B.3.5

You want to create an ACL statement that allows traffic from any network. Which network address and wildcard mask value should you use? 0.0.0.0 0.0.0.0 255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 255.255.255.255

0.0.0.0 255.255.255.255

You are configuring ACLs on a router, and you want to deny traffic being sent to the 10.10.16.0/21 network. Which wildcard mask should you use with the access-list statement? 0.0.0.255 0.0.7.255 255.255.255.* 255.255.248.0

0.0.7.255

Which of the following numbering ranges are used by extended ACLs? (Select two.) 1-99 1300-1999 1000-1999 200-269 2000-2699 100-199

2000-2699 100-199

Which of the following specifications identifies security that can be added to wireless networks? (Select two.) 802.5 802.3 802.1x 802.11i 802.2 802.11a

802.1x 802.11i

Which of the following best describes an antivirus sensor system? Analyzing malware by running and observing its behavior and effects. A collection of software that detects and analyzes malware. Analyzing malware's code to understand its purpose without running it. Software that is used to protect a system from malware infections.

A collection of software that detects and analyzes malware.

Which of the following best describes a DoS attack? A hacker overwhelms or damages a system and prevents users from accessing a service. A hacker penetrates a system by using every character, word, or letter to gain access. A hacker attempts to impersonate an authorized user by stealing the user's token. A hacker intercepts traffic between two systems to gain access to a system.

A hacker overwhelms or damages a system and prevents users from accessing a service.

Which of the following describes a session ID? The source IP address of an encrypted packet sent from a server to a client. A unique token that a server assigns for the duration of a client's communications with the server. The destination IP address of an encrypted packet sent from a server to a client. The symmetric key used to encrypt and decrypt communications between a client and a server.

A unique token that a server assigns for the duration of a client's communications with the server.

The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests? -n -f -l -a

-n

A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ASCII output only. Which of the following tcpdump options will achieve this output? -I port 443 -W port 443 -A port 443 -X port 443

-X port 443

Which of the following is considered the strongest encryption method? ESS WEP AES TKIP

AES

The Stuxnet worm was discovered in 2010 and was used to gain sensitive information about Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet? Logic bomb Trojan horse Virus APT

APT

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network? Port mirroring ARP poisoning MAC flooding MAC spoofing

ARP poisoning

Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what he has done? Active hijacking Passive hijacking Cross-site scripting Session sniffing

Active hijacking

Which of the following cryptography attacks is characterized by the attacker making a series of interactive queries and choosing subsequent plain texts based on the information from the previous encryption? Known plain text Chosen ciphertext Chosen plain text Adaptive chosen plain text

Adaptive chosen plain text

Which of the following describes how ACLs can improve network security? An ACL filters traffic by the frame header such as source or destination MAC address. An ACL filters traffic by the IP header information such as source or destination IP address, protocol, or socket numbers. An ACL looks for patterns of traffic between multiple packets and takes action to stop detected attacks. An ACL identifies traffic that must use authentication or encryption.

An ACL filters traffic by the IP header information such as source or destination IP address, protocol, or socket numbers.

An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use? Only routers and switches on the internet can be hacked. Only servers and workstations on the intranet can be hacked. Only servers and routers on the internet can be hacked. Any device that can communicate over the intranet can be hacked.

Any device that can communicate over the intranet can be hacked.

ARP poisoning is occurring, as indicated by the duplicate response IP address.

As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning? ARP poisoning is occurring, as indicated by the duplicate response IP address. No ARP poisoning is occurring. ARP poisoning is occurring, as indicated by the short time interval between ARP packets. ARP poisoning is occurring, as indicated by the multiple Who Has packets being sent.

Which of the following best describes the key difference between DoS and DDoS? The target server cannot manage the capacity. Attackers use numerous computers and connections. Sends a large number of legitimate-looking requests. Results in the server being inaccessible to users.

Attackers use numerous computers and connections.

Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine? Construction kit Dropper Wrapper Server

Dropper

Creating an area of the network where offending traffic is forwarded and dropped is known as _________? Reverse proxy Black hole filtering Enable router throttling Anti-spoofing

Black hole filtering

You work for a company that is implementing symmetric cryptography to process payment applications, such as card transactions, where personally identifiable information (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data? Steganography Stream Block Cryptanalysis

Block

Which of the following laws regulates emails? CFAA CAN-SPAM Act HIPAA USA Patriot Act

CAN-SPAM Act

Which of the following are all network sniffing tools? Ettercap, Ufasoft snif, and Shark WinDump, KFSensor, and Wireshark Cain and Abel, Ettercap, and TCPDump Ufasoft snif, TCPDump, and Shark

Cain and Abel, Ettercap, and TCPDump

A small business called Widgets, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following using a wireless network locator device: Widgets, Inc. uses an 802.11n wireless network. The wireless network is broadcasting the SID Linksys. The wireless network uses WPA2 with AES security. Directional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security? (Select two.) Change the SSID to something other than the default. Disable SSID broadcast. Upgrade to an 802.11g wireless network. Implement omnidirectional access points. Configure the wireless network to use WPA with TKIP security.

