose two ) A. directed B. encoded C. stored D. reflected E. cascaded HIDE ANSWERS Correct Answer: CD
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to overwhelm their target? 08/09/2017 – by Mod_GuideK 1
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to overwhelm their target? A. man in the middle B. denial of service C. distributed denial of service D. replay HIDE ANSWERS Correct Answer: C
Which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall, before it could be built fully? 08/09/2017 – by Mod_GuideK 2
In NetFlow records, which flags indicate that an HTTP connection was stopped by b y a security appliance, like a firewall, before it could b e built fully? A. ACK B. SYN ACK C. RST D. PSH, ACK HIDE ANSWERS Correct Answer: C
Which definition of an antivirus program is true? 08/09/2017 – by Mod_GuideK 0
Which definition of an antivirus program is true? A. program used to detect and remove unwanted malicious software from the system B. program that provides real time analysis of security alerts generated by network hardware and application C. program that scans a running application for vulnerabilities D. rules that allow network traffic to go in and out HIDE ANSWERS Correct Answer: A
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones? 08/09/2017 – by Mod_GuideK 0
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones? A. replay B. man-in-the-middle C. dictionary D. known-plaintext HIDE ANSWERS Correct Answer: B
Which evasion technique does this attempt indicate? 08/09/2017 – by Mod_GuideK 4
An intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources. Which evasion technique does this attempt indicate? A. traffic fragmentation B. resource exhaustion C. timing attack D. tunneling HIDE ANSWERS Correct Answer: B (A ???)
While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header, Which option is making this behavior possible? 08/09/2017 – by Mod_GuideK 0
While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header, heade r, Which option is making this behavior possible? A. TOR B. NAT C. encapsulation D. tunneling HIDE ANSWERS Correct Answer: B
Which layer? 08/09/2017 – by Mod_GuideK 0
A firewall requires deep packet inspection to evaluate which layer? A. application B. Internet C. link D. transport HIDE ANSWERS Correct Answer: A
Which two protocols are used for email (Choose two ) 08/09/2017 – by Mod_GuideK 0
Which two protocols are used for email (Choose two ) A. NTP B. DNS C. HTTP D. IMAP E. SMTP HIDE ANSWERS Correct Answer: DE
Which two options are recognized forms of phishing? 08/09/2017 – by Mod_GuideK 0
Which two options are recognized forms of phishing? (Choose two ) A. spear B. whaling C. mailbomb D. hooking E. mailnet HIDE ANSWERS Correct Answer: AB
Which security monitoring data type requires the most storage space? 08/09/2017 – by Mod_GuideK 1
Which security monitoring data type requires the most storage space? A. full packet capture B. transaction data C. statistical data D. session data HIDE ANSWERS Correct Answer: A
Which type of exploit normally requires the culprit to have prior access to the target system?
08/09/2017 – by Mod_GuideK 1
Which type of exploit normally requires the culprit to have prior access to the target system? s ystem? A. local exploit B. denial of service C. system vulnerability D. remote exploit HIDE ANSWERS Correct Answer: A
Which identifier is used to describe the application or process that submitted a log message? 08/09/2017 – by Mod_GuideK 1
Which identifier is used to describe the application o r process that submitted a log message? A. action B. selector C. priority D. facility HIDE ANSWERS Correct Answer: D
Which concern is important when monitoring NTP servers for abnormal levels of traffic? 08/09/2017 – by Mod_GuideK 5
Which concern is important when monitoring NTP servers for abnormal levels of traffic? A. Being the cause of a distributed reflection denial of service attack. B. Users changing the time settings on their systems. C. A critical server may not have the correct time synchronized. D. Watching for rogue devices that have been added to the network. HIDE ANSWERS Correct Answer: A
Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model? 08/09/2017 – by Mod_GuideK 0
Which protocol is primarily supported by the third layer o f the Open Systems Interconnection reference model? A. HTTP/TLS B. IPv4/IPv6 C. TCP/UDP D. ATM/ MPLS HIDE ANSWERS Correct Answer: B
Which term represents a potential danger that could take advantage of a weakness in a system? 08/09/2017 – by Mod_GuideK 16
Which term represents a potential danger that could take advantage of a weakness in a system? A. vulnerability B. risk C. threat D. exploit HIDE ANSWERS Correct Answer: D (C????)
