Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by Le Huy Hoang (K17 HCM)

IAO202-Question

advertisement 
QN=144 (11375)
a.
b.
c.
d.
e.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the well-known port address number used by DNS to serve requests?
53
25
110
35
80
A
0.2
3,9
QN=145 (11366)
a.
b.
c.
d.
e.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which three are major categories of elements in a security operations center?
People, processes, technologies
data center, database engine, Internet connection
People, data center, security
data center, database engine, security
Security, processes, technologies
A
0.2
2
QN=146 (11362)
a.
b.
Why do IoT devices pose a greater risk than other computing devices on a network?
Most IoT devices do not receive frequent firmware updates.
Most IoT devices do not require an Internet connection and are unable to receive new
updates.
IoT devices require unencrypted wireless connections.
IoT devices cannot function on an isolated network with only an Internet connection.
A
0.2
1
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=147 (11403)
a.
b.
c.
d.
Yes
Yes
Yes
What is the purpose of a digital certificate?
It authenticates a website and establishes a secure connection to exchange confidential
data.
It guarantees that a website has not been hacked.
It provides proof that data has a traditional signature attached.
It ensures that the person who is gaining access to a network device is authorized.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
A
0.2
23
QN=148 (11368)
Which three technologies should be included in a SOC security information and event
management system?
log management, threat intelligence, security monitoring
proxy service, firewall appliance, intrusion prevention
proxy service, firewall appliance, security monitoring
log management, security monitoring, firewall appliance
A
0.2
1
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=149 (11379)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What three application layer protocols are parts of the TCP/IP protocol suite?
DHCP, DNS, FTP
ARP, NAT, PPP
IP, TCP, UDP
ARP, NAT, IP
A
0.2
9
QN=150 (11391)
A user receives a phone call from a person who claims to represent IT services and
then asks that user for confirmation of username and password for auditing purposes.
Which security threat does this phone call represent?
social engineering
DDoS
spam
anonymous keylogging
A
0.2
14
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=151 (11440)
Yes
Yes
What is the main purpose of cyber-warfare?
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
to gain advantage over adversaries
to protect cloud-based data centers
to develop advanced network devices
to simulate possible war scenarios among nations
A
0.2
1
QN=152 (11441)
Which attack involves threat actors positioning themselves between a source and
destination with the intent of transparently monitoring, capturing, and controlling the
communication?
man-in-the-middle attack
DoS attack
ICMP attack
SYN flood attack
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=153 (11446)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which objective of secure communications is achieved by encrypting data?
confidentiality
authentication
availability
integrity
A
0.2
Retake_FA21
QN=154 (11422)
Why is Linux considered to be better protected against malware than other operating
systems?
file system structure, file permissions, and user account restrictions
customizable penetration and protection tools
fewer deployments
integrated firewall
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
Yes
MIX CHOICES:
Yes
QN=155 (11428)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the function of the distribution layer of the three-layer network design model?
aggregating access layer connections
providing direct access to the network
providing secure access to the Internet
providing high speed connection to the network edge
A
0.2
Retake_FA21
QN=156 (11424)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is done to an IP packet before it is transmitted over the physical medium?
It is encapsulated in a Layer 2 frame.
It is tagged with information guaranteeing reliable delivery.
It is segmented into smaller individual pieces.
It is encapsulated into a TCP segment.
A
0.2
Retake_FA21
QN=157 (11425)
What type of route is created when a network administrator manually configures a
route that has an active exit interface?
static
directly connected
local
presentation layer
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=158 (11452)
a.
b.
c.
d.
ANSWER:
MARK:
Yes
Yes
Yes
Which statement describes session data in security logs?
It is a record of a conversation between network hosts.
It shows the result of network sessions.
It can be used to describe or predict network behavior.
It reports detailed network activities between network hosts.
A
0.2
UNIT:
LO:
MIX CHOICES:
Retake_FA21
QN=159 (11419)
Which Windows tool can be used by a cyber-security administrator to secure standalone computers that are not part of an active directory domain?
Local Security Policy
Windows Defender
Windows Firewall
PowerShell
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=160 (11437)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
What causes a buffer overflow?
attempting to write more data to a memory location than that location can hold
launching a security countermeasure to mitigate a Trojan horse
downloading and installing too many software updates at one time
sending too much information to two or more interfaces of the same device, thereby
causing dropped packets
A
0.2
Retake_FA21
Yes
QN=161 (11453)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which statement describes statistical data in network security monitoring processes?