Change the SSID to something other than the default. Disable SSID broadcast.

You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings? Disabling SSID broadcast Disabling DHCP Changing the default administrative password Implementing MAC address filtering

Changing the default administrative password

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting ciphertext. Which of the following cryptographic attacks is being used? Chosen ciphertext Brute force Known plain text Chosen plain text

Chosen plain text

Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use? ClamAV Bitdefender Kaspersky Avira

ClamAV

Which of the following best describes the process of using prediction to gain session tokens in an Application-level hijacking attack? Collect several session IDs that have been used before and then analyze them to determine a pattern. Obtain a user's HTTP cookies to collect session IDs embedded within the file to gain access to a session. Convince the victim system that you are the server so you can hijack a session and collect sensitive information. Review a user's browsing history to enter a previously used URL to gain access to an open session.

Collect several session IDs that have been used before and then analyze them to determine a pattern.

Two common AAA server solutions are RADIUS and TACACS+. Match the AAA server solutions on the left with the appropriate descriptions on the right. (Each server solution may be used more than once.)

Combines authentication, authorization, and accounting RADIUS Uses TCP port 49 TACACS+ Does not transmit passwords in clear text between the client and the server RADIUS Provides three protocols, one each for authentication, authorization, and accounting TACACS+ Encrypts the entire packet contents, not just authentication packets TACACS+ Uses UDP ports 1812 and 1813 and can be vulnerable to buffer overflow attacks RADIUS

Which of the following are benefits a VPN provides? (Select two.) Easy setup Faster connection Compatibility Cost savings

Compatibility Cost savings

You have just installed a wireless access point (WAP) for your organization's network. You know that the radio signals used by the WAP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network. Which of the following steps will BEST protect the wireless network? (Select TWO. Each option is a complete solution.) Disable SSID broadcast on the WAP. Configure the WAP to filter unauthorized MAC addresses. Disable the spread-spectrum radio signal feature on the WAP. Use the WAP's configuration utility to reduce the radio signal strength. Install a radio signal jammer at the perimeter of your organization's property. Implement a WAP with a shorter range.

Configure the WAP to filter unauthorized MAC addresses. Use the WAP's configuration utility to reduce the radio signal strength.

Kathy doesn't want to purchase a digital certificate from a public certificate authority, but needs to establish a PKI in her local network. Which of the follow actions should she take? Ensure all HTTP traffic uses port 443. Enable synchronous encryption in her network. Request a certificate from GoDaddy. Create a local CA and generate a self-signed certificate.

Create a local CA and generate a self-signed certificate.

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.) SSL L2TP EPS ESP AH

ESP AH

Your router currently has two ACLs: One list denies SAP broadcasts and allows all other traffic. This list is applied to outbound traffic on Serial0. The second list denies Telnet traffic and allows all other traffic. This list is applied to inbound traffic on Serial1. You also want to restrict all outbound traffic sent through Serial0 from network 192.168.2.0/24. How should you configure ACLs on the router to meet all current and new requirements with as little effort as possible? Create a new ACL that denies traffic from network 192.168.2.0/24 and permits all other traffic. Apply the ACL to the Serial0 interface for outbound traffic. Add a statement to the first ACL to restrict traffic from network 192.168.2.0/24 (in addition to restricting SAP broadcast traffic). Add a statement to the second ACL to restrict traffic from network 192.168.2.0/24 (in addition to restricting Telnet traffic). Create a new ACL that denies traffic from network 192.168.2.0/24, denies SAP broadcast traffic, and permits all other traffic. Apply the ACL to the Serial0 interface for outbound traffic.

Create a new ACL that denies traffic from network 192.168.2.0/24 and permits all other traffic. Apply the ACL to the Serial0 interface for outbound traffic.

You have configured a wireless access point to create a small network. You have configured all necessary parameters. Wireless clients seem to take a long time to find the wireless access point. You want to reduce the time it takes for the clients to connect. What should you do? Enable SSID broadcast. Decrease the beacon interval. Create a wireless profile on the client. Change the channel on the access point to a lower number.

Decrease the beacon interval.

IPSec uses which method for key exchange? Tunnel Mode SSL Diffie-Hellman Rivest-Shamir-Adleman

Diffie-Hellman

Which of the following measures will make your wireless network less visible to the casual attacker? Change the default SSID. Disable SSID broadcast. Implement WPA2 Personal. Use a form of authentication other than Open authentication. Implement MAC address filtering.

Disable SSID broadcast.

