267ist
Which organization is an international nonprofit organization that offers the CISSP certification?
(ISC)2
used by Debian and Ubuntu computers and stores all authentication-related events
/var/log/auth.log
stores information related to hardware devices and their drivers
/var/log/dmesg
contains generic computer activity logs, and is used to store informational and noncritical system messages
/var/log/messages
used by RedHat and CentOS computers and tracks authentication-related events
/var/log/secure
Refer to the exhibit. What is the destination MAC address of the Ethernet frame as it leaves the web server if the final destination is PC1?
00-60-2F-3A-07-CC
A client application needs to terminate a TCP communication session with a server. Place the termination process steps in the order that they will occur
1. client sends FIN 2. server sends ACK 3. server sends FIN 4. client sends ACK
What port number would be used if a threat actor was using NTP to direct DDoS attacks?
123
A system analyst is reviewing syslog messages and notices that the PRI value of a message is 26. What is the severity value of the message?
2
What is the most compressed representation of the IPv6 address 2001:0000:0000:abcd:0000:0000:0000:0001?
2001:0:0:abcd::1
Refer to the exhibit. Which well-known port number is used by the server?
22
How much RAM is addressable by a 32-bit version of Windows?
4GB
What is the well-known port address number used by DNS to serve requests?
53
Which statement describes the use of certificate classes in the PKI?
A class 5 certificate is more trustworthy than a class 4 certificate
What are two uses of an access control list?
ACLs provide a basic level of security for network access ACLs can control which areas a host can access on a network
Which file system is the primary file system used by Apple in current Macintosh computers?
APFS
Which two methods does Linux use to log data in order to identify a security event?
Apachhe access logs syslog
How does BYOD change the way in which businesses implement networks?
BYOD provides flexibility in where and how users can access network resources
How can a user prevent specific applications from accessing a Windows computer over a network?
Block specific TCP or UDP ports in Windows Firewall
Which organization offers the vendor-neutral CySA+ certification?
CompTia
Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN?
DH
Which encryption algorithm is an asymmetric algorithm?
DH
What three application layer protocols are part of the TCP/IP protocol suite? (choose 3)
DHCP DNS FTP
Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a DHCP server?
DHCPREQUEST
Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?
DNS
Which three algorithms are designed to generate and verify digital signatures?
DSA ECDSA RSA
A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?
Delete the file because it is probably malware
Which type of security attack would attempt a buffer overflow?
DoS
upgraded firmware that stores boot code in the firmware
EFI
a legacy file system
FAT32
Which technology is used in Cisco Next-Generation IPS devices to consolidate multiple security layers into a single platform?
FirePOWER
Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?
GRE
A Linux administrator will use either the CLI or ___ the when communicating with the operating system.
GUI
Which working environment is more user-friendly?
GUI
A company is developing a security policy to ensure that OSPF routing updates are authenticated with a key. What can be used to achieve the task?
HMAC
Which statement is a feature of HMAC?
HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance
Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server?
HTTP HTTPS
How does using HTTPS complicate network security monitoring?
HTTPS adds complexity to captured packets
In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?
HTTPS traffic enables end-to-end encryption
What specialized network device uses signatures to detect patterns in network traffic?
IDS
What are two types of addresses found on network end devices?
IP MAC
uses signatures to detect patterns in network traffic
IPS
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
IPsec
What is the purpose of a digital certificate?
It authenticates a website and establishes a secure connection to exchange confidential data
What is a host-based intrusion detection system (HIDS)?
It combines the functionalities of antimalware applications with firewall protection.
What is a feature of the TACACS+ protocol?
It encrypts the entire body of the packet for more secure communications
Which statement describes cyberwarfare?
It is Internet-based conflict that involves the penetration of information systems of other nations
What name is given to hackers who hack for a politcal or social cause?
It is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business
Which statement describes session data in security logs?
It is a record of a conversation between network hosts.
What is cyberwarfare?
It is an attack designed to disrupt, corrupt, or exploit national interests.
Which statement describes statistical data in network security monitoring processes?
It is created through an analysis of other forms of network data
Which statement describes a feature of timestamps in Linux?
It is easier to work with Unix Epoch timestamps for addition and subtraction operations
Refer to the exhibit. Consider the IP address configuration shown from PC1. What is a description of the default gateway address?
It is the IP address of the Router1 interface that connects the PC1 LAN to Router1
Which statement describes the threat-vulnerability (T-V) pairing?
It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
What is the purpose of mobile device management (MDM) software?
It is used to implement security policies, setting, and software configurations on mobile devices
Which function is provided by the Sguil application?
