web analytics

Which definition of a process in Windows is true?

Which definition of a process in Windows is true? A. running program B. unit of execution that must be manually scheduled by the application C. database that stores low-level settings

Which definition of permissions in Linux is true?

Which definition of permissions in Linux is true? A. rules that allow network traffic to go in and out B. table maintenance program C. written affidavit that you have to

Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture?

Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture? A. NTP B. HTTP C. DNS D. SSH Correct Answer: B

Which hashing algorithm is the least secure?

Which hashing algorithm is the least secure? A. MD5 B. RC4 C. SHA-3 D. SHA-2 Correct Answer: A

Which evasion method involves performing actions slower than normal to prevent detection?

Which evasion method involves performing actions slower than normal to prevent detection? A. traffic fragmentation B. tunneling C. timing attack D. resource exhaustion Correct Answer: C

Which option is an advantage to using network-based anti-virus versus host-based anti- virus?

Which option is an advantage to using network-based anti-virus versus host-based anti- virus? A. Network-based has the ability to protect unmanaged devices and unsupported operating systems. B. There are no

Which definition of vulnerability is true?

Which definition of vulnerability is true? A. an exploitable unpatched and unmitigated weakness in software B. an incompatible piece of software C. software that does not have the most current

Which definition of a daemon on Linux is true?

Which definition of a daemon on Linux is true? A. error check right after the call to fork a process B. new process created by duplicating the calling process C.

Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond what were assigned?

Which term describes the act of a user, without authority or permission, obtaining rights on a system, beyond what were assigned? A. authentication tunneling B. administrative abuse C. rights exploitation

Which data can be obtained using NetFlow?

Which data can be obtained using NetFlow? A. session data B. application logs C. network downtime D. report full packet capture Correct Answer: A

Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?

Which event occurs when a signature-based IDS encounters network traffic that triggers an alert? A. connection event B. endpoint event C. NetFlow event D. intrusion event Correct Answer: D

Which information is the term PHI used to describe?

In computer security, which information is the term PHI used to describe? A. private host information B. protected health information C. personal health information D. protected host information Correct Answer:

Which main purpose of this framework is true?

You must create a vulnerability management framework. Which main purpose of this framework is true? A. Conduct vulnerability scans on the network. B. Manage a list of reported vulnerabilities. C.

Which security principle states that more than one person is required to perform a critical task?

Which security principle states that more than one person is required to perform a critical task? A. due diligence B. separation of duties C. need to know D. least privilege

Which term represents a potential danger that could take advantage of a weakness in a system?

Which term represents a potential danger that could take advantage of a weakness in a system? A. vulnerability B. risk C. threat D. exploit Correct Answer: D

Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?

Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model? A. HTTP/TLS B. IPv4/IPv6 C. TCP/UDP D. ATM/ MPLS Correct Answer: B

Which concern is important when monitoring NTP servers for abnormal levels of traffic?

Which concern is important when monitoring NTP servers for abnormal levels of traffic? A. Being the cause of a distributed reflection denial of service attack. B. Users changing the time

Which identifier is used to describe the application or process that submitted a log message?

Which identifier is used to describe the application or process that submitted a log message? A. action B. selector C. priority D. facility Correct Answer: D

Which type of exploit normally requires the culprit to have prior access to the target system?

Which type of exploit normally requires the culprit to have prior access to the target system? A. local exploit B. denial of service C. system vulnerability D. remote exploit Correct

Which security monitoring data type requires the most storage space?

Which security monitoring data type requires the most storage space? A. full packet capture B. transaction data C. statistical data D. session data Correct Answer: A

Which two options are recognized forms of phishing?

Which two options are recognized forms of phishing? (Choose two ) A. spear B. whaling C. mailbomb D. hooking E. mailnet SHCorrect Answer: AB

Which two protocols are used for email (Choose two )

Which two protocols are used for email (Choose two ) A. NTP B. DNS C. HTTP D. IMAP E. SMTP Correct Answer: DE

Which layer?

A firewall requires deep packet inspection to evaluate which layer? A. application B. Internet C. link D. transport Correct Answer: A

While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header, Which option is making this behavior possible?

While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header, Which option is making this behavior possible?