You are a security consultant. You've been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a smart card reader. Network jacks are located in the reception area so employees and vendors can access the company network for work-related purposes. Users within the secured work area are trained to lock their workstations if they will leave them for any period of time. Which of the following recommendations would you MOST likely make to this organization to increase their security? Replace the smart card reader with a key code lock. Disable the switch ports connected to the network jacks in the reception area. Move the receptionist's desk into the secured area. Require users to use screensaver passwords.

Disable the switch ports connected to the network jacks in the reception area.

In addition to AH, IPsec is composed of which other service? Extended Authentication Protocol (EAP) Encapsulating Security Payload (ESP) Advanced Encryption Standard (AES) Encryption File System (EFS)

Encapsulating Security Payload (ESP)

Which IPsec subprotocol provides data encryption? Advanced Encryption Standard (AES) Authentication Header (AH) Secure Sockets Layer (SSL) Encapsulating Security Payload (ESP)

Encapsulating Security Payload (ESP)

Which of the following features is supplied by WPA2 on a wireless network? (Select two.) Encryption Refusal of client connections based on MAC address Identification of the network Centralized access for clients Filtering of traffic based on packet characteristics Authentication

Encryption Authentication

Match the malware detection methods on the left with the description on the right.

Establishes a baseline of the system and will alert the user if any suspicious system changes occur. Integrity checking Is mainly used against logic bombs and Trojans. Interception Works well against polymorphic and metamorphic viruses. Code emulation Aids in detecting new or unknown malware. Heuristic analysis Could have live system monitoring to immediately detect malware. Scanning

Which of the following describe the attributes that extended ACLs can use to filter network traffic? (Select two.) Extended ACLs can only filter network traffic based on source socket number. Extended ACLs can only be used to permit network traffic, not to deny it. Extended ACLs can only filter network traffic based on source hostname or host IP address. Extended ACLs can filter network traffic based on destination hostname or host IP address. Extended ACLs can filter network traffic based on source protocol (i.e., IP, TCP, UDP, etc.).

Extended ACLs can filter network traffic based on destination hostname or host IP address. Extended ACLs can filter network traffic based on source protocol (i.e., IP, TCP, UDP, etc.).

Which of the following is a good general rule regarding the placement of extended ACLs? Extended ACLs should be placed as close as possible to the source router. Extended ACLs should be placed on Access layer routers. Extended ACLs should be placed as close as possible to the destination router. Extended ACLs should be placed on the default gateway router. Extended ACLs should be placed on Distribution layer routers.

Extended ACLs should be placed as close as possible to the source router.

Match the types of cryptanalysis with the descriptions.

Finds the affine approximations to the action of a cipher. Linear cryptanalysis A form of cryptanalysis applicable to symmetric key algorithms. Differential cryptanalysis Is useful against block ciphers based on substitution-permutation networks. Integral cryptanalysis It is an extension of differential cryptanalysis. Integral cryptanalysis It is commonly used on block ciphers and works on statistical differences between plain text and ciphertext. Linear cryptanalysis Works on statistical differences between ciphertexts of chosen data. Differential cryptanalysis

You want to prevent users from accessing a router through a Telnet session. What should you do? For the console line, add the login parameter and remove any passwords. For the VTY lines, add the login parameter and remove any passwords. For the VTY lines, add the login parameter and configure a password. For the VTY lines, set a password, but remove the login parameter. For the console line, add the login parameter and configure a password. For the console line, set a password but remove the login parameter.

For the VTY lines, add the login parameter and remove any passwords.

A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use? Fraggle attack SYN flood Smurf attack Teardrop attack

Fraggle attack

You are configuring a new 2960 switch. You issue the following commands: switch(config)#interface fast 0/15 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security maximum 1 switch(config-if)#switchport port-security mac-address stickyswitch(config-if)#switchport port-security violation protect You connect a hub with two workstations to port Fa0/15. You power on Device1 and then Device2. What will be the result? Frames from both Device1 and Device2 will be allowed. Frames from Device2 will be allowed; frames from Device1 will be dropped. Port Fa0/15 will be disabled, and no frames will be accepted or forwarded. Frames from Device1 will be allowed; frames from Device2 will be dropped.

Frames from Device1 will be allowed; frames from Device2 will be dropped.

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and told him how to secure the system. Which type of hacker is Miguel in this scenario? Script kiddie Gray hat State-sponsored White hat

Gray hat

Robert, an IT administrator, is working for a newly formed company. He needs a digital certificate to send and receive data securely in a Public Key Infrastructure (PKI). Which of the following requests should he submit? He must send identifying data and the encryption algorithm he will use with his certificate request to a certificate authority (CA). He must send identifying data with his certificate request to a registration authority (RA). He must send identifying data and a private key request to a validation authority (VA). He must send the MAC and IP addresses with his certificate to a root certificate authority (CA).