It makes Snort-generated alerts readable and searchable
What is true concerning physical and logical topologies?
Logical topologies refer to how a network transfers data between devices
NTFS-generated timestamps for file activity
MACE
What contains information on how hard drive partitions are organized?
MBR
stores information about how the file system is organized
MBR
What is a characteristic of a Trojan horse as it relates to network security?
Malware is contained in a seemingly legitimate executable program
How might corporate IT professionals deal with DNS-based cyber threats?
Monitor DNS proxy server logs and look for unusual DNS queries
Why do IoT devices pose a greater risk than other computing devices on a network?
Most IoT devices do not receive frequent firmware updates
Which two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data?
NBA NBAD
most common file system
NTFS
What are two advantages of the NTFS file system compared with FAT32?
NTFS supports larger files. NTFS provides more security features
Which network service synchronizes the time across all devices on the network?
NTP
Which protocol or service is used to automatically synchronize the software clocks on Cisco routers?
NTP
Which two statements are true about NTP servers in an enterprise network?
NTP servers at stratum 1 are directly connected to an authoritative time source. NTP servers ensure an accurate time stamp on logging and debugging information
What is a potential risk when using a free and open wireless hotspot in a public location?
Network traffic might be hijacked and information stolen
What are two methods to maintain certificate revocation status?
OCSP CRL
end devices
PC printer smart device
What is the service framework that is needed to support large-scale public key-based technologies?
PKI
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
PKI certificates
Which type of tool is used by a Linux administrator to attack a computer or network to find vulnerabilities?
PenTesting
A user creates a file with .ps1 extension in Windows. What type of file is it?
Power shell script
Which statement describes a difference between RADIUS and TACACS+?
RADIUS encrypts only the password whereas TACACS+ encrypts all communication
Refer to the exhibit. PC1 issues an ARP request because it needs to send a packet to PC3. In this scenario, what will happen next?
RT1 will send an ARP reply with its own Fa0/0 MAC address.
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
Ransomware
A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?
Right-click the application and choose Run as Administrator
Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
SEAL is a stream cipher
A security specialist is tasked to ensure that files transmitted between the headquarters office and the branch office are not altered during transmission. Which two algorithms can be used to achieve this task?
SHA-1 MD5
Which protocol is used to send e-mail messages between two servers that are in different e-mail domains?
SMTP
Which network service allows administrators to monitor and manage network devices?
SNMP
Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured?
SSID
Two pings were issued from a host on a local network. The first ping was issued to the IP address of the default gateway of the host and it failed. The second ping was issued to the IP address of a host outside the local network and it was successful. What is a possible cause for the failed ping?
Security rules are applied to the default gateway device, preventing it from processing ping requests
In threat intelligence communications, what set of specifications is for exchanging cyberthreat information between organizations?
Structured threat information expression (STIX)
What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?
Stuxnet
Refer to the exhibit. A junior network engineer is handed a print-out of the network information shown. Which protocol or service originated the information shown in the graphic?
Syslog
Which statement is true about the TCP/IP and OSI models?
The TCP/IP transport layer and OSI Layer 4 provide similar services and functions.
Which statement is true about FTP?
The client can download data from or upload data to the server
A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors?
The computer freezes and requires reboots. The computer gets increasingly slower to respond
What are two properties of a cryptographic hash function?
The hash function is one way and irreversible The output is fixed length
If the default gateway is configured incorrectly on the host, what is the impact on communications?
The host can communicate with other hosts on the local network, but is unable to communicate with hosts on remote networks
What is the outcome when a Linux administrator enters the man man command?
The man man command provides documentation about the man command
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
The users must obtain the certificate of the CA and then their own certificate
What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?
There is a problem associated with NTP
In what way are zombies used in security attacks?
They are infected machines that carry out a DDoS attack
Which statement best describes a motivation of hacktivists?
They are part of a protest group behind a political cause.
Which two statements describe the characteristics of symmetric algorithms?
They are referred to as a pre-shared key or secret key. They are commonly used with VPN traffic.
Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?
Tier 1 personnel
Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?
Tier 3 SME
Refer to the exhibit. How is the traffic from the client web browser being altered when connected to the destination website of www.cisco.com?
Traffic is encrypted by the user machine, and the TOR network encrypts next-hop information on a hop-by-hop basis
What technology was created to replace the BIOS program on modern personal computer motherboards?
UEFI
What is the principle of least privilege access control model?
Users are granted rights on an as-needed approach
Which device can control and manage a large number of corporate APs?
