Net Acad Final
CRL OCSP
What are two methods to maintain certificate revocation status? (Choose two.) CRL OCSP DNS LDAP subordinate CA
by providing a conduit for DoS attacks by collecting information about a network
What are two ways that ICMP can be a security threat to a company? (Choose two.) by the infiltration of web pages by providing a conduit for DoS attacks by collecting information about a network by corrupting network IP data packets by corrupting data between email servers and email recipients
Beats
Which tool included in the Security Onion is a series of software plugins that send different types of data to the Elasticsearch data stores? ElastAlert OSSEC Curator Beats
CapME Zeek Wazuh
A cybersecurity analyst needs to collect alert data. What are three detection tools to perform this task in the Security Onion architecture? (Choose three.) CapME Wireshark Kibana Sguil Zeek Wazuh Navigation
attrition
In the NIST incident response process life cycle, which type of attack vector involves the use of brute force against devices, networks, or services? attrition loss or theft impersonation media
WinDbg
What debugging security tool can be used by black hats to reverse engineer binary files when writing exploits? Firesheep AIDE WinDbg Skipfish
a type of ransomware
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this? a type of ransomware a type of worm a type of virus a type of logic bomb
true positive
A network administrator is reviewing server alerts because of reports of network slowness. The administrator confirms that an alert was an actual security incident. What is the security alert classification of this type of scenario? false positive true positive true negative false negative
to send stolen sensitive data with encoding
A piece of malware has gained access to a workstation and issued a DNS lookup query to a CnC server. What is the purpose of this attack? to masquerade the IP address of the workstation to request a change of the IP address to check the domain name of the workstation to send stolen sensitive data with encoding
tracert
A technician is troubleshooting a network connectivity problem. Pings to the local wireless router are successful but pings to a server on the Internet are unsuccessful. Which CLI command could assist the technician to find the location of the networking problem? msconfig ipconfig tracert ipconfig/renew
Task Manager
A technician notices that an application is not responding to commands and that the computer seems to respond slowly when applications are opened. What is the best administrative tool to force the release of system resources from the unresponsive application? Event Viewer System Restore Task Manager Add or Remove Programs
Rights and activities permitted on the corporate network must be defined. The level of access of employees when connecting to the corporate network must be defined. Safeguards must be put in place for any personal device being compromised.
An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.) Rights and activities permitted on the corporate network must be defined. All devices should be allowed to attach to the corporate network flawlessly. All devices must be insured against liability if used to compromise the corporate network. The level of access of employees when connecting to the corporate network must be defined. All devices must have open authentication with the corporate network. Safeguards must be put in place for any personal device being compromised.
rogue access point
An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation? spoofing denial of service rogue access point cracking
configuration management
For network systems, which management system addresses the inventory and control of hardware and software configurations? configuration management risk management vulnerability management asset management
detection and identification of open ports
For what purpose would a network administrator use the Nmap tool? detection and identification of open ports identification of specific network anomalies protection of the private IP addresses of internal hosts collection and analysis of security alerts and logs
by comparing normal network behavior to current network behavior
How can statistical data be used to describe or predict network behavior? by recording conversations between network endpoints by comparing normal network behavior to current network behavior by displaying alert messages that are generated by Snort by listing results of user web surfing activities
TCP Wrappers This is a rule-based access control and logging system for Linux Packet filtering based on IP addresses and network services. iptables This is an application that allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules. nftables This application uses a simple virtual machine in the Linux kernel where code is executed and network packets are inspected.
Match the Linux host-based firewall application with its description. iptables nftables TCP Wrappers This is a rule-based access control and logging system for Linux Packet filtering based on IP addresses and network services. This is an application that allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules. This application uses a simple virtual machine in the Linux kernel where code is executed and network packets are inspected.
R1
Refer to the exhibit. An administrator is trying to troubleshoot connectivity between PC1 and PC2 and uses the tracert command from PC1 to do it. Based on the displayed output, where should the administrator begin troubleshooting? SW1 R1 SW2 PC2
application, transport, Internet, and network access layers
Refer to the exhibit. If Host1 were to transfer a file to the server, what layers of the TCP/IP model would be used? only application and Internet layers application, transport, Internet, and network access layers only Internet and network access layers application, session, transport, network, data link, and physical layers only application, Internet, and network access layers only application, transport, network, data link, and physical layers
R1: G0/0
Refer to the exhibit. The IP address of which device interface should be used as the default gateway setting of host H1? R2: S0/0/1 R1: G0/0 R2: S0/0/0 R1: S0/0/0
discover a wireless AP, authenticate with the AP, associate with the AP
What are the stages that a wireless device completes before it can communicate over a wireless LAN network? discover a wireless AP, authenticate with the AP, associate with the AP discover a wireless AP, associate with the AP, authenticate with the AP discover a wireless AP, associate with the AP, authorize with the AP discover a wireless AP, authorize with the AP, associate with the AP
to specify the destinations of captured messages to select the type of logging information that is captured to gather logging information for monitoring and troubleshooting
What are three functions provided by the syslog service? (Choose three.) to periodically poll agents for data to provide statistics on packets that are flowing through a Cisco device to specify the destinations of captured messages to select the type of logging information that is captured to gather logging information for monitoring and troubleshooting to provide traffic analysis
to identify operating systems to identify active services to determine potential vulnerabilities
What are three goals of a port scan attack? (Choose three.) to identify operating systems to identify active services to disable used ports and services to discover system passwords to identify peripheral configurations to determine potential vulnerabilities
With HIPS, the network administrator must verify support for all the different operating systems used in the network. HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
What are two drawbacks to using HIPS? (Choose two.) HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks. With HIPS, the network administrator must verify support for all the different operating systems used in the network. If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic. HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network. With HIPS, the success or failure of an attack cannot be readily determined.