He must send identifying data with his certificate request to a registration authority (RA).

Rudy is analyzing a piece of malware discovered in a penetration test. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterward and monitor different components, such as ports, processes, and event logs, and note changes. Which of the following processes is he using? Host integrity monitoring Static analysis Malware disassembly Sheep dipping

Host integrity monitoring

Which of the following are protocols included in the IPsec architecture? IKE, AH, and ACK IKE, AH, and ESP SIP, AH, and ACK SIP, AH, and ESP

IKE, AH, and ESP

You are providing a VPN solution for employees who work remotely. When these employees change locations, they lose their VPN connection, so you want them to automatically reconnect if the VPN connection is lost or disconnected. Which VPN security protocol supports VPN reconnect functionality? PPTP IKEv2 L2TP SSTP

IKEv2

Which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs? ECC BLE SYN IPsec

IPsec

What is the least secure place to locate an omnidirectional access point when creating a wireless network? In common or community work areas Above the third floor Near a window In the center of the building

Near a window

Which of the following statements are true about IPv6 ACLs? (Select two.) IPv6 ACLs use either named or numbered ACLs. Creating IPv6 ACLs is very different from creating IPv4 ACLs. IPv6 ACLs do not use wildcard masks. IPv6 ACLs are similar to IPv4 extended named ACLs in functionality. IPv6 ACLs can cannot exist on the same interface as IPv4 ACLs.

IPv6 ACLs do not use wildcard masks. IPv6 ACLs are similar to IPv4 extended named ACLs in functionality.

Your organization is frequently visited by sales reps. While on-site, they frequently plug their notebook systems into any available wall jack, hoping to get internet connectivity. You are concerned that allowing them to do this could result in the spread of malware throughout your network. Which of the following would BEST protect you from guest malware infection? (Select two.) Implement private IP addressing with a Network Address Translation (NAT) router facing the internet. Implement MAC address filtering. Implement static IP addressing. Implement SNMP traps on your network switch. Enable port analysis on your network switch.

Implement MAC address filtering. Implement static IP addressing.

A small business named BigBikes, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following: BigBikes, Inc. uses an 802.11a wireless network. The wireless network SSID is set to BWLAN. The wireless network is not broadcasting the network SSID. The wireless network uses WPA2 with AES security. Omnidirectional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security? Implement directional access points. Enable SSID broadcast. Upgrade to an 802.11g wireless network. Change the SSID to something similar to BigBikeInc. Configure the wireless network to use WEP security.

Implement directional access points.

You want users to enter a password before being able to access the router through a Telnet session. You use the following commands: router#config t router(config)#line vty 0 4 router(config-line)#password cisco router(config-line)#exit router(config)#exit You open a Telnet session with the router and discover that the session starts without being prompted for a password. What should you do? In global configuration mode, configure the enable secret password. In line configuration mode, add the login parameter. Use the enable secret command in line configuration mode to set the password. Repeat the same configuration steps in line con 0 mode.

In line configuration mode, add the login parameter.

Which of the following statements about ACLs are true? (Select two.) Standard ACLs can filter by source or destination IP address. You can apply a maximum of two standard and two extended ACLs to each interface. ACLs can only be applied on the inbound interface. Inbound ACLs are applied before the routing process. An ACL without a permit statement does not allow any traffic.

Inbound ACLs are applied before the routing process. An ACL without a permit statement does not allow any traffic.

Which type of cryptanalysis method is based on substitution-permutation networks? Dictionary Linear Differential Integral

Integral

Which of the following malware detection methods establishes a baseline of the system and will alert the user if any suspicious system changes occur? Scanning Code emulation Heuristic analysis Integrity checking

Integrity checking

Which of the follow is a characteristic of Elliptic Curve Cryptography (ECC)? Uses symmetric encryption. Is suitable for small amounts of data and small devices, such as smartphones. Uses multiplication of large prime numbers. Is used to sign a certificate using a private key and to verify a certificate using a public key.

Is suitable for small amounts of data and small devices, such as smartphones.

Which of the following is the first step you should take if malware is found on a system? Check for suspicious or unknown registry entries. Sanitize the system using updated anti-malware software. Look through the event log for suspicious events. Isolate the system from the network immediately.

Isolate the system from the network immediately.

Which of the following is the most important thing to do to prevent console access to the router? Keep the router in a locked room. Set the console and enable secret passwords. Implement an access list to prevent console connections. Disconnect the console cable when not in use.

Keep the router in a locked room.