WLC
A short name of the X Window System is
X
After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
a SME for further investigation
What is a daemon?
a background process that runs without the need for user interaction
process
a currently executing program
exploit
a mechanism used to compromise an asset
What is a botnet?
a network of infected computers that are controlled as a group
What is a ping sweep?
a network scanning technique that indicates the live hosts in a range of IP addresses
threat
a potential danger to an asset
daemon
a running background process that does not need user interaction
What is Tor?
a software platform and network of P2P hosts that function as Internet routers
What role does an RA play in PKI?
a subordinate CA
symlink
a type of file that is a reference to another file or directory
What is a significant characteristic of virus malware?
a virus is triggered by an event on the host system
vulnerability
a weakness in a system
What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
acceptable use policies
An ___ permits or denies traffic through a router based on specific defined criteria
access list
Which three services are provided by the AAA framework?
accounting authorization authentication
What is the function of the distribution layer of the three-layer network design model?
aggregating access layer connections
SOC Processes
alert investigate monitor
What would be displayed if the netstat -abno command was entered on a Windows PC?
all active TCP and UDP connections, their current state, and their associated process ID (PID)
a method of adding information to an NTFS-based file
alternate data streams
What are the three major components of a worm attack?
an enabling vulnerability a probing mechanism a payload
filters traffic on Layer 7 information
application gateway
If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would be considered within its goal?
approximately 5 minutes per year
In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks?
assets that need protection threats to assets vulnerabilities in the system
What causes a buffer overflow?
attempting to write more data to a memory location than that location can hold
Which AAA component can be established using token cards?
authentication
Which technology provides the framework to enable scalable access security?
authentication, authorization, and accounting
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?
authorization
What service determines which resources a user can access along with the operations that a user can perform?
authorization
What does the TACACS+ protocol provide in a AAA deployment?
authorization on a per-user or per-group basis
Which type of startup must be selected for a service that should run each time the computer is booted?
automatic
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
availability
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
behavior-based
What is the focus of cryptanalysis?
breaking encrypted codes
Which message delivery option is used when all devices need to receive the same message simultaneously?
broadcast
Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?
brute force attack
How can a security information and event management system in a SOC be used to help personnel fight against security threats?
by collecting and filtering data
What are two ways that ICMP can be a security threat to a company?
by collecting information about a network by providing a conduit for DoS attacks
How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?
by combining data from multiple technologies
How does a web proxy device provide data loss prevention (DLP) for an enterprise?
by scanning and logging outgoing traffic
What is a benefit of Linux being an open source operating system?
can be modified and then recompiled
changes the current directory
cd
What are the two important components of a public key infrastructure (PKI) used in network security?
certificate authority digital certificates
Which wireless parameter refers to the frequency bands used to transmit data to a wireless access point?
channel settings
Which type of Windows PowerShell command performs an action and returns an output or object to the next command that will be executed?
cmdlets
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
confidentiality
Which types of files are used to manage services in a Linux system?
configuration files
What is a function of a proxy firewall?
connects to remote servers on behalf of clients
A process that runs in the background without the need for user interaction is known as a
daemon
SOC technologies
database log sensor
registry
database of hardware, software, users, and settings
The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message?
defend the castle
security
defines system requirements and objectives, rules, and requirements for users when they attach to or on the network
What addresses are mapped by ARP?
destination MAC address to a destination IPv4 address
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?
digital signature
lists files in a directory
dir
automatically added when an interface is configured and active
directly connected interface
A Cisco router is running IOS 15. What are the two routing table entry types that will be added when a network administrator brings an interface up and assigns an IP address to the interface?
directly connected interface local route interface
What is the motivation of a white hat attacker?
discovering weaknesses of networks and systems to improve the security level of these systems
The ___ layer of the three-layer network design model aggregates data from the access layer.
distribution
Which layer of the hierarchical design model is a control boundary between the other layers?
distribution
added when a protocol such as OSPF or EIGRP discovers a route
dynamic route
Which device is usually the first line of defense in a layered defense-in-depth approach?
edge router
How can IMAP be a security threat to a company?
email can be used to bring malware to a host
Which method is used to make data unreadable to unauthorized users?
encrypt the data
What are two evasion methods used by hackers?
encryption resource exhaustion
Which two methods can be used to harden a computing device? (Choose two.)
enforce the password history mechanism ensure physical security
Which Linux file system introduced the journaled file system, which can be used to minimize the risk of file system corruption in the event of a sudden power loss?
ext3
supports increased file sizes
ext4
A standard ACL filters network traffic based on the destination MAC address.
false
For ease of administration, it is recommended that the Everyone group in Windows have Full Control permissions.