It is created through an analysis of other forms of network data.
It contains conversations between network hosts.
It lists each alert message along with statistical information.
It shows the results of network activities between network hosts.
A
0.2
Retake_FA21
QN=162 (11438)
a.
b.
c.
What are examples of DoS attacks?
ping of death and buffer overflow
Phishing and SQL injection
port scanning and phishing
Yes
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
SQL injection and port scanning
A
0.2
Retake_FA21
QN=163 (11447)
a.
b.
c.
d.
Which statement describes a difference between RADIUS and TACACS+?
RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
RADIUS uses TCP whereas TACACS+ uses UDP.
RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not.
RADIUS separates authentication and authorization whereas TACACS+ combines them
as one process.
A
0.2
Retake_FA21
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=164 (11459)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
What is the first line of defense when an organization is using a defense-in-depth
approach to network security?
edge router
IPS
Firewall
Proxy server
A
0.2
Retake_FA21
Yes
QN=165 (11458)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which approach is intended to prevent exploits that target syslog?
Use syslog-ng.
Use a Linux-based server.
Use a VPN between a syslog client and the syslog server.
Create an ACL that permits only TCP traffic to the syslog server.
A
0.2
Retake_FA21
QN=166 (11430)
What mechanism is used by a router to prevent a received IPv4 packet from traveling
Yes
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
endlessly on a network?
It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet
and sends a Time Exceeded message to the source host.
It checks the value of the TTL field and if it is 0, it discards the packet and sends a
Destination Unreachable message to the source host.
It checks the value of the TTL field and if it is 100, it discards the packet and sends a
Destination Unreachable message to the source host.
It increments the value of the TTL field by 1 and if the result is 100, it discards the
packet and sends a Parameter Problem message to the source host.
A
0.2
Retake_FA21
Yes
QN=167 (11439)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which devices should be secured to mitigate against MAC address spoofing attacks?
Layer 2 devices
Layer 3 devices
Layer 4 devices
Layer 7 devices
A
0.2
Retake_FA21
QN=168 (11414)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is a characteristic of a layered defense-in-depth security approach?
One safeguard failure does not affect the effectiveness of other safeguards.
Routers are replaced with firewalls.
Three or more devices are used.
When one device fails, another one takes over.
A
0.2
Retake_FA21
QN=169 (11444)
a.
b.
c.
d.
ANSWER:
MARK:
Which statement describes the term iptables?
It is a rule-based firewall application in Linux.
It is a DNS daemon in Linux.
It is a DHCP application in Windows.
It is a file used by a DHCP server to store current active IP addresses.
A
0.2
Yes
Yes
UNIT:
LO:
MIX CHOICES:
Retake_FA21
QN=170 (11431)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is a host-based intrusion detection system (HIDS)?
It combines the functionalities of antimalware applications with firewall protection.
It is an agentless system that scans files on a host for potential malware.
It identifies potential attacks and sends alerts but does not stop the traffic.
It detects and stops potential direct attacks but does not scan for malware.
A
0.2
Retake_FA21
QN=171 (11456)
According to NIST, which step in the digital forensics process involves drawing
conclusions from data?
analysis
examination
Collection
reporting
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=172 (11416)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=173 (11443)
a.
b.
c.
Yes
Yes
Yes
Which personnel in a SOC are assigned the task of hunting for potential threats and
implementing threat detection tools?
Tier 3 SME
SOC Manager
Tier 1 Analyst
Tier 2 Incident Reporter
A
0.2
Retake_FA21
Yes
Which technique would a threat actor use to disguise traces of an ongoing exploit?
Corrupt time information by attacking the NTP infrastructure.
Use SSL to encapsulate malware.
Create an invisible iFrame on a web page.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Encapsulate other protocols within DNS to evade security measures.
A
0.2
Retake_FA21
QN=174 (11426)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which statement describes a feature of the IP protocol?
IP relies on upper layer services to handle situations of missing or out-of-order packets.
IP encapsulation is modified based on network media.
IP relies on Layer 2 protocols for transmission error control.
MAC addresses are used during the IP packet encapsulation.