Which security principle states that more than one person is required to perform a critical task? 08/09/2017 – by Mod_GuideK 1
Which security principle states that more than one person is required to perform a critical task? A. due diligence B. separation of duties C. need to know D. least privilege HIDE ANSWERS Correct Answer: B
Which main purpose of this framework is true? 08/09/2017 – by Mod_GuideK 3
You must create a vulnerability management framework. Which main purpose of this framework is true? A. Conduct vulnerability scans on the network. B. Manage a list of reported vulnerabilities. C. Identify remove and mitigate system vulnerabilities. D. Detect and remove vulnerabilities in source code. HIDE ANSWERS Correct Answer: C
Which information is the term PHI used to describe? 08/09/2017 – by Mod_GuideK 0
In computer security, which information is the term PHI used to describe? A. private host information B. protected health information C. personal health information D. protected host information HIDE ANSWERS Correct Answer: B
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert? 08/09/2017 – by Mod_GuideK 0
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert? A. connection event B. endpoint event C. NetFlow event D. intrusion event HIDE ANSWERS Correct Answer: D
Which data can be obtained using NetFlow? 08/09/2017 – by Mod_GuideK 0
Which data can be obtained using NetFlow? A. session data
B. application logs C. network downtime D. report full packet capture HIDE ANSWERS Correct Answer: A
Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond what were assigned? 08/09/2017 – by Mod_GuideK 0
Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond what were assigned? A. authentication tunneling B. administrative abuse C. rights exploitation D. privilege escalation HIDE ANSWERS Correct Answer: D
Which cause of this problem is true? 08/09/2017 – by Mod_GuideK 2
Refer to the exhibit. A TFTP server has recently been installed in the Atlanta office. The network administrator is located in the NY office and has a ttempted to make a connection to the TFTP server. They are unable to backup the configuration file and Cisco IOS of the NY router to the TFTP server Which cause of this problem is true?
A. The TFTP server cannot obtain an address from a DHCP Server. B. The TFTP server has an incorrect IP address. C. The network administrator computer has an incorrect IP address D. The TFTP server has an incorrect subnet mask. HIDE ANSWERS Correct Answer: A (B???)
hich definition of a daemon on Linux is true? 08/09/2017 – by Mod_GuideK 0
Which definition of a daemon on Linux is true? A. error check right after the call to fork a process B. new process created by duplicating the calling process C. program that runs unobtrusively in the background D. set of basic CPU instructions HIDE ANSWERS Correct Answer: C
Which definition of vulnerability is true? 08/09/2017 – by Mod_GuideK 0
Which definition of vulnerability is true? A. an exploitable unpatched and unmitigated weakness in software B. an incompatible piece of software C. software that does not have the most current patch applied D. software that was not approved for installation HIDE ANSWERS Correct Answer: A
Which option is an advantage to using network-based anti-virus versus host-based antivirus? 08/09/2017 – by Mod_GuideK 7
Which option is an advantage to using network-based anti-virus versus host-based anti- virus? A. Network-based has the ability to protect unmanaged devices and unsupported operating systems.
B. There are no advantages compared to host-based antivirus. C. Host-based antivirus does not have the ability to collect newly created signatures. D. Network-based can protect against infection from malicious files at rest. HIDE ANSWERS Correct Answer: A (D???)
Which evasion method involves performing actions slower than normal to prevent detection? 08/09/2017 – by Mod_GuideK 3
Which evasion method involves performing actions slower than n ormal to prevent detection? A. traffic fragmentation B. tunneling C. timing attack D. resource exhaustion HIDE ANSWERS Correct Answer: C (A???)
Which hashing algorithm is the least secure? 08/09/2017 – by Mod_GuideK 3
Which hashing algorithm is the least secure? A. MD5 B. RC4 C. SHA-3 D. SHA-2 HIDE ANSWERS Correct Answer: A
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture? 08/09/2017 – by Mod_GuideK 8
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture? A. NTP B. HTTP
C. DNS D. SSH HIDE ANSWERS Correct Answer: B
Which definition of permissions in Linux is true? 08/09/2017 – by Mod_GuideK 1
Which definition of permissions in Linux is true? A. rules that allow network traffic to go in and out B. table maintenance program C. written affidavit that you have to sign before using the system D. attributes of ownership and control of an object HIDE ANSWERS Correct Answer: D
Which definition of a process in Windows is true? 08/09/2017 – by Mod_GuideK 0
Which definition of a process in Windows is true? A. running program B. unit of execution that must be manually scheduled by the application C. database that stores low-level settings for the OS and for certain applications D. basic unit to which the operating system allocates processor time HIDE ANSWERS Correct Answer: A
