267ist

Ace your homework & exams now with Quizwiz!

Which organization is an international nonprofit organization that offers the CISSP certification?

(ISC)2

used by Debian and Ubuntu computers and stores all authentication-related events

/var/log/auth.log

stores information related to hardware devices and their drivers

/var/log/dmesg

contains generic computer activity logs, and is used to store informational and noncritical system messages

/var/log/messages

used by RedHat and CentOS computers and tracks authentication-related events

/var/log/secure

Refer to the exhibit. What is the destination MAC address of the Ethernet frame as it leaves the web server if the final destination is PC1?

00-60-2F-3A-07-CC

A client application needs to terminate a TCP communication session with a server. Place the termination process steps in the order that they will occur

1. client sends FIN 2. server sends ACK 3. server sends FIN 4. client sends ACK

What port number would be used if a threat actor was using NTP to direct DDoS attacks?

123

A system analyst is reviewing syslog messages and notices that the PRI value of a message is 26. What is the severity value of the message?

2

What is the most compressed representation of the IPv6 address 2001:0000:0000:abcd:0000:0000:0000:0001?

2001:0:0:abcd::1

Refer to the exhibit. Which well-known port number is used by the server?

22

How much RAM is addressable by a 32-bit version of Windows?

4GB

What is the well-known port address number used by DNS to serve requests?

53

Which statement describes the use of certificate classes in the PKI?

A class 5 certificate is more trustworthy than a class 4 certificate

What are two uses of an access control list?

ACLs provide a basic level of security for network access ACLs can control which areas a host can access on a network

Which file system is the primary file system used by Apple in current Macintosh computers?

APFS

Which two methods does Linux use to log data in order to identify a security event?

Apachhe access logs syslog

How does BYOD change the way in which businesses implement networks?

BYOD provides flexibility in where and how users can access network resources

How can a user prevent specific applications from accessing a Windows computer over a network?

Block specific TCP or UDP ports in Windows Firewall

Which organization offers the vendor-neutral CySA+ certification?

CompTia

Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN?

DH

Which encryption algorithm is an asymmetric algorithm?

DH

What three application layer protocols are part of the TCP/IP protocol suite? (choose 3)

DHCP DNS FTP

Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a DHCP server?

DHCPREQUEST

Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?

DNS

Which three algorithms are designed to generate and verify digital signatures?

DSA ECDSA RSA

A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?

Delete the file because it is probably malware

Which type of security attack would attempt a buffer overflow?

DoS

upgraded firmware that stores boot code in the firmware

EFI

a legacy file system

FAT32

Which technology is used in Cisco Next-Generation IPS devices to consolidate multiple security layers into a single platform?

FirePOWER

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

GRE

A Linux administrator will use either the CLI or ___ the when communicating with the operating system.

GUI

Which working environment is more user-friendly?

GUI

A company is developing a security policy to ensure that OSPF routing updates are authenticated with a key. What can be used to achieve the task?

HMAC

Which statement is a feature of HMAC?

HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance

Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server?

HTTP HTTPS

How does using HTTPS complicate network security monitoring?

HTTPS adds complexity to captured packets

In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

HTTPS traffic enables end-to-end encryption

What specialized network device uses signatures to detect patterns in network traffic?

IDS

What are two types of addresses found on network end devices?

IP MAC

uses signatures to detect patterns in network traffic

IPS

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

IPsec

What is the purpose of a digital certificate?

It authenticates a website and establishes a secure connection to exchange confidential data

What is a host-based intrusion detection system (HIDS)?

It combines the functionalities of antimalware applications with firewall protection.

What is a feature of the TACACS+ protocol?

It encrypts the entire body of the packet for more secure communications

Which statement describes cyberwarfare?

It is Internet-based conflict that involves the penetration of information systems of other nations

What name is given to hackers who hack for a politcal or social cause?

It is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business

Which statement describes session data in security logs?