A
0.2
Retake_FA21
QN=175 (11449)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
In what order are the steps in the vulnerability management life cycle conducted?
discover, prioritize assets, assess, report, remediate, verify
discover, assess, prioritize assets, report, remediate, verify
discover, prioritize assets, assess, remediate, report, verify
discover, prioritize assets, assess, remediate, verify, report
A
0.2
Retake_FA21
QN=176 (11454)
A threat actor has successfully breached the network firewall without being detected
by the IDS system. What condition describes the lack of alert?
false negative
false positive
true positive
true negative
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=177 (11429)
Yes
Yes
Yes
Yes
When a wireless network in a small office is being set up, which type of IP addressing is
typically used on the networked devices?
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
private
public
network
wireless
A
0.2
Retake_FA21
QN=178 (11436)
Which firewall feature is used to ensure that packets coming into a network are
legitimate responses to requests initiated from internal hosts?
stateful packet inspection
URL filtering
application filtering
packet filtering
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=179 (11451)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=180 (11411)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
Yes
Yes
Which type of attack is carried out by threat actors against a network to determine
which IP addresses, protocols, and ports are allowed by ACLs?
reconnaissance
phishing
denial of service
social engineering
A
0.2
Retake_FA21
Yes
A user calls the help desk complaining that the password to access the wireless
network has changed without warning. The user is allowed to change the password,
but an hour later, the same thing occurs. What might be happening in this situation?
rogue access point
password policy
user laptop
user error
A
0.2
Retake_FA21
LO:
MIX CHOICES:
QN=181 (11448)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=182 (11442)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
What is the purpose for using digital signatures for code signing?
to verify the integrity of executable files downloaded from a vendor website
to generate a virtual ID
to establish an encrypted connection to exchange confidential data with a vendor
website
to authenticate the identity of the system with a vendor website
A
0.2
Retake_FA21
Yes
What is the principle behind the nondiscretionary access control model?
It allows access decisions to be based on roles and responsibilities of a user within the
organization.
It applies the strictest access control possible.
It allows users to control access to their data as owners of that data.
It allows access based on attributes of the object be to accessed.
A
0.2
Retake_FA21
Yes
QN=183 (11432)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is an advantage of HIPS that is not provided by IDS?
HIPS protects critical system resources and monitors operating system processes.
HIPS provides quick analysis of events through detailed logging.
HIPS deploys sensors at network entry points and protects critical network segments.
HIPS monitors network processes and protects critical files.
A
0.2
Retake_FA21
QN=184 (11412)
a.
b.
c.
d.
Which cyber-attack involves a coordinated attack from a botnet of zombie computers?
DDoS
MITM
ICMP redirect
address spoofing
Yes
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
A
0.2
Retake_FA21
QN=185 (11434)
What technique is a security attack that depletes the pool of IP addresses available for
legitimate hosts?
DHCP starvation
DHCP snooping
DHCP spoofing
reconnaissance attack
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=186 (11415)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=187 (11435)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=188 (11413)
Yes
Yes
Which regulatory law regulates the identification, storage, and transmission of patient
personal healthcare information?
HIPAA
GLBA
FISMA
PCI-DSS
A
0.2
Retake_FA21
Yes
Which type of security threat would be responsible if a spreadsheet add-on disables
the local software firewall?
Trojan horse
DoS
buffer overflow
brute-force attack
A
0.2
Retake_FA21
Yes
Which term describes the ability of a web server to keep a log of the users who access
the server, as well as the length of time they use it?
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
accounting
assigning permissions
authentication
authorization
A
0.2
Retake_FA21
QN=189 (11433)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which technique is necessary to ensure a private transfer of data using a VPN?
encryption
authorization
scalability
virtualization
A
0.2
Retake_FA21
QN=190 (11423)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
How can IMAP be a security threat to a company?
An email can be used to bring malware to a host.
Encrypted data is decrypted.
Someone inadvertently clicks on a hidden iFrame.
It can be used to encode stolen data and send to a threat actor.
A
0.2
Retake_FA21
QN=191 (11410)
When designing a prototype network for a new server farm, a network designer
chooses to use redundant links to connect to the rest of the network. Which business
goal will be addressed by this choice?
availability
security
scalability
Manageability
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
Yes
Yes
QN=192 (11445)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which statement describes the policy-based intrusion detection approach?
It compares the operations of a host against well-defined security rules.