Which of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text? Brute force Known plain text Chosen plain text Chosen ciphertext

Known plain text

A virus has replicated itself throughout systems it has infected and is executing its payload. Which of the following phases of the virus life cycle is this virus in? Launch Replication Design Incorporation

Launch

Which term describes the process of sniffing traffic between a user and server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server? Session hijacking Man-in-the-middle Cross-site scripting DNS spoofing

Man-in-the-middle

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which of the following cryptographic keys would Mary use to create the digital signature? Mary's public key Mary's private key Sam's public key Sam's private key

Mary's private key

Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept used on this network? Network segmentation Trust zone networking Virtual local area networking Network firewalling

Network segmentation

Which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host? Session ID Session key Passive hijacking Active hijacking

Passive hijacking

What is the main security weakness associated with the service password-encryption command? Passwords are rendered as 4-digit hexadecimal values. Passwords are easily broken. Password values are transposed. Passwords are kept in the configuration register.

Passwords are easily broken.

Authentication, authorization, and accounting (AAA) are the three security components used to protect network access and communications. Which of the following describes the authorization security component? Identifies a network user by asking for a username and password. Collects data about which files a user has accessed. Documents a user's actions, such as how many resources are used. Permits or denies access to the network resources a user needs to perform tasks.

Permits or denies access to the network resources a user needs to perform tasks.

Drag the network attack technique on the left to the appropriate description or example on the right.

Perpetrators attempt to compromise or affect the operations of a system. Active attack Unauthorized individuals try to breach a network from off-site. External attack Attempting to find the root password on a web server by brute force. Active attack Attempting to gather information without affecting the flow of information on the network. Passive attack Sniffing network packets or performing a port scan. Passive attack

Above all else, which of the following must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? Private keys Hash values Cryptographic algorithm Public keys

Private keys

You want to implement 802.1x authentication on your wireless network. Which of the following will be required? WPA2 WPA TKIP RADIUS

RADIUS

You are at a customer site and need to access their router. The previous administrator left the company and did not document the password to the device. Which of the following would you access to start the password recovery process? bootstrap BIOS IOS ROMmon

ROMmon

Which of the following best describes a reverse proxy method for protecting a system from a DoS attack? Adds extra services so that there are too many platforms for the attacker to be able to flood. Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact. Limits the potential impact of a DoS attack by providing additional response time. Creates an area of the network where offending traffic is forwarded and dropped.

Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.

You have a secret key. Bob wants the secret key. He has threatened to harm your reputation at the office if you don't give him the secret key. What type of attack is Bob attempting to use? Trickery attack Brute force attack Rubber hose attack Social engineering attack

Rubber hose attack

Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester needs to manually check many different areas of the system. After these checks are completed, which of the following is the next step? Isolate the system from the network Document all findings Sanitize the system Run anti-malware scans

Run anti-malware scans

You need to implement a solution for the sales reps who complain that they are unable to establish VPN connections when they travel because the hotel or airport firewalls block the necessary VPN ports. Which VPN security protocol can you use to resolve this issue? L2TP PPTP SSTP IPsec

SSTP

Anti-malware software uses several methods to detect malware. One of these methods is scanning. Which of the following best describes scanning? Scanning is when anti-malware software opens a virtual environment to mimic CPU and RAM activity. Malware code is executed in this environment instead of the physical processor. Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs. Scanning aids in detecting new or unknown malware that is based on another known malware. Every malware has a fingerprint, or signature. If a piece of code contains similar code, the scan should mark it as malware and alert the user. Scanning establishes a baseline and keeps an eye on any system changes that shouldn't occur. The program alerts the user of signs of malware on the system.

Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.

Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action? Ransomware Adware Spyware Scareware

Scareware

It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation? Include a checklist of all threat assessment tools. Add extra services, such as load balancing and excess bandwidth. Have more than one upstream connection to use as a failover. Services can be set to throttle or even shut down.

Services can be set to throttle or even shut down.

Your network administrator has set up training for all users regarding clicking on links in emails or instant messages. Which of the following is your network administrator attempting to prevent? Session fixation Packet sniffing DNS spoofing Packet filtering

Session fixation

A certain attack task includes five steps as follows: Sniff the traffic between the target computer and the server. Monitor traffic with the goal of predicting the packet sequence numbers. Desynchronize the current session. Predict the session ID and take over the session. Inject commands to target the server. Which of the following tasks does the above list describe? Passive hijacking Session hijacking Cookie hijacking Application hijacking

Session hijacking

Analyzing emails, suspect files, and systems for malware is known as which of the following? Static analysis Integrity checking Sheep dipping Dynamic analysis

Sheep dipping

Which of the following provides a VPN gateway that encapsulates and encrypts outbound traffic from a site and sends the traffic through the VPN tunnel to the VPN gateway at the target site? SSL VPN Remote access VPN Site-to-site IPsec VPN GRE over IPsec

Site-to-site IPsec VPN

Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against? Spoofing Hijacking Sniffing Filtering

Sniffing

Put the steps for developing an anti-malware program on the left in proper order on the right.

Step 1: Identify unique characteristics of malicious software. Step 2: Write the scanning process. Step 3: Update the anti-malware program. Step 4: Scan the system.