Which evasion technique does this attempt indicate?

An intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources. Which evasion technique does this attempt indicate? A. traffic fragmentation B. resource exhaustion C. timing

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones?

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones? A. replay B. man-in-the-middle C. dictionary D. known-plaintext Correct Answer: B

Which definition of an antivirus program is true?

Which definition of an antivirus program is true? A. program used to detect and remove unwanted malicious software from the system B. program that provides real time analysis of security

Which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall, before it could be built fully?

In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall, before it could be built fully? A. ACK B. SYN ACK

Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to overwhelm their target?

Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to overwhelm their target? A. man in the middle B. denial of

Which two terms are types of cross site scripting attacks?

Which two terms are types of cross site scripting attacks? (Choose two ) A. directed B. encoded C. stored D. reflected E. cascaded Correct Answer: CD

Which two actions are valid uses of public key infrastructure?

Which two actions are valid uses of public key infrastructure? (Choose two ) A. ensuring the privacy of a certificate B. revoking the validation of a certificate C. validating the

Which definition of a fork in Linux is true?

Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets D.

Which two activities are examples of social engineering?

Which two activities are examples of social engineering? (Choose two) A. receiving call from the IT department asking you to verify your username/password to maintain the account B. receiving an

Which cryptographic key is contained in an X.509 certificate?

Which cryptographic key is contained in an X.509 certificate? A. symmetric B. public C. private D. asymmetric Correct Answer: B

Which statement does the discretionary access control security model grant or restrict access ?

Based on which statement does the discretionary access control security model grant or restrict access ? A. discretion of the system administrator B. security policy defined by the owner of

Which network device is used to separate broadcast domains?

Which network device is used to separate broadcast domains? A. router B. repeater C. switch D. bridge Correct Answer: A

Which tool is commonly used by threat actors on a webpage to take advantage of the softwarevulnerabilitiesof a system to spread malware?

Which tool is commonly used by threat actors on a webpage to take advantage of the softwarevulnerabilitiesof a system to spread malware? A. exploit kit B. root kit C. vulnerability

Which problem is a possible explanation of this situation?

A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same

Which hash algorithm is the weakest?

Which hash algorithm is the weakest? A. SHA-512 B. RSA 4096 C. SHA-1 D. SHA-256 Correct Answer: C

Where is a host-based intrusion detection system located? 08/09/2017 – by Mod_GuideK

Where is a host-based intrusion detection system located? A. on a particular end-point as an agent or a desktop application B. on a dedicated proxy server monitoring egress traffic C.

Which security monitoring data type is associated with application server logs?

Which security monitoring data type is associated with application server logs? A. alert data B. statistical data C. session data D. transaction data Correct Answer: D

Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?

Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.) A. Confirm the timing of network connections differentiated by the TCP 5-tuple B.

Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?

Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred? A. chain of evidence B. evidence chronology C. chain of custody D. record of safekeeping

Which term represents the practice of giving employees only those permissions necessary to perform their specific role within an organization?

Which term represents the practice of giving employees only those permissions necessary to perform their specific role within an organization? A. integrity validation B. due diligence C. need to know

What does CIA mean in this context?

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context? A. Confidentiality, Integrity, and Availability B. Confidentiality,

Which transport protocol is recommended for use with DNS queries?

According to RFC 1035 which transport protocol is recommended for use with DNS queries? A. Transmission Control Protocol B. Reliable Data Protocol C. Hypertext Transfer Protocol D. User Datagram Protocol

Which option is a purpose of port scanning?

Which option is a purpose of port scanning? A. Identify the Internet Protocol of the target system. B. Determine if the network is up or down C. Identify which ports

Which definition describes the main purpose of a Security Information and Event Management solution ?

Which definition describes the main purpose of a Security Information and Event Management solution ? A. a database that collects and categorizes indicators of compromise to evaluate and search for

Which attack method is it vulnerable?

If a web server accepts input from the user and passes it to a bash shell, to which attack method is it vulnerable? A. input validation B. hash collision C.

Which situation indicates application-level white listing?

Which situation indicates application-level white listing? A. Allow everything and deny specific executable files. B. Allow specific executable files and deny specific executable files. C. Writing current application attacks on