It compares the signatures of incoming traffic to a known intrusion database.
It compares the antimalware definitions to a central repository for the latest updates.
It compares the behaviors of a host to an established baseline to identify potential
intrusion.
A
0.2
Retake_FA21
Yes
QN=193 (11455)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the purpose for data normalization?
to simplify searching for correlated events
to reduce the amount of alert data
to make the alert data transmission fast
to enhance the secure transmission of alert data
A
0.2
Retake_FA21
QN=194 (11420)
What information within a data packet does a router use to make forwarding
decisions?
the destination IP address
the destination MAC address
the destination host name
the destination service requested
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=195 (11450)
a.
b.
c.
d.
ANSWER:
MARK:
Yes
Yes
Why does HTTPS technology add complexity to network security monitoring?
HTTPS conceals data traffic through end-to-end encryption.
HTTPS uses tunneling technology for confidentiality.
HTTPS hides the true source IP address using NAT/PAT.
HTTPS dynamically changes the port number on the web server.
A
0.2
UNIT:
LO:
MIX CHOICES:
Retake_FA21
QN=196 (11457)
Which technology would be used to create the server logs generated by network
devices and reviewed by an entry level network person who works the night shift at a
data center?
syslog
ACL
NAT
VPN
A
0.2
Retake_FA21
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=197 (11418)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=198 (11417)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=199 (11421)
a.
b.
Yes
Yes
Which method is used by some malware to transfer files from infected hosts to a
threat actor host?
ICMP tunneling
HTTPS traffic encryption
iFrame injection
UDP infiltration
A
0.2
Retake_FA21
Yes
Which protocol is a name resolution protocol often used by malware to communicate
with command-and-control (CnC) servers?
DNS
HTTPS
ICMP
IMAP
A
0.2
Retake_FA21
Yes
Which user can override file permissions on a Linux computer?
root user
any user that has 'group' permission to the file
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
any user that has 'other' permission to the file
only the creator of the file
A
0.2
Retake_FA21
QN=200 (11427)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is a basic characteristic of the IP protocol?
connectionless
media dependent
reliable end-to-end delivery
user data segmentation
A
0.2
Retake_FA21
QN=201 (11768)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the default time set in the securityonion.conf file for Sguil alert data retention?
15 days
45 days
60 days
30 days
D
0.2
SUM22-FE
QN=202 (11785)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which AAA component can be established using token cards?
authentication
accounting
authorization
auditing
A
0.2
SUM22-FE
QN=203 (11760)
An attacker sends a piece of malware as an email attachment to employees in a
company. What is one probable purpose of the attack?
Yes
Yes
Yes
Yes
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
probing open ports on the firewall on the border network
searching and obtaining trade secrets
cracking the administrator password for a critical server
denying external access to a web server that is open to the public
B
0.2
SUM22-FE
QN=204 (11801)
Which type of security threat would be responsible if a spreadsheet add-on disables
the local software firewall?
Trojan horse
DoS
buffer overflow
brute-force attack
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=205 (11808)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
How is the hash value of files useful in network security investigations?
It helps identify malware signatures.
It is used to decode files.
It verifies confidentiality of files.
It is used as a key for encryption.
A
0.2
SUM22-FE
QN=206 (11773)
When dealing with security threats and using the Cyber Kill Chain model, which two
approaches can an organization use to help block potential exploitations of a system?
(Choose two.)
Collect email and web logs for forensic reconstruction
Audit endpoints to forensically determine origin of exploit
Conduct employee awareness training and email testing
Analyze the infrastructure path used for delivery
Conduct full malware analysis
BC
0.2
SUM22-FE
a.
b.
c.
d.
e.
ANSWER:
MARK:
UNIT:
Yes
LO:
MIX CHOICES:
QN=207 (11800)
a.
b.
c.
d.
e.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=208 (11777)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=209 (11779)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
What is the difference between an HIDS and a firewall?
An HIDS monitors operating systems on host computers and processes file system
activity. Firewalls allow or deny traffic between the computer and other systems.
An HIDS blocks intrusions, whereas a firewall filters them.
A firewall allows and denies traffic based on rules and an HIDS monitors network
traffic.
A firewall performs packet filtering and therefore is limited in effectiveness, whereas an
HIDS blocks intrusions.
An HIDS works like an IPS, whereas a firewall just monitors traffic.