false
In a star LAN topology, every end system must be connected to every other end system
false
In a star LAN topology, every end system must be connected to every other end system. T/F
false
The Linux GUI is the same across different distributions.
false
Consider the path representation in Windows CLI C:\Users\Jason\Desktop\mydocu.txt. What does the Users\Jason component represent?
file directory and subdirectory
Why is Linux considered to be better protected against malware than other operating systems?
file system structure, file permissions, and user account restrictions
What specialized network device is responsible for enforcing access control policies between networks?
firewall
Which device is an intermediary device?
firewall
For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?
firewall settings
Which method can be used to harden a computing device?
force periodic password changes
What is the method employed by a Linux kernel to create new processes for multitasking of a process?
forking
What are the three core functions provided by the Security Onion?
full packet capture
Which two user accounts are automatically created when a user installs Windows to a new computer?
guest administrator
Which type of hacker is motivated to protest against political and social issues?
hacktivist
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
identification and authentication policy
employee
identifies salary, pay schedule, benefits, work schedule, vacations, etc
Which two areas must an IT security person understand in order to identify vulnerabilities on a network?
important applications used hardware used by applications
What are two benefits of using an ext4 partition instead of ext3?
improved performance increase in the size of supported files
Where are the settings that are chosen during the installation process stored?
in the Registry
thread
instructions executed by the processor
What three items are components of the CIA triad?
integrity availability confidentiality
tier 2
involved in deep investigation and advises remediation
A technician is troubleshooting a PC unable to connect to the network. What command should be issued to check the IP address of the device?
ipconfig
What is the purpose of a Linux package manager?
it is used to install an application
What function is provided by the Windows Task Manager?
it provides information on system resources and processes
minimizes file corruption risk in the even of power loss
journaling
Which Linux command is used to manage processes?
kill
Which OSI layer header is rewritten with new addressing information by a router when forwarding between LAN segments?
layer 2
found only in routers running IOS 15+ or IPV6 routing
local route interface
An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?
man in the middle
Which two services are provided by security operations centers?
managing comprehensive threat solutions monitoring network security threats
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?
mandatory access control (MAC)
In a Cisco AVC system, in which module is NetFlow deployed?
metrics collection
creates a new directory
mkdir
tier 1
monitors incoming alerts and creates tickets
The process of assigning a directory to a partition is known as
mounting
Which net command is used on a Windows PC to establish a connection to a shared directory on a remote server?
net use
Which two OSI model layers have the same functionality as two layers of the TCP/IP model?
network transport
Which three services are provided through digital signatures?
nonrepudiation authenticity integrity
A technician can ping the IP address of the web server of a remote company but cannot successfully ping the URL address of the same web server. Which software utility can the technician use to diagnose the problem?
nslookup
Which command is used to manually query a DNS server to resolve a specific host name?
nslookup
Which two commands could be used to check if DNS name resolution is working properly on a Windows PC?
nslookup cisco.com ping cisco.com
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
origin authentication
An application ___ is a specific program and all its supported files.
package
Which type of tool allows administrators to observe and understand every detail of a network transaction?
packet capture software
enforces an access control policy based on packet content
packet filter firewall
What term is used to describe a logical drive that can be formatted to store data?
partition
For which discovery mode will an AP generate the most traffic on a WLAN?
passive mode
Which wireless parameter is used by an access point to broadcast frames that include the SSID?
passive mode
Which two features are included by both TACACS+ and RADIUS protocols?
password encryption utilization of transport layer protocols
What term is used for operating system updates?
patches
Which information can be provided by the Cisco NetFlow utility?
peak usage times and traffic routing
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
phishing
What are three techniques used in social engineering attacks? (choose 3)
phishing vishing pretexting
Which term is used to describe a running instance of a computer program?
process
hardening
protecting remote access
company
protects the rights of workers and the company interests
handle
provides access needed by the user space process
Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?
proxy
Which Linux command can be used to display the name of the current working directory?
pwd
Which Linux component would be used to access a short list of tasks the application can perform?
quicklist
A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?
ransomware
Users report that a database file on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
ransomware
Consider the result of the ls -l command in the Linux output below. What are the group file permissions assigned to the analyst.txt file? ls -l analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
read, write
Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file? ls -l analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
read, write, execute
When a user makes changes to the settings of a Windows system, where are these changes stored?
registry
renames a file
ren
When a ___ security policy is implemented on a firewall, only certain required ports are opened. The rest are closed
restrictive
In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
risk avoidance
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
risk reduction
Which user can override file permissions on a Linux computer?