Part of a penetration test is checking for malware vulnerabilities. There are twelve steps that are followed when testing for malware vulnerabilities. Put the steps in order.

Step 1: Scan for open ports. Step 2: Scan for running processes. Step 3: Check for suspicious or unknown registry entries. Step 4: Verify all running Windows services. Step 5: Check startup programs. Step 6: Look through event logs for suspicious events. Step 7: Verify all installed programs. Step 8: Scan files and folders for manipulation. Step 9: Verify that device drivers are legitimate. Step 10: Check all network and DNS settings and activity. Step 11: Scan for suspicious API calls. Step 12: Run anti-malware scans.

A VPN (Virtual Private Network) is primarily used for which purpose? Allow remote systems to save on long distance charges. Support secured communications over an untrusted network. Support the distribution of public web documents. Allow the use of network-attached printers.

Support secured communications over an untrusted network

Bob encrypts a message using a key and sends it to Alice. Alice decrypts the message using the same key. Which of the following types of encryption keys is being used? Symmetric Digital signature Asymmetric Block cipher

Symmetric

Match each cryptography attacks to its description.

The attack repeatedly measuring the exact execution times of modular exponentiation operations. Timing A hacker extracts cryptographic secrets, such as the password to an encrypted file, by coercion or torture. Rubber hose The hacker makes a series of interactive queries, choosing subsequent plain texts based on the information from the previous encryptions. Adaptive chosen plain text An attack where a hacker not only breaks a ciphertext, but also breaks into a bigger system that is dependent on that ciphertext. Chosen key The hacker obtains ciphertexts encrypted under two different keys. Related key The hacker analyzes the plain texts corresponding to an arbitrary set of ciphertexts the hacker chooses. Chosen ciphertext

A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.

The program shown is a crypter. Which of the following options best defines what this program does? A crypter is the main component of malware, the part of the program that performs the malware's intended activity. A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect. A crypter takes advantage of a bug or vulnerability to execute malware's payload. A crypter compresses malware to reduce its size and help hide it from anti-malware software.

Which of the following are true of port security sticky addresses? (Select two.) They can be learned automatically or manually configured. They are held in RAM, but not in a configuration file. They are only learned automatically. They are placed in the running-config file and can be saved to the startup-config file. They are placed in the startup-config file.

They can be learned automatically or manually configured. They are placed in the running-config file and can be saved to the startup-config file.

Which of the following best explains why brute force attacks are always successful? They test every possible valid combination. They can be performed in a distributed parallel processing environment. They are platform-independent. They are fast.

They test every possible valid combination.

Which statement best describes a suicide hacker? This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught. This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear. This hacker may cross ethical lines, but usually has good intentions and isn't malicious. This hacker's main purpose is to protest an event and draw attention to their views and opinions.

This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.

The process of analyzing an organization's security and determining its security holes is called: Enumeration Threat modeling Ethical hacking Penetration testing

Threat modeling

In a ciphertext-only attack, what is the attacker's goal? To extract cryptographic secrets. To construct a dictionary. To recover the encryption key. To find patterns in the output.

To recover the encryption key.

Which of the following are IPsec methods of operation? (Select two.) Transport Mode Multimode Tunnel Mode Single Mode Secure Mode

Transport Mode Tunnel Mode

Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using? Worm Trojan horse Virus Spyware

Trojan horse

One of the steps in the password recovery process for a router is to access the ROM monitor. Which of the following methods will accomplish this? (Select two.) Use a break sequence during the boot process. Remove the external flash memory while the device is powered off and then boot. Run the confreg 0x2142 command. Run the confreg 0x2102 command. Boot into the BIOS.

Use a break sequence during the boot process. Remove the external flash memory while the device is powered off and then boot.

Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic? Use intrusion detection countermeasures. Use encryption for all sensitive traffic. Implement acceptable use policies. Eliminate unnecessary system applications.

Use encryption for all sensitive traffic.

After configuring a router to ignore the startup configuration when the device boots, what command would you use to tell the device to load the startup configuration upon boot? restart confreg 0x2102 confreg 0x2142 copy startup-config running-config

confreg 0x2102

What are the countermeasures used to keep hackers from using various cryptanalysis methods and techniques? (Select two.) Keys should not be given to the application or the user directly. Use passphrases and passwords to encrypt a key stored on disk. Include keys inside the source code or binaries. Use a key size of 168 bits or 256 bits for symmetric key algorithms. Prohibit the transfer of public keys for certificate signing.

Use passphrases and passwords to encrypt a key stored on disk. Use a key size of 168 bits or 256 bits for symmetric key algorithms.

Which of the following are features of Hotspot 2.0? (Select two.) Transmits data at up to one megabit per second. Transmits data up to three megabits per second. Is disabled by default on Windows 10. Uses WPA2 Enterprise for authentication and encryption. Uses WPA Enterprise for authentication and encryption. Is enabled by default on Windows 10.