A
0.2
SUM22-FE
Yes
What mechanism is used by a router to prevent a received IPv4 packet from traveling
endlessly on a network?
It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet
and sends a Time Exceeded message to the source host.
It checks the value of the TTL field and if it is 0, it discards the packet and sends a
Destination Unreachable message to the source host.
It checks the value of the TTL field and if it is 100, it discards the packet and sends a
Destination Unreachable message to the source host.
It increments the value of the TTL field by 1 and if the result is 100, it discards the
packet and sends a Parameter Problem message to the source host.
A
0.2
SUM22-FE
Yes
What three application layer protocols are parts of the TCP/IP protocol suite?
DHCP, DNS, FTP
ARP, NAT, PPP
IP, TCP, UDP
ARP, NAT, IP
A
0.2
SUM22-FE
Yes
QN=210 (11776)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=211 (11789)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=212 (11797)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=213 (11804)
a.
b.
c.
d.
ANSWER:
Which methods can be used to harden a computing device?
Ensure physical security and enforce the password history mechanism.
Allow USB auto-detection and allow default services to remain enabled.
Update patches on a strict annual basis irrespective of release date and allow USB
auto-detection
None of the mentioned.
A
0.2
SUM22-FE
Yes
Which type of access control applies the strictest access control and is commonly used
in military or mission critical applications?
mandatory access control (MAC)
attribute-based access control (ABAC)
discretionary access control (DAC)
Non-discretionary access control
A
0.2
SUM22-FE
Yes
Which type of Trojan horse security breach uses the computer of the victim as the
source device to launch other attacks?
proxy
FTP
data-sending
DoS
A
0.2
SUM22-FE
Yes
In addressing an identified risk, which strategy aims to stop performing the activities
that create risk?
risk avoidance
risk sharing
risk retention
risk reduction
A
MARK:
UNIT:
LO:
MIX CHOICES:
0.2
SUM22-FE
QN=214 (11772)
To ensure that the chain of custody is maintained, what three items should be logged
about evidence that is collected and analyzed after a security incident has occurred?
(Choose three.)
measures used to prevent an incident
time and date the evidence was collected
extent of the damage to resources and assets
vulnerabilities that were exploited in an attack
serial numbers and hostnames of devices used as evidence
location of all evidence
BEF
0.2
SUM22-FE
a.
b.
c.
d.
e.
f.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=215 (11803)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=216 (11791)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
What is the purpose of a digital certificate?
It authenticates a website and establishes a secure connection to exchange confidential
data.
It guarantees that a website has not been hacked.
It provides proof that data has a traditional signature attached.
It ensures that the person who is gaining access to a network device is authorized.
A
0.2
SUM22-FE
Yes
A user receives a phone call from a person who claims to represent IT services and
then asks that user for confirmation of username and password for auditing purposes.
Which security threat does this phone call represent?
social engineering
DDoS
spam
anonymous keylogging
A
0.2
SUM22-FE
Yes
QN=217 (11778)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which statement describes the ping and tracert commands?
Tracert shows each hop, while ping shows a destination reply only.
Tracert uses IP addresses; ping does not.
Both ping and tracert can show results in a graphical display.
Ping shows whether the transmission is successful; tracert does not.
A
0.2
SUM22-FE
QN=218 (11798)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Passwords, passphrases, and PINs are examples of which security term?
authentication
identification
authorization
access
A
0.2
SUM22-FE
QN=219 (11781)
Which value, that is contained in an IPv4 header field, is decremented by each router
that receives a packet?
TTL
Differentiated Services
Fragment Offset
Header Length
None of the mentioned.
A
0.2
SUM22-FE
a.
b.
c.
d.
e.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=220 (11792)
a.
b.
c.
d.
ANSWER:
Yes
Yes
Yes
An attacker is redirecting traffic to a false default gateway in an attempt to intercept
the data traffic of a switched network. What type of attack could achieve this?
DHCP spoofing
DHCP snooping
MAC address starvation
MAC address snooping
A
MARK:
UNIT:
LO:
MIX CHOICES:
0.2
SUM22-FE
QN=221 (11805)
Which technology would be used to create the server logs generated by network
devices and reviewed by an entry level network person who works the night shift at a
data center?
syslog
ACL
NAT
VPN
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=222 (11794)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=223 (11802)
a.
b.
c.
d.