root user
What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed?
rootkit
service
runs in the background to support the operating system and applications
A senior citizen receives a warning on the computer that states that the operating system registry is corrupt and to click a particular link to repair it. Which type of malware is being used to try to create the perception of a computer threat to the user?
scareware
What name is given to an amateur hacker?
script kiddie
Which Windows log records events related to login attempts and operations related to file or object access?
security logs
Which Windows log contains information about installations of software, including Windows updates?
setup logs
What is the only attribute used by standard access control lists to identify traffic?
source IP address
What information does an Ethernet switch examine and use to build its address table?
source MAC address
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
spear phishing
ARP _____ is a technique that is used to send fake ARP messages to other hosts in the LAN. The aim is to associate IP addresses to the wrong MAC addresses.
spoofing
Which security threat installs on a computer without the knowledge of the user and then monitors computer activity?
spyware
What type of physical topology can be created by connecting all Ethernet cables to a central device?
star
Which LAN topology requires a central intermediate device to connect end devices?
star
filters traffic based on defined rules as well as connection context
stateful firewall
A ___ route is created when a network administrator manually configures a route and the exit interface is active
static
manually configured by a network administrator
static route
tier 3
subject matter expert. involved in threat hunting.
Which command can be utilized to view log entries of NGINX system events in real time?
sudo journalctl -u nginx.service -f
provides hard drive space that holds inactive RAM content
swap file system
intermediary devices
switch firewall router
Which protocol or service allows network administrators to receive system messages that are provided by network devices?
syslog
What utility is available on a Windows PC to view current running applications and processes?
task manager
What utility is used to show the system resources consumed by each user?
task manager
A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?
terminal emulator
Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
the administrator has more control over the operating system
Which two things can be determined by using the ping command?
the average time it takes a packet to reach the destination and for the response to return to the source. the destination device is reachable through the network
What information within a data packet does a router use to make forwarding decisions?
the destination ip address
An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service?
the digital signatures
When implementing keys for authentication, if an old key length with 4 bits is increased to 8 bits, which statement describes the new key space?
the key space is increased by 15 times
risk
the likelihood of undesireable consequences
Refer to the exhibit. A network administrator is reviewing an Apache access log message. What is the status of the access request by the client?
the request was fulfilled successfully
How is a server different from a workstation computer?
the server is designed to provide services to clients
Which three technologies should be included in a SOC security information and event management system?
threat intelligence event collection, correlation, and analysis security monitoring
Which three technologies should be included in a SOC security information and event management system? (Choose three.)
threat intelligence log management security monitoring
In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?
ticketing system
The term cyber operations analyst refers to which group of personnel in a SOC?
tier 1 personnel
What are two reasons for entering the ping 127.0.0.1 command on a Windows PC?
to check if the NIC functions as expected to check if the TCP/IP protocol suite is installed properly
What is the purpose of entering the netsh command on a Windows PC?
to configure networking parameters for the PC
What is the role of an IPS?
to detect patterns of malicious traffic by the use of signature files
Why would a rootkit be used by a hacker?
to gain access to a device without being detected
What is the primary goal of a DoS attack?
to prevent the target server from being able to handle additional requests
What is the main purpose of the X Window System?
to provide a basic framework for a GUI
What is a main purpose of launching an access attack on network systems?
to retrieve data
What are two reasons for entering the ipconfig command on a Windows PC?
to review the network configuration on the PC to review the status of network media connections
What is the purpose of using the net accounts command in Windows?
to review the settings of password and logon requirements for users
What are two purposes of launching a reconnaissance attack on a network? (choose two)
to scan for accessibility to gather information about the network and devices
What is a purpose of apt-get commands?
to update the operating system
Which two Linux commands might be used before using the kill command? (Choose two.)
top ps
What OSI layer is responsible for establishing a temporary communication session between two applications and ensuring that transmitted data can be reassembled in proper sequence?
transport
A WLAN frame sent by a wireless client is formatted differently than a wired Ethernet frame. T/F
true
penetration testing
used to determine the possible consequences of successful attacks on the network
network scanning
used to discover available resources on the network
vulnerability scanning
used to find weaknesses and misconfigurations on network systems
WMI
used to manage remote computers
Because the company uses discretionary access control (DAC) for user file management, what feature would need to be supported on the server?
user-based access control
A ___ is a flaw or weakness in a computer operating system that can be exploited by an attacker
vulnerability
Which Windows version was the first to introduce a 64-bit Windows operating system?
windows xp
What type of malware has the primary objective of spreading across the network?
worm