It is a record of a conversation between network hosts.

What is cyberwarfare?

It is an attack designed to disrupt, corrupt, or exploit national interests.

Which statement describes statistical data in network security monitoring processes?

It is created through an analysis of other forms of network data

Which statement describes a feature of timestamps in Linux?

It is easier to work with Unix Epoch timestamps for addition and subtraction operations

Refer to the exhibit. Consider the IP address configuration shown from PC1. What is a description of the default gateway address?

It is the IP address of the Router1 interface that connects the PC1 LAN to Router1

Which statement describes the threat-vulnerability (T-V) pairing?

It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

What is the purpose of mobile device management (MDM) software?

It is used to implement security policies, setting, and software configurations on mobile devices

Which function is provided by the Sguil application?

It makes Snort-generated alerts readable and searchable

What is true concerning physical and logical topologies?

Logical topologies refer to how a network transfers data between devices

NTFS-generated timestamps for file activity

MACE

What contains information on how hard drive partitions are organized?

MBR

stores information about how the file system is organized

MBR

What is a characteristic of a Trojan horse as it relates to network security?

Malware is contained in a seemingly legitimate executable program

How might corporate IT professionals deal with DNS-based cyber threats?

Monitor DNS proxy server logs and look for unusual DNS queries

Why do IoT devices pose a greater risk than other computing devices on a network?

Most IoT devices do not receive frequent firmware updates

Which two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data?

NBA NBAD

most common file system

NTFS

What are two advantages of the NTFS file system compared with FAT32?

NTFS supports larger files. NTFS provides more security features

Which network service synchronizes the time across all devices on the network?

NTP

Which protocol or service is used to automatically synchronize the software clocks on Cisco routers?

NTP

Which two statements are true about NTP servers in an enterprise network?

NTP servers at stratum 1 are directly connected to an authoritative time source. NTP servers ensure an accurate time stamp on logging and debugging information

What is a potential risk when using a free and open wireless hotspot in a public location?

Network traffic might be hijacked and information stolen

What are two methods to maintain certificate revocation status?

OCSP CRL

end devices

PC printer smart device

What is the service framework that is needed to support large-scale public key-based technologies?

PKI

What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

PKI certificates

Which type of tool is used by a Linux administrator to attack a computer or network to find vulnerabilities?

PenTesting

A user creates a file with .ps1 extension in Windows. What type of file is it?

Power shell script

Which statement describes a difference between RADIUS and TACACS+?

RADIUS encrypts only the password whereas TACACS+ encrypts all communication

Refer to the exhibit. PC1 issues an ARP request because it needs to send a packet to PC3. In this scenario, what will happen next?

RT1 will send an ARP reply with its own Fa0/0 MAC address.

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

Ransomware

A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?

Right-click the application and choose Run as Administrator

Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?

SEAL is a stream cipher

A security specialist is tasked to ensure that files transmitted between the headquarters office and the branch office are not altered during transmission. Which two algorithms can be used to achieve this task?

SHA-1 MD5

Which protocol is used to send e-mail messages between two servers that are in different e-mail domains?

SMTP

Which network service allows administrators to monitor and manage network devices?

SNMP

Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured?

SSID

Two pings were issued from a host on a local network. The first ping was issued to the IP address of the default gateway of the host and it failed. The second ping was issued to the IP address of a host outside the local network and it was successful. What is a possible cause for the failed ping?

Security rules are applied to the default gateway device, preventing it from processing ping requests

In threat intelligence communications, what set of specifications is for exchanging cyberthreat information between organizations?

Structured threat information expression (STIX)

What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?

Stuxnet

Refer to the exhibit. A junior network engineer is handed a print-out of the network information shown. Which protocol or service originated the information shown in the graphic?

Syslog

Which statement is true about the TCP/IP and OSI models?

The TCP/IP transport layer and OSI Layer 4 provide similar services and functions.

Which statement is true about FTP?