ANSWER:
MARK:
Yes
Yes
Why would an attacker want to spoof a MAC address?
so that a switch on the LAN will start forwarding frames to the attacker instead of to
the legitimate host
so that a switch on the LAN will start forwarding all frames toward the device that is
under control of the attacker (that can then capture the LAN traffic)
so that the attacker can capture traffic from multiple VLANs rather than from just the
VLAN that is assigned to the port to which the attacker device is attached
so that the attacker can launch another type of attack in order to gain access to the
switch
A
0.2
SUM22-FE
Yes
What is a difference between symmetric and asymmetric encryption algorithms?
Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption
algorithms use different keys to encrypt and decrypt data.
Symmetric algorithms are typically hundreds to thousands of times slower than
asymmetric algorithms.
Symmetric encryption algorithms are used to authenticate secure communications.
Asymmetric encryption algorithms are used to repudiate messages.
Symmetric encryption algorithms are used to encrypt data. Asymmetric encryption
algorithms are used to decrypt data.
A
0.2
UNIT:
LO:
MIX CHOICES:
SUM22-FE
QN=224 (11796)
Which type of network attack involves randomly opening many Telnet requests to a
router and results in a valid network administrator not being able to access the device?
SYN flooding
spoofing
man-in-the-middle
DNS poisoning
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=225 (11787)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
Which firewall feature is used to ensure that packets coming into a network are
legitimate responses to requests initiated from internal hosts?
stateful packet inspection
URL filtering
application filtering
packet filtering
A
0.2
SUM22-FE
Yes
QN=226 (11765)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What name is given to an amateur hacker?
red hat
script kiddie
blue team
black hat
B
0.2
SUM22-FE
QN=227 (11806)
a.
b.
c.
What information is contained in the options section of a Snort rule?
text describing the event
direction of traffic flow
source and destination address
Yes
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
action to be taken
A
0.2
SUM22-FE
QN=228 (11767)
Which core open source component of the Elastic-stack is responsible for accessing,
visualizing, and investigating data?
Kibana
Elasticsearch
Logstash
Beats
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=229 (11761)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is cyberwarfare?
It is an attack designed to disrupt, corrupt, or exploit national interests.
It is an attack on a major corporation.
It is an attack that only involves robots and bots.
It is an attack only on military targets.
A
0.2
SUM22-FE
QN=230 (11799)
When designing a prototype network for a new server farm, a network designer
chooses to use redundant links to connect to the rest of the network. Which business
goal will be addressed by this choice?
availability
security
scalability
manageability
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=231 (11766)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the host-based intrusion detection tool that is integrated into Security Onion?
OSSEC
Sguil
Snort
Wireshark
A
0.2
SUM22-FE
QN=232 (11795)
A network administrator is checking the system logs and notices unusual connectivity
tests to multiple well-known ports on a server. What kind of potential network attack
could this indicate?
reconnaissance
access
denial of service
information theft
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=233 (11763)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=234 (11775)
a.
b.
c.
d.
e.
Yes
Yes
What is a potential risk when using a free and open wireless hotspot in a public
location?
Purchase of products from vendors might be required in exchange for the Internet
access.
The Internet connection can become too slow when many users access the wireless
hotspot.
Network traffic might be hijacked and information stolen.
Too many users trying to connect to the Internet may cause a network traffic jam.
C
0.2
SUM22-FE
Yes
What is the well-known port address number used by DNS to serve requests?
53
25
110
35
80
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
A
0.2
SUM22-FE
QN=235 (11769)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which tool would an analyst use to start a workflow investigation?
ELK
Sguil
Snort
Zeek
B
0.2
SUM22-FE
QN=236 (11774)
After containing an incident that infected user workstations with malware, what are
three effective remediation procedures that an organization can take for eradication?
(Choose three.)
Update and patch the operating system and installed software of all hosts
Rebuild DHCP servers using clean installation media
Rebuild hosts with installation media if no backups are available
Disconnect or disable all wired and wireless network adapters until the remediation is
complete
Use clean and recent backups to recover hosts
Change assigned names and passwords for all devices
ACE
0.2
SUM22-FE
a.
b.
c.
d.
e.
f.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=237 (11786)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
Yes
What is an advantage of HIPS that is not provided by IDS?
HIPS protects critical system resources and monitors operating system processes.