Uses WPA2 Enterprise for authentication and encryption. Is enabled by default on Windows 10.

Which of the following best describes a feature of symmetric encryption? Does not work well for bulk encryption of less sensitive data. Uses only one algorithm type. Uses only one key to encrypt and decrypt data. Does not require the exchange of the shared secret key.

Uses only one key to encrypt and decrypt data.

Which of the following is a characteristic of the Advanced Encryption Standard (AES) symmetric block cipher? Is used by Pretty Good Privacy (PGP) email encryption. Is easy to break. Uses up to 16 rounds of substitution and transposition. Uses the Rijndael block cipher.

Uses the Rijndael block cipher.

Only packets with either a source or destination address on the 192.168.0.0 network are captured.

Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter? Only packets with either a source or destination address on the 192.168.0.0 network are captured. Only packets with a source address on the 192.168.0.0 network are captured. Only packets with a source address of 192.168.0.0 are captured. Only packets with a destination address on the 192.168.0.0 network are captured.

Frank, an IT tech, works for the ABC company. His friend Joe, who works for the XYZ company, informs Frank that XYZ company has been hit by a new malware attack. What is the first thing Frank should do for the ABC company? Research the malware attack to verify what the attack does. Perform a penetration test to check for malware vulnerabilities. Isolate all of ABC company's systems from the internet. Verify that ABC company's anti-malware software is updated and running.

Verify that ABC company's anti-malware software is updated and running.

In which of the following attacks does the attacker blocks all traffic by taking up all available bandwidth between the target computer and the internet? Volumetric attack Phlashing attack Fragmentation attack Amplification attack

Volumetric attack

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients? WEP, WPA Personal, and WPA2 Personal WPA Enterprise and WPA2 Enterprise WEP, WPA Personal, WPA Enterprise, WPA2 Personal, and WPA2 Enterprise WPA Personal and WPA2 Enterprise

WEP, WPA Personal, and WPA2 Personal

Which of the following is the most secure protocol for wireless networks? WPA2 WPA WEP BitLocker 802.11n

WPA2

Passwords are being sent in clear text.

While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report? Passwords are being sent in clear text. The checksum is unverified. Keep-alive connections are being used. The urgent pointer flag is set to 0.

Which type of threat actor only uses skills and knowledge for defensive purposes? Hacktivist White hat Script kiddie Gray hat

White hat

Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using? Virus Worm Spyware Trojan horse

Worm

Which of the following statements apply only to extended access lists, not to standard access lists? (Select two.) You can log traffic that matches access list entries. You can assign more than one list per direction to each interface. You can filter traffic by source IP addresses. You can either permit or deny TCP/IP traffic. You can filter traffic for a specific protocol. You can filter traffic by destination IP addresses.

You can filter traffic for a specific protocol. You can filter traffic by destination IP addresses.

[email protected]

You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address? [email protected] [email protected] [email protected] [email protected]

St@y0ut!@

You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password? watson-p watson p@ssw0rd St@y0ut!@

As part of the password recovery process on a router, you want the device to ignore the startup config file when the device is rebooted. Which of the following commands would you use to do this? enable reset copy running-config startup-config confreg 0x2142

confreg 0x2142

With the flood, all packets come from the same source IP address in quick succession.

You suspect that an ICMP flood attack is taking place on your system from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, you started seeing packets as shown in the image. Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood? With the flood, all packets come from the same source IP address in quick succession. The normal ICMP ping request only has one source address. The only difference is the number of packets that are sent. With the ICMP flood, ICMP packets are sent and received at a quicker rate than normal ICMP packets.

In which of the following situations would you use port security? You wanted to control the packets sent and received by a router. You wanted to prevent sniffing attacks on the network. You wanted to prevent MAC address spoofing. You wanted to restrict the devices that could connect through a switch port.

You wanted to restrict the devices that could connect through a switch port.

You are configuring ACLs for a router. You need to create a standard IP access list that permits all traffic except traffic from the 192.168.1.0/24 network . To verify that the ACL is configured correctly and functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router. Which two commands would you use to view the information you need? (Select two.) access-list 1 permit any access-list 1 deny 192.168.1.0 0.0.0.255 log access-list 1 permit any log access-list 1 permit 192.168.1.0 0.0.0.255 log access-list 1 deny 192.168.1.0 0.0.0.255 access-list 1 deny 192.168.1.0 log