The client can download data from or upload data to the server

A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors?

The computer freezes and requires reboots. The computer gets increasingly slower to respond

What are two properties of a cryptographic hash function?

The hash function is one way and irreversible The output is fixed length

If the default gateway is configured incorrectly on the host, what is the impact on communications?

The host can communicate with other hosts on the local network, but is unable to communicate with hosts on remote networks

What is the outcome when a Linux administrator enters the man man command?

The man man command provides documentation about the man command

Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?

The users must obtain the certificate of the CA and then their own certificate

What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?

There is a problem associated with NTP

In what way are zombies used in security attacks?

They are infected machines that carry out a DDoS attack

Which statement best describes a motivation of hacktivists?

They are part of a protest group behind a political cause.

Which two statements describe the characteristics of symmetric algorithms?

They are referred to as a pre-shared key or secret key. They are commonly used with VPN traffic.

Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?

Tier 1 personnel

Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?

Tier 3 SME

Refer to the exhibit. How is the traffic from the client web browser being altered when connected to the destination website of www.cisco.com?

Traffic is encrypted by the user machine, and the TOR network encrypts next-hop information on a hop-by-hop basis

What technology was created to replace the BIOS program on modern personal computer motherboards?

UEFI

What is the principle of least privilege access control model?

Users are granted rights on an as-needed approach

Which device can control and manage a large number of corporate APs?

WLC

A short name of the X Window System is

X

After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?

a SME for further investigation

What is a daemon?

a background process that runs without the need for user interaction

process

a currently executing program

exploit

a mechanism used to compromise an asset

What is a botnet?

a network of infected computers that are controlled as a group

What is a ping sweep?

a network scanning technique that indicates the live hosts in a range of IP addresses

threat

a potential danger to an asset

daemon

a running background process that does not need user interaction

What is Tor?

a software platform and network of P2P hosts that function as Internet routers

What role does an RA play in PKI?

a subordinate CA

symlink

a type of file that is a reference to another file or directory

What is a significant characteristic of virus malware?

a virus is triggered by an event on the host system

vulnerability

a weakness in a system

What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?

acceptable use policies

An ___ permits or denies traffic through a router based on specific defined criteria

access list

Which three services are provided by the AAA framework?

accounting authorization authentication

What is the function of the distribution layer of the three-layer network design model?

aggregating access layer connections

SOC Processes

alert investigate monitor

What would be displayed if the netstat -abno command was entered on a Windows PC?

all active TCP and UDP connections, their current state, and their associated process ID (PID)

a method of adding information to an NTFS-based file

alternate data streams

What are the three major components of a worm attack?

an enabling vulnerability a probing mechanism a payload

filters traffic on Layer 7 information

application gateway

If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would be considered within its goal?

approximately 5 minutes per year

In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks?

assets that need protection threats to assets vulnerabilities in the system

What causes a buffer overflow?

attempting to write more data to a memory location than that location can hold

Which AAA component can be established using token cards?

authentication

Which technology provides the framework to enable scalable access security?

authentication, authorization, and accounting

A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?

authorization

What service determines which resources a user can access along with the operations that a user can perform?

authorization

What does the TACACS+ protocol provide in a AAA deployment?

authorization on a per-user or per-group basis

Which type of startup must be selected for a service that should run each time the computer is booted?

automatic

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

availability

Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?

behavior-based

What is the focus of cryptanalysis?

breaking encrypted codes

Which message delivery option is used when all devices need to receive the same message simultaneously?

broadcast

Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?

brute force attack

How can a security information and event management system in a SOC be used to help personnel fight against security threats?

by collecting and filtering data

What are two ways that ICMP can be a security threat to a company?

by collecting information about a network by providing a conduit for DoS attacks

How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?

by combining data from multiple technologies

How does a web proxy device provide data loss prevention (DLP) for an enterprise?