HIPS provides quick analysis of events through detailed logging.
HIPS deploys sensors at network entry points and protects critical network segments.
HIPS monitors network processes and protects critical files.
A
0.2
SUM22-FE
Yes
QN=238 (11770)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which core open source component of the Elastic-stack is responsible for storing,
indexing, and analyzing data?
Kibana
Logstash
Beats
Elasticsearch
D
0.2
SUM22-FE
Yes
QN=239 (11762)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What type of malware has the primary objective of spreading across the network?
Trojan horse
worm
botnet
virus
B
0.2
SUM22-FE
QN=240 (11790)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the significant characteristic of worm malware?
A worm can execute independently of the host system.
Worm malware disguises itself as legitimate software.
A worm must be triggered by an event on the host system.
Once installed on a host system, a worm does not replicate itself.
A
0.2
SUM22-FE
QN=241 (11807)
Which term is used to describe the process of converting log entries into a common
format?
normalization
classification
standardization
systemization
A
0.2
SUM22-FE
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
Yes
Yes
MIX CHOICES:
Yes
QN=242 (11783)
A user issues a ping 192.168.250.103 command and receives a response that includes a
code of 1. What does this code represent?
host unreachable
protocol unreachable
port unreachable
network unreachable
A
0.2
7
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=243 (11788)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Which statement describes a VPN?
VPNs use virtual connections to create a private network through a public network.
VPNs use dedicated physical connections to transfer data between remote users.
VPNs use logical connections to create public networks through the Internet.
VPNs use open source virtualization software to create the tunnel through the
Internet.
A
0.2
10
Yes
QN=244 (11784)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the purpose of ICMP messages?
to provide feedback of IP packet transmissions
to inform routers about network topology changes
to ensure the delivery of an IP packet
to monitor the process of a domain name to IP address resolution
A
0.2
7
QN=245 (11771)
Which tool concentrates security events from multiple sources and can interact with
other tools such as Wireshark?
Sguil
Curator
Bro
Kibana
a.
b.
c.
d.
Yes
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
C
0.2
27
QN=246 (11764)
At the request of investors, a company is proceeding with cyber attribution with a
particular attack that was conducted from an external source. Which security term is
used to describe the person or device responsible for the attack?
fragmenter
tunneler
skeleton
threat actor
D
0.2
28
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=247 (11780)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
A web server administrator is configuring access settings to require users to
authenticate first before accessing certain web pages. Which requirement of
information security is addressed through the configuration?
confidentiality
availability
scalability
integrity
A
0.2
18,19
Yes
QN=248 (11793)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which type of security attack would attempt a buffer overflow?
DoS
reconnaissance
ransomware
scareware
A
0.2
14
QN=249 (11782)
Which field in an IPv4 packet header will typically stay the same during its
Yes
a.
b.
c.
d.
e.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
transmission?
Destination Address
Flag
TTL
Packet Length
None of the mentioned.
A
0.2
5,7
Yes
QN=250 (11809)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What would be the target of an SQL injection attack?
database
DHCP
DNS
email
A
0.2
17
QN=251 (11828)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What is the function of the distribution layer of the three-layer network design model?
aggregating access layer connections
providing direct access to the network
providing secure access to the Internet
providing high speed connection to the network edge
A
0.2
5,11
QN=252 (11813)
a.
What is the best definition of personally identifiable information (PII)?
Data that is collected from servers and web browsers using cookies in order to track a
consumer.
Data that is collected from servers and websites for anonymous browsing
Data that is collected by businesses to track the digital behavior of consumers
Data that is collected by businesses to distinguish identities of individuals
D
0.2
1
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
Yes
Yes
MIX CHOICES:
Yes
QN=253 (11826)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which statement describes a feature of the IP protocol?
IP relies on upper layer services to handle situations of missing or out-of-order packets.
IP encapsulation is modified based on network media.
IP relies on Layer 2 protocols for transmission error control.
MAC addresses are used during the IP packet encapsulation.
A
0.2
5,6
QN=254 (11815)
A company pays a significant sum of money to hackers in order to regain control of an
email and data server. Which type of security attack was used by the hackers?
