sec160 ch 11 netacad quiz & terms
Which statement describes the tcpdump tool?
It is a command-line packet analyzer.
Threat actors may attack the _______infrastructure in order to corrupt network log timestamps and disguise any traces that they have left behind.
NTP
Which statement describes an operational characteristic of NetFlow?
NetFlow collects metadata about the packet flow, not the flow data itself.
Which two protocols may devices use in the application process that sends email? (Choose two.)
SMTP DNS
Identify the security technology from the data type description
match - security technology
Identify the NexGen IPS event type
match NexGen IPS event
Identify Windows event message severity
matching Windows events
Identify types of network monitoring data
match
Identify the monitored protocol
match
Identify IIS server access log fields
192.168.114.201, -, 03/20/01, 7:55:20, W3SVC2, CATALOG, 198.51.100.34, 3778, 172, 3187, 200, 0, GET, /home.htm, -,
Identify Apache web server access log fields
203.0.113.127 - dsmith [10/Oct/2016:10:26:57 -0500] "GET /logo_sm.gif HTTP/1.0" 200 2254 " "http://www.example.com/links.html"" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
In a Cisco AVC system, in which module is NBAR2 deployed?
Application Recognition
What type of server can threat actors use DNS to communicate with?
CnC
Which Windows tool can be used to review host logs?
Event Viewer
Refer to the exhibit. A network administrator is reviewing an Apache access log message. What does the hyphen symbol (-) before "jsmith" indicate?
The client information is unavailable or unreliable.
A NIDS/NIPS has identified a threat. Which type of security data will be generated and sent to a logging device?
alert
iFrame
an HTML tag often used to exploit HTTP
tcpdump
an example of a command line tool that can be used for packet analysis.
Cisco Cognitive Threat Analytics (Cisco CTA)
an example of a network security monitoring tool that uses statistical analysis and is able to find malicious activity that has bypassed security controls.
IPFIX
an open standard version of the Cisco NetFlow.
NBA and NBAD
approaches to network security monitoring that use advanced analytical techniques to analyze the NetFlow or IPFIX network telemetry data.
load balancing
distribution of traffic between devices or network paths to prevent network resources from being overwhelmed with too much traffic.
examples of peer-to-peer networking
file sharing, process sharing, and instant messaging.
Which Windows host log event type describes the successful operation of an application, driver, or service?
information
Identify the impact of the technology on security and monitoring
match
Which type of security data can be used to describe or predict network behavior?
statistical
Which type of server daemon accepts messages sent by network devices to create a collection of log entries?
syslog
What is the purpose of Tor?
to allow users to browse the Internet anonymously
A security analyst reviews network logs. The data shows user network activities such as user name, IP addresses, web pages accessed, and timestamp. Which type of data is the analyst reviewing?
transaction
True or False? ICMP can be used inside the corporation to pose a threat
true