If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply. If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast.
What are two features of ARP? (Choose two.) When a host is encapsulating a packet into a frame, it refers to the MAC address table to determine the mapping of IP addresses to MAC addresses. If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply. If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast. If no device responds to the ARP request, then the originating node will broadcast the data packet to all devices on the network segment. An ARP request is sent to all devices on the Ethernet LAN and contains the IP address of the destination host and the multicast MAC address.
Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent of intercepting network traffic. On large networks with low bandwidth, multiple ARP broadcasts could cause data communication delays.
What are two potential network problems that can result from ARP operation? (Choose two.) Large numbers of ARP request broadcasts could cause the host MAC address table to overflow and prevent the host from communicating on the network. Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent of intercepting network traffic. Manually configuring static ARP associations could facilitate ARP poisoning or MAC address spoofing. On large networks with low bandwidth, multiple ARP broadcasts could cause data communication delays. Multiple ARP replies result in the switch MAC address table containing entries that match the MAC addresses of hosts that are connected to the relevant switch port. Navigation
ACLs provide a basic level of security for network access. ACLs can control which areas a host can access on a network.
What are two uses of an access control list? (Choose two.) ACLs assist the router in determining the best path to a destination. ACLs can permit or deny traffic based upon the MAC address originating on the router. Standard ACLs can restrict access to specific applications and ports. ACLs provide a basic level of security for network access. ACLs can control which areas a host can access on a network.
It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.
What is a characteristic of CybOX? It is the specification for an application layer protocol that allows the communication of CTI over HTTPS. It enables the real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector. It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations. It is a set of specifications for exchanging cyberthreat information between organizations.
Malware is contained in a seemingly legitimate executable program.
What is a characteristic of a Trojan horse as it relates to network security? Too much information is destined for a particular memory block, causing additional memory areas to be affected. Extreme quantities of data are sent to a particular network device interface. Malware is contained in a seemingly legitimate executable program. An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
a passive device that forwards all traffic and physical layer errors to an analysis device
What is a network tap? a passive device that forwards all traffic and physical layer errors to an analysis device a Cisco technology that provides statistics on packets flowing through a router or multilayer switch a technology used to provide real-time reporting and long-term analysis of security events a feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device
messages are kept in the mail server for a short time, but IMAP keeps them for a long time.
What is an advantage for small organizations of adopting IMAP instead of POP? When the user connects to a POP server, copies of the messages are kept in the mail server for a short time, but IMAP keeps them for a long time. Messages are kept in the mail servers until they are manually deleted from the email client. POP only allows the client to store messages in a centralized way, while IMAP allows distributed storage. IMAP sends and retrieves email, but POP only retrieves email.
Every device in a peer-to-peer network can function as a client or a server.
What is one difference between the client-server and peer-to-peer network models? A data transfer that uses a device serving in a client role requires that a dedicated server be present. A peer-to-peer network transfers data faster than a transfer using a client-server network. Every device in a peer-to-peer network can function as a client or a server. Only in the client-server model can file transfers occur.
Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have.
What is privilege escalation? Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have. A security problem occurs when high ranking corporate officials demand rights to systems or files that they should not have. Someone is given rights because she or he has received a promotion. Everyone is given full rights by default to everything and rights are taken away only when someone abuses privileges.
to allow users to browse the Internet anonymously
What is the purpose of Tor? to securely connect to a remote network over an unsecure link such as an Internet connection to allow users to browse the Internet anonymously to inspect incoming traffic and look for any that violates a rule or matches the signature of a known exploit to donate processor cycles to distributed computational tasks in a processor sharing P2P network
phishing
What technique is used in social engineering attacks? phishing man-in-the-middle sending junk email buffer overflow
The code has not been modified since it left the software publisher. The code is authentic and is actually sourced by the publisher.
What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.) The code has not been modified since it left the software publisher. The code contains no viruses. The code was encrypted with both a private and public key. The code is authentic and is actually sourced by the publisher. The code contains no errors.
methodology
Which meta-feature element in the Diamond Model classifies the general type of intrusion event? direction methodology phase results
192.168.5.29 172.17.254.4 10.234.2.1
Which three IP addresses are considered private addresses? (Choose three.) 192.168.5.29 172.68.83.35 10.234.2.1 172.17.254.4 128.37.255.6 198.168.6.18
Prime
Which tool can be used in a Cisco AVC system to analyze and present the application analysis data into dashboard reports? NetFlow IPFIX Prime NBAR2
A virus can be dormant and then activate at a specific time or date. A virus typically requires end-user activation.
Which two statements are characteristics of a virus? (Choose two.) A virus can be dormant and then activate at a specific time or date. A virus provides the attacker with sensitive data, such as passwords. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus typically requires end-user activation.
If a private key is used to encrypt the data, a public key must be used to decrypt the data. If a public key is used to encrypt the data, a private key must be used to decrypt the data.
Which two statements describe the use of asymmetric algorithms? (Choose two.) If a private key is used to encrypt the data, a public key must be used to decrypt the data. Public and private keys may be used interchangeably. If a public key is used to encrypt the data, a public key must be used to decrypt the data. If a public key is used to encrypt the data, a private key must be used to decrypt the data. If a private key is used to encrypt the data, a private key must be used to decrypt the data.
by frequency
Refer to the exhibit. A cybersecurity analyst is using Sguil to verify security alerts. How is the current view sorted? by source IP by frequency by sensor number by date/time
