sec160 ch 11 netacad quiz & terms

Ace your homework & exams now with Quizwiz!

Which statement describes the tcpdump tool?

It is a command-line packet analyzer.

Threat actors may attack the _______infrastructure in order to corrupt network log timestamps and disguise any traces that they have left behind.

NTP

Which statement describes an operational characteristic of NetFlow?

NetFlow collects metadata about the packet flow, not the flow data itself.

Which two protocols may devices use in the application process that sends email? (Choose two.)

SMTP DNS

Identify the security technology from the data type description

match - security technology

Identify the NexGen IPS event type

match NexGen IPS event

Identify Windows event message severity

matching Windows events

Identify types of network monitoring data

match

Identify the monitored protocol

match

Identify IIS server access log fields

192.168.114.201, -, 03/20/01, 7:55:20, W3SVC2, CATALOG, 198.51.100.34, 3778, 172, 3187, 200, 0, GET, /home.htm, -,

Identify Apache web server access log fields

203.0.113.127 - dsmith [10/Oct/2016:10:26:57 -0500] "GET /logo_sm.gif HTTP/1.0" 200 2254 " "http://www.example.com/links.html"" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"

In a Cisco AVC system, in which module is NBAR2 deployed?

Application Recognition

What type of server can threat actors use DNS to communicate with?

CnC

Which Windows tool can be used to review host logs?

Event Viewer

Refer to the exhibit. A network administrator is reviewing an Apache access log message. What does the hyphen symbol (-) before "jsmith" indicate?

The client information is unavailable or unreliable.

A NIDS/NIPS has identified a threat. Which type of security data will be generated and sent to a logging device?

alert

iFrame

an HTML tag often used to exploit HTTP

tcpdump

an example of a command line tool that can be used for packet analysis.

Cisco Cognitive Threat Analytics (Cisco CTA)

an example of a network security monitoring tool that uses statistical analysis and is able to find malicious activity that has bypassed security controls.

IPFIX

an open standard version of the Cisco NetFlow.

NBA and NBAD

approaches to network security monitoring that use advanced analytical techniques to analyze the NetFlow or IPFIX network telemetry data.

load balancing

distribution of traffic between devices or network paths to prevent network resources from being overwhelmed with too much traffic.

examples of peer-to-peer networking

file sharing, process sharing, and instant messaging.

Which Windows host log event type describes the successful operation of an application, driver, or service?

information

Identify the impact of the technology on security and monitoring

match

Which type of security data can be used to describe or predict network behavior?

statistical

Which type of server daemon accepts messages sent by network devices to create a collection of log entries?

syslog

What is the purpose of Tor?

to allow users to browse the Internet anonymously

A security analyst reviews network logs. The data shows user network activities such as user name, IP addresses, web pages accessed, and timestamp. Which type of data is the analyst reviewing?

transaction

True or False? ICMP can be used inside the corporation to pose a threat

true


Related study sets

BUSML 3250 Midterm Textbook Questions

View Set

Salesforce Community Cloud Consultant Exam

View Set