by scanning and logging outgoing traffic

What is a benefit of Linux being an open source operating system?

can be modified and then recompiled

changes the current directory

cd

What are the two important components of a public key infrastructure (PKI) used in network security?

certificate authority digital certificates

Which wireless parameter refers to the frequency bands used to transmit data to a wireless access point?

channel settings

Which type of Windows PowerShell command performs an action and returns an output or object to the next command that will be executed?

cmdlets

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

confidentiality

Which types of files are used to manage services in a Linux system?

configuration files

What is a function of a proxy firewall?

connects to remote servers on behalf of clients

A process that runs in the background without the need for user interaction is known as a

daemon

SOC technologies

database log sensor

registry

database of hardware, software, users, and settings

The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message?​

defend the castle

security

defines system requirements and objectives, rules, and requirements for users when they attach to or on the network

What addresses are mapped by ARP?

destination MAC address to a destination IPv4 address

What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

digital signature

lists files in a directory

dir

automatically added when an interface is configured and active

directly connected interface

A Cisco router is running IOS 15. What are the two routing table entry types that will be added when a network administrator brings an interface up and assigns an IP address to the interface?

directly connected interface local route interface

What is the motivation of a white hat attacker?

discovering weaknesses of networks and systems to improve the security level of these systems

The ___ layer of the three-layer network design model aggregates data from the access layer.

distribution

Which layer of the hierarchical design model is a control boundary between the other layers?

distribution

added when a protocol such as OSPF or EIGRP discovers a route

dynamic route

Which device is usually the first line of defense in a layered defense-in-depth approach?

edge router

How can IMAP be a security threat to a company?

email can be used to bring malware to a host

Which method is used to make data unreadable to unauthorized users?

encrypt the data

What are two evasion methods used by hackers?

encryption resource exhaustion

Which two methods can be used to harden a computing device? (Choose two.)

enforce the password history mechanism ensure physical security

Which Linux file system introduced the journaled file system, which can be used to minimize the risk of file system corruption in the event of a sudden power loss?

ext3

supports increased file sizes

ext4

A standard ACL filters network traffic based on the destination MAC address.

false

For ease of administration, it is recommended that the Everyone group in Windows have Full Control permissions.

false

In a star LAN topology, every end system must be connected to every other end system

false

In a star LAN topology, every end system must be connected to every other end system. T/F

false

The Linux GUI is the same across different distributions.

false

Consider the path representation in Windows CLI C:\Users\Jason\Desktop\mydocu.txt. What does the Users\Jason component represent?

file directory and subdirectory

Why is Linux considered to be better protected against malware than other operating systems?

file system structure, file permissions, and user account restrictions

What specialized network device is responsible for enforcing access control policies between networks?

firewall

Which device is an intermediary device?

firewall

For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?

firewall settings

Which method can be used to harden a computing device?

force periodic password changes

What is the method employed by a Linux kernel to create new processes for multitasking of a process?

forking

What are the three core functions provided by the Security Onion?

full packet capture

Which two user accounts are automatically created when a user installs Windows to a new computer?

guest administrator

Which type of hacker is motivated to protest against political and social issues?

hacktivist

Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?

identification and authentication policy

employee

identifies salary, pay schedule, benefits, work schedule, vacations, etc

Which two areas must an IT security person understand in order to identify vulnerabilities on a network?

important applications used hardware used by applications

What are two benefits of using an ext4 partition instead of ext3?

improved performance increase in the size of supported files

Where are the settings that are chosen during the installation process stored?

in the Registry

thread

instructions executed by the processor

What three items are components of the CIA triad?

integrity availability confidentiality

tier 2

involved in deep investigation and advises remediation

A technician is troubleshooting a PC unable to connect to the network. What command should be issued to check the IP address of the device?

ipconfig

What is the purpose of a Linux package manager?

it is used to install an application

What function is provided by the Windows Task Manager?