access-list 1 deny 192.168.1.0 0.0.0.255 log access-list 1 permit any log

Your company has two subnets, 172.16.1.0 and 172.16.2.0, as shown in the exhibit. You want to prevent public Telnet traffic from entering your company but allow all other traffic. Which of the following sets of statements will accomplish your goal? access-list 101 deny tcp 172.16.0.0 0.0.255.255 any eq 23 access-list 101 permit ip 172.16.2.0 0.0.255.255 any interface serial 0 ip access-group 101 out access-list 101 deny tcp 172.16.0.0 0.0.255.255 any eq 23 access-list 101 permit ip 172.16.2.0 0.0.255.255 any interface serial 0 ip access-group 101 in access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23 access-list 101 permit ip any 172.16.2.0 0.0.255.255 interface serial 0 ip access-group 101 in access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23 access-list 101 permit ip any 172.16.2.0 0.0.255.255 interface serial 0 ip access-group 101 out

access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23 access-list 101 permit ip any 172.16.2.0 0.0.255.255 interface serial 0 ip access-group 101 in

You are configuring ACLs for a router. You need to create an extended IP access list that rejects any packets sent from a host with an IP address of 10.1.1.1 to a host with an IP address of 15.1.1.1. All other traffic should be allowed. To verify that the ACL is configured correctly and functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router. Which two commands are needed to view the information? (Select two.) access-list 101 permit ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 access-list 101 permit ip any any log access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log access-list 101 permit ip any any access-list 101 deny ip any any log

access-list 101 permit ip any any log access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log

Which of the following terms is the encrypted form of a message that is unreadable except to its intended recipient? plain text steganography encryption algorithm ciphertext

ciphertext

Which of the following commands configures a password to switch to privileged EXEC mode and saves the password using MD5 hashing? service password-encryption enable secret password enable password

enable secret

While configuring a new router, you use the following commands: Router(config)#enable password cisco Router(config)#enable secret highway Router(config)#username admin password televisionRouter(config)#line con 0 Router(config-line)#password airplane Router(config-line)#login Router(config-line)#line vty 0 4 Router(config-line)#password garage Router(config-line)#login Which password would you use to open a Telnet session to the router? highway garage cisco airplane

garage

You want to control Telnet access to your router and only allow access from within the corporate network. You have subnetted your network so that all IP addresses use subnets of the 172.18.0.0/16 network. You want to apply the ACL to the VTY lines. Which of the following would be part of your design? (Select two.) access-list 7 permit ip any any ip access-class 7 in ip access-group 7 in access-list 7 permit 172.18.0.0 0.0.255.255 ip access-class 7 out ip access-group 7 out

ip access-class 7 in access-list 7 permit 172.18.0.0 0.0.255.255

You have used the following commands at the router console to create an IP access list and switch to interface configuration mode: Router(config)#access-list 122 permit tcp 10.6.0.0 0.0.255.255 any Router(config)#int eth 0 Which of the following commands would you use to add the access list to this interface and filter incoming packets? access-group 122 in apply access-list 122 in ip access-group 122 in enable access-list 122 in access-list 122 in

ip access-group 122 in

Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address? ip.src == 192.168.142.3 ip.src && 192.168.142.3 ip.src ne 192.168.142.3 ip.src eq 192.168.142.3

ip.src ne 192.168.142.3

Which command uses the correct syntax and argument to create an IPv6 ACL? access-list DENY_FTP ipv6 access-list 121 ipv6 acl DENY_FTP ipv6 access-list DENY_FTP ipv6 acl 121

ipv6 access-list DENY_FTP

Which command is used to apply an IPv6 ACL to an interface? ipv6 traffic-filter ipv6 interface-filter ipv6 access-class ipv6 traffic-control

ipv6 traffic-filter

Daphne suspects that a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDNs of locations those programs are connecting to. Which command will allow her to do this? netstat -a -b netstat -f -b netstat -f -a netstat -f -a -b

netstat -f -b

Your company has two subnets, 172.16.1.0 and 172.16.2.0, as shown. You want to protect your 172.16.2.0 subnet from all traffic except traffic originating from subnet 172.16.1.0. You don't want anyone to Telnet into host 172.16.2.13. You currently have no filters applied to your router. You've created the following access list: access-list 101 deny tcp 172.16.1.0 0.0.255.255 host 172.16.2.13 eq 23 access-list 101 permit ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.0.255 Where should you apply this filter? outbound side of E1 inbound side of E0 inbound side of S0 outbound side of S0 inbound side of E1 outbound side of E0

outbound side of E1

You've just enabled port security on an interface of a Catalyst 2950 switch. You want to generate an SNMP trap whenever a violation occurs. Which feature should you enable? restrict shutdown secure protect

restrict

Which of the following commands can you use to see which ACL is applied to the first Ethernet interface? sh ip int sh access-lists sh int eth 0 sh ip access-lists

sh ip int

You have just finished configuring ACL 101 and are ready to apply it to an interface. Before you do this, you would like to view the ACL to ensure there are no mistakes. Which command displays access list 101? show IP access list 101 show access lists detail show access-lists 101 debug access-list 101

show access-lists 101