Trojan horse
ransomware
DoS
spyware
B
0.2
1,6
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=255 (11838)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
What are examples of DoS attacks?
ping of death and buffer overflow
Phishing and SQL injection
port scanning and phishing
SQL injection and port scanning
A
0.2
13
QN=256 (11851)
Which type of attack is carried out by threat actors against a network to determine
which IP addresses, protocols, and ports are allowed by ACLs?
reconnaissance
phishing
denial of service
social engineering
A
a.
b.
c.
d.
ANSWER:
Yes
MARK:
UNIT:
LO:
MIX CHOICES:
0.2
15
QN=257 (11825)
What type of route is created when a network administrator manually configures a
route that has an active exit interface?
static
directly connected
local
presentation layer
A
0.2
11
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
QN=258 (11820)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
In which programming language is Elasticsearch written?
Python
C
C++
Java
D
0.2
24
QN=259 (11845)
a.
b.
c.
d.
Which statement describes the policy-based intrusion detection approach?
It compares the operations of a host against well-defined security rules.
It compares the signatures of incoming traffic to a known intrusion database.
It compares the antimalware definitions to a central repository for the latest updates.
It compares the behaviors of a host to an established baseline to identify potential
intrusion.
A
0.2
22
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=260 (11832)
a.
b.
Yes
Yes
What is an advantage of HIPS that is not provided by IDS?
HIPS protects critical system resources and monitors operating system processes.
HIPS provides quick analysis of events through detailed logging.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
HIPS deploys sensors at network entry points and protects critical network segments.
HIPS monitors network processes and protects critical files.
A
0.2
12
QN=261 (11853)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Which statement describes statistical data in network security monitoring processes?
It is created through an analysis of other forms of network data.
It contains conversations between network hosts.
It lists each alert message along with statistical information.
It shows the results of network activities between network hosts.
A
0.2
11
QN=262 (11812)
a.
b.
c.
d.
What is a rogue wireless hotspot?
It is a hotspot that was set up with outdated devices
It is a hotspot that does not implement strong user authentication mechanisms
It is a hotspot that does not encrypt network user traffic
It is a hotspot that appears to be from a legitimate business but was actually set up by
someone without the permission from the business
D
0.2
1
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=263 (11841)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
Yes
Which attack involves threat actors positioning themselves between a source and
destination with the intent of transparently monitoring, capturing, and controlling the
communication?
man-in-the-middle attack
DoS attack
ICMP attack
SYN flood attack
A
0.2
14
Yes
QN=264 (11848)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=265 (11834)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=266 (11857)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=267 (11846)
a.
b.
c.
d.
ANSWER:
MARK:
What is the purpose for using digital signatures for code signing?
to verify the integrity of executable files downloaded from a vendor website
to generate a virtual ID
to establish an encrypted connection to exchange confidential data with a vendor
website
to authenticate the identity of the system with a vendor website
A
0.2
21
Yes
What technique is a security attack that depletes the pool of IP addresses available for
legitimate hosts?
DHCP starvation
DHCP snooping
DHCP spoofing
reconnaissance attack
A
0.2
7,8,17
Yes
Which technology would be used to create the server logs generated by network
devices and reviewed by an entry level network person who works the night shift at a
data center?
syslog
ACL
NAT
VPN
A
0.2
25
Yes
Which objective of secure communications is achieved by encrypting data?
confidentiality
authentication
availability
integrity
A
0.2
UNIT:
LO:
MIX CHOICES:
19
QN=268 (11814)
What was used as a cyberwarfare weapon to attack a uranium enrichment facility in
Iran?
SQL injection
PSYOPS
Stuxnet
DDoS
C
0.2
1
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=269 (11835)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
QN=270 (11839)
a.
b.
c.
d.
ANSWER:
MARK:
UNIT:
LO:
MIX CHOICES:
Yes
Yes
Which type of security threat would be responsible if a spreadsheet add-on disables
the local software firewall?
Trojan horse
DoS
buffer overflow
brute-force attack
A
0.2
14
Yes
Which devices should be secured to mitigate against MAC address spoofing attacks?
Layer 2 devices
Layer 3 devices
Layer 4 devices
Layer 7 devices
A
0.2
16
Yes
Related documents
Homework/Grading Policy - Horace W. Porter School
Homework/Grading Policy - Horace W. Porter School
Algebra 1 Quiz 2 retake
Algebra 1 Quiz 2 retake
Checkpoint 1 Retake 2 Practice Problems
Checkpoint 1 Retake 2 Practice Problems
Download
advertisement