it provides information on system resources and processes

minimizes file corruption risk in the even of power loss

journaling

Which Linux command is used to manage processes?

kill

Which OSI layer header is rewritten with new addressing information by a router when forwarding between LAN segments?

layer 2

found only in routers running IOS 15+ or IPV6 routing

local route interface

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?

man in the middle

Which two services are provided by security operations centers?

managing comprehensive threat solutions monitoring network security threats

Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?

mandatory access control (MAC)

In a Cisco AVC system, in which module is NetFlow deployed?

metrics collection

creates a new directory

mkdir

tier 1

monitors incoming alerts and creates tickets

The process of assigning a directory to a partition is known as

mounting

Which net command is used on a Windows PC to establish a connection to a shared directory on a remote server?

net use

Which two OSI model layers have the same functionality as two layers of the TCP/IP model?

network transport

Which three services are provided through digital signatures?

nonrepudiation authenticity integrity

A technician can ping the IP address of the web server of a remote company but cannot successfully ping the URL address of the same web server. Which software utility can the technician use to diagnose the problem?

nslookup

Which command is used to manually query a DNS server to resolve a specific host name?

nslookup

Which two commands could be used to check if DNS name resolution is working properly on a Windows PC?

nslookup cisco.com ping cisco.com

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

origin authentication

An application ___ is a specific program and all its supported files.

package

Which type of tool allows administrators to observe and understand every detail of a network transaction?

packet capture software

enforces an access control policy based on packet content

packet filter firewall

What term is used to describe a logical drive that can be formatted to store data?

partition

For which discovery mode will an AP generate the most traffic on a WLAN?

passive mode

Which wireless parameter is used by an access point to broadcast frames that include the SSID?

passive mode

Which two features are included by both TACACS+ and RADIUS protocols?

password encryption utilization of transport layer protocols

What term is used for operating system updates?

patches

Which information can be provided by the Cisco NetFlow utility?

peak usage times and traffic routing

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

phishing

What are three techniques used in social engineering attacks? (choose 3)

phishing vishing pretexting

Which term is used to describe a running instance of a computer program?

process

hardening

protecting remote access

company

protects the rights of workers and the company interests

handle

provides access needed by the user space process

Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?

proxy

Which Linux command can be used to display the name of the current working directory?

pwd

Which Linux component would be used to access a short list of tasks the application can perform?

quicklist

A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?

ransomware

Users report that a database file on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

ransomware

Consider the result of the ls -l command in the Linux output below. What are the group file permissions assigned to the analyst.txt file? ls -l analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt

read, write

Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file? ls -l analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt

read, write, execute

When a user makes changes to the settings of a Windows system, where are these changes stored?

registry

renames a file

ren

When a ___ security policy is implemented on a firewall, only certain required ports are opened. The rest are closed

restrictive

In addressing an identified risk, which strategy aims to stop performing the activities that create risk?

risk avoidance

The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?

risk reduction

Which user can override file permissions on a Linux computer?

root user

What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed?

rootkit

service

runs in the background to support the operating system and applications

A senior citizen receives a warning on the computer that states that the operating system registry is corrupt and to click a particular link to repair it. Which type of malware is being used to try to create the perception of a computer threat to the user?

scareware

What name is given to an amateur hacker?

script kiddie

Which Windows log records events related to login attempts and operations related to file or object access?

security logs

Which Windows log contains information about installations of software, including Windows updates?

setup logs

What is the only attribute used by standard access control lists to identify traffic?

source IP address

What information does an Ethernet switch examine and use to build its address table?

source MAC address

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

spear phishing

ARP _____ is a technique that is used to send fake ARP messages to other hosts in the LAN. The aim is to associate IP addresses to the wrong MAC addresses.

spoofing

Which security threat installs on a computer without the knowledge of the user and then monitors computer activity?

spyware

What type of physical topology can be created by connecting all Ethernet cables to a central device?

star

Which LAN topology requires a central intermediate device to connect end devices?

star

filters traffic based on defined rules as well as connection context

stateful firewall

A ___ route is created when a network administrator manually configures a route and the exit interface is active

static

manually configured by a network administrator

static route

tier 3

subject matter expert. involved in threat hunting.

