Practice Final Exam
Based on the command output shown, which file permission or permissions have been assigned to the other user group for the data.txt file?
-rwxrw-r-- sales staff 1028 May 28 15:50 data.txt read only
What is the prefix length notation for the subnet mask 255.255.255.224?
27
Which three algorithms are designed to generate and verify digital signatures? (Choose three.)
3DES DSA ECDSA
After complaints from users, a technician identifies that the college web server is running very slowly. A check of the server reveals that there are an unusually large number of TCP requests coming from multiple locations on the Internet. What is the source of the problem?
A DDoS attack is in progress.
What is the goal of an attack in the installation phase of the Cyber Kill Chain?
Create a back door in the target system to allow for future access.
An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?
DHCP spoofing
How is the event ID assigned in Sguil?
Each event in the series of correlated events is assigned a unique ID.
What are two differences between HTTP and HTTP/2? (Choose two.)
HTTP/2 uses a compressed header to reduce bandwidth requirements. HTTP/2 uses multiplexing to support multiple streams and enhance efficiency
What kind of ICMP message can be used by threat actors to perform network reconnaissance and scanning attacks?
ICMP unreachable
Why is DHCP preferred for use on large networks?
It is a more efficient way to manage IP addresses than static address assignment.
Which two actions can be taken when configuring Windows Firewall? (Choose two.)
Manually open ports that are required for specific applications. Allow a different software firewall to control access.
What is indicated by a true negative security alert classification?
Normal traffic is correctly ignored, and erroneous alerts are not being issued.
Which two statements describe access attacks? (Choose two.)
Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.
Which two types of network traffic are from protocols that generate a lot of routine traffic? (Choose two.)
STP traffic and routing traffic updates
A flood of packets with invalid source IP addresses requests a connection on the network. The server busily tries to respond, resulting in valid requests being ignored. What type of attack has occurred?
TCP SYN flood
Which two protocols are associated with the transport layer? (Choose two.)
TCP and UDP
What are two problems that can be caused by a large number of ARP request and reply messages? (Choose two.)
The ARP request is sent as a broadcast, and will flood the entire subnet. All ARP request messages must be processed by all nodes on the local network.
If the default gateway is configured incorrectly on the host, what is the impact on communications?
The host is unable to communicate with hosts on remote networks.
Which statement describes a typical security policy for a DMZ firewall configuration?
Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
When a connectionless protocol is in use at a lower layer of the OSI model, how is missing data detected and retransmitted if necessary?
Upper-layer connection-oriented protocols keep track of the data received and can request retransmission from the upper-level protocols on the sending host.
Which network monitoring tool saves captured network frames in PCAP files?
Wireshark
What three services are offered by FireEye? (Choose three.)
blocks attacks across the web creates firewall rules dynamically identifies and stops email threat vectors
what are two shared characteristics of IDS and IPS
both are deployed as sensors, and both use signatures to detect malicious network traffic
In an attempt to prevent network attacks, cyber analysts share unique identifiable attributes of known attacks with colleagues. What three types of attributes or indicators of compromise are helpful to share? (Choose three.)
changes made to end system software features of malware files IP addresses of attack servers
What are the three impact metrics contained in the CVSS 3.0 Base Metric Group? (Choose three.)
confidentiality integrity availability
Which type of evidence supports an assertion based on previously obtained evidence?
corroborating evidence
A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure?
data integrity
What are the two important components of a public key infrastructure (PKI) used in network security? (Choose two.)
digital certificates and certificate authority
A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.)
encryption for all communication and separate processes for authentication and authorization
What are two elements that form the PRI value in a syslog message? (Choose two.)
facility and severity
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
identification and authentication policy
Which two types of messages are used in place of ARP for address resolution in IPv6? (Choose two.)
neighbor solicitation neighbor advertisement
Which protocol is used by the traceroute command to send and receive echo-requests and echo-replies?
neighbor solicitation and router advertisement
At which OSI layer is a source IP address added to a PDU during the encapsulation process?
network layer
Users report that a database file on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
ransomeware
What is the TCP mechanism used in congestion avoidance
sliding window
What is the TCP mechanism used in congestion avoidance?
sliding window
which three pieces of information are found in session data
source and destination port number source and destination IP address Layer 4 protocol
What are two monitoring tools that capture network traffic and forward it to network monitoring devices? (Choose two.)
span and network tap
A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element?
the IP addresses or the logical location of essential systems or data
What are three benefits of using symbolic links over hard links in Linux? (Choose three.)
they can link to a directory they can link to a file in a different file system they can show the location of the original file
Which statement describes the state of the administrator and guest accounts after a user installs Windows desktop version to a new computer?
to check if the DNS service is running
What is the most common goal of search engine optimization (SEO) poisoning?
to increase web traffic to malicious sites
Which network monitoring tool is in the category of network protocol analyzers?
wireshark