Which command can be utilized to view log entries of NGINX system events in real time?

sudo journalctl -u nginx.service -f

provides hard drive space that holds inactive RAM content

swap file system

intermediary devices

switch firewall router

Which protocol or service allows network administrators to receive system messages that are provided by network devices?

syslog

What utility is available on a Windows PC to view current running applications and processes?

task manager

What utility is used to show the system resources consumed by each user?

task manager

A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?

terminal emulator

Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?

the administrator has more control over the operating system

Which two things can be determined by using the ping command?

the average time it takes a packet to reach the destination and for the response to return to the source. the destination device is reachable through the network

What information within a data packet does a router use to make forwarding decisions?

the destination ip address

An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service?

the digital signatures

When implementing keys for authentication, if an old key length with 4 bits is increased to 8 bits, which statement describes the new key space?

the key space is increased by 15 times

risk

the likelihood of undesireable consequences

Refer to the exhibit. A network administrator is reviewing an Apache access log message. What is the status of the access request by the client?

the request was fulfilled successfully

How is a server different from a workstation computer?

the server is designed to provide services to clients

Which three technologies should be included in a SOC security information and event management system?

threat intelligence event collection, correlation, and analysis security monitoring

Which three technologies should be included in a SOC security information and event management system? (Choose three.)

threat intelligence log management security monitoring

In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?

ticketing system

The term cyber operations analyst refers to which group of personnel in a SOC?

tier 1 personnel

What are two reasons for entering the ping 127.0.0.1 command on a Windows PC?

to check if the NIC functions as expected to check if the TCP/IP protocol suite is installed properly

What is the purpose of entering the netsh command on a Windows PC?

to configure networking parameters for the PC

What is the role of an IPS?

to detect patterns of malicious traffic by the use of signature files

Why would a rootkit be used by a hacker?

to gain access to a device without being detected

What is the primary goal of a DoS attack?

to prevent the target server from being able to handle additional requests

What is the main purpose of the X Window System?

to provide a basic framework for a GUI

What is a main purpose of launching an access attack on network systems?

to retrieve data

What are two reasons for entering the ipconfig command on a Windows PC?

to review the network configuration on the PC to review the status of network media connections

What is the purpose of using the net accounts command in Windows?

to review the settings of password and logon requirements for users

What are two purposes of launching a reconnaissance attack on a network? (choose two)

to scan for accessibility to gather information about the network and devices

What is a purpose of apt-get commands?

to update the operating system

Which two Linux commands might be used before using the kill command? (Choose two.)

top ps

What OSI layer is responsible for establishing a temporary communication session between two applications and ensuring that transmitted data can be reassembled in proper sequence?

transport

A WLAN frame sent by a wireless client is formatted differently than a wired Ethernet frame. T/F

true

penetration testing

used to determine the possible consequences of successful attacks on the network

network scanning

used to discover available resources on the network

vulnerability scanning

used to find weaknesses and misconfigurations on network systems

WMI

used to manage remote computers

Because the company uses discretionary access control (DAC) for user file management, what feature would need to be supported on the server?

user-based access control

A ___ is a flaw or weakness in a computer operating system that can be exploited by an attacker

vulnerability

Which Windows version was the first to introduce a 64-bit Windows operating system?

windows xp

What type of malware has the primary objective of spreading across the network?

worm


Related study sets

FCE Writing Letter 1 (Formal vs Informal)

View Set

Chapter 50: Caring for clients with disorders of the endocrine system

View Set

ECON-2302 Inquizitive Ch. 8 - Business Costs & Production

View Set

Chapter 17: The Middle East 1750-1900

View Set