Question 1
Question
What is a potential risk when using a free and open wireless hotspot in a public location?
Answer
-
Too many users trying to connect to the Internet may cause a network traffic jam.
-
The Internet connection can become too slow when many users access the wireless hotspot.
-
Network traffic might be hijacked and information stolen.
-
Purchase of products from vendors might be required in exchange for the Internet access.
Question 2
Question
How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?
Answer
-
by integrating all security devices and appliances in an organization
-
by analyzing logging data in real time
-
by combining data from multiple technologies
-
by dynamically implementing firewall rules
Question 3
Question
Which statement best describes a motivation of hacktivists?
Answer
-
They are part of a protest group behind a political cause.
-
They are curious and learning hacking skills.
-
They are trying to show off their hacking skills.
-
They are interested in discovering new exploits.
Question 4
Question
If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would be considered within its goal?
Answer
-
Approximately 5 minutes per year.
-
Approximately 10 minutes per year.
-
Approximately 20 minutes per year.
-
Approximately 30 minutes per year.
Question 5
Question
Why do IoT devices pose a greater risk than other computing devices on a network?
Answer
-
Most IoT devices do not require an Internet connection and are unable to receive new updates.
-
IoT devices cannot function on an isolated network with only an Internet connection.
-
Most IoT devices do not receive frequent firmware updates.
-
IoT devices require unencrypted wireless connections.
Question 6
Question
Which two services are provided by security operations centers? (Choose two.)
Answer
-
managing comprehensive threat solutions
-
ensuring secure routing packet exchanges
-
responding to data center physical break-ins
-
monitoring network security threats
-
providing secure Internet connections
Question 7
Question
Users report that a database file on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
Answer
-
man-in-the-middle attack
-
DoS attack
-
Ransomware
-
Trojan horse
Question 8
Question
Which organization offers the vendor-neutral CySA+ certification?
Question 9
Question
What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?
Answer
-
DDoS
-
SQL injection
-
PSYOPS
-
Stuxnet
Question 10
Question
Which three technologies should be included in a SOC security information and event management system? (Choose three.)
Answer
-
firewall appliance
-
security monitoring
-
log management
-
intrusion prevention
-
proxy service
-
threat intelligence
Question 11
Question
Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?
Answer
-
SOC Manager
-
Tier 2 personnel
-
Tier 3 personnel
-
Tier 1 personnel
Question 12
Question
Which statement describes cyberwarfare?
Answer
-
Cyberwarfare is an attack carried out by a group of script kiddies.
-
It is a series of personal protective equipment developed for soldiers involved in nuclear war.
-
It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario.
-
It is Internet-based conflict that involves the penetration of information systems of other nations.
Question 13
Question
In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?
Question 14
Question
What name is given to an amateur hacker?
Answer
-
red hat
-
script kiddie
-
black hat
-
blue team
Question 15
Question
Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?
Answer
-
Tier 1 Analyst
-
SOC Manager
-
Tier 2 Incident Reporter
-
Tier 3 SME
Question 16
Question
What utility is available on a Windows PC to view current running applications and processes?
Answer
-
nslookup
-
ipconfig
-
Control Panel
-
Task Manager
Question 17
Question
A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?
Answer
-
Right-click the application and choose Run as root.
-
Right-click the application and choose Run as Priviledge.
-
Right-click the application and choose Run as Administrator.
-
Right-click the application and choose Run as Superuser.
Question 18
Question
A technician can ping the IP address of the web server of a remote company but cannot successfully ping the URL address of the same web server. Which software utility can the technician use to diagnose the problem?
Answer
-
nslookup
-
tracert
-
netstat
-
ipconfig
Question 19
Question
Where are the settings that are chosen during the installation process stored?
Question 20
Question
What technology was created to replace the BIOS program on modern personal computer motherboards?
Question 21
Question
Which two things can be determined by using the ping command? (Choose two.)
Answer
-
the number of routers between the source and destination device
-
the destination device is reachable through the network
-
the average time it takes each router in the path between source and destination to respond
-
the IP address of the router nearest the destination device
-
the average time it takes a packet to reach the destination and for the response to return to the source
Question 22
Question
What function is provided by the Windows Task Manager?
Answer
-
It provides an active list of TCP connections.
-
It maintains system logs.
-
It selectively denies traffic on specified interfaces.
-
It provides information on system resources and processes.
Question 23
Question
Which type of Windows PowerShell command performs an action and returns an output or object to the next command that will be executed?
Answer
-
scripts
-
functions
-
cmdlets
-
routines
Question 24
Question
What would be displayed if the netstat -abno command was entered on a Windows PC?
Answer
-
all active TCP and UDP connections, their current state, and their associated process ID (PID)
-
only active TCP connections in an ESTABLISHED state
-
only active UDP connections in an LISTENING state
-
a local routing table
Question 25
Question
Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.)
Answer
-
ipconfig /flushdns
-
net cisco.com
-
nslookup cisco.com
-
ping cisco.com
-
nbtstat cisco.com
Question 26
Question
Refer to the exhibit. A cyber security administrator is attempting to view system information from the Windows PowerShell and recieves the error message shown. “The requested operation requires elevation.”
What action does the administrator need to take to successfully run the command?
Answer
-
Run the command from the command prompt.
-
Install latest Windows updates.
-
Restart the abno service in Task Manager.
-
Run PowerShell as administrator.
Question 27
Question
Refer to the exhibit. A cybersecurity analyst is investigating a reported security incident on a Microsoft Windows computer. Which tool is the analyst using?
Answer
-
Event Viewer
-
PowerShell
-
Task Manager
-
Performance Monitor
Question 28
Question
For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?
Answer
-
firewall settings
-
MAC address settings
-
smartcard settings
-
file system settings
Question 29
Question
Consider the path representation in Windows CLI C:\Users\Jason\Desktop\mydocu.txt. What does the Users\Jason component represent?
Question 30
Question
Which two user accounts are automatically created when a user installs Windows to a new computer? (Choose two.)
Answer
-
superuser
-
guest
-
root
-
administrator
-
system
Question 31
Question
What term is used to describe a logical drive that can be formatted to store data?
Answer
-
partition
-
track
-
sector
-
cluster
-
volume
Question 32
Question
What is the purpose of entering the netsh command on a Windows PC?
Answer
-
to create user accounts
-
to test the hardware devices on the PC
-
to change the computer name for the PC
-
to configure networking parameters for the PC
Question 33
Question
A technician is troubleshooting a PC unable to connect to the network. What command should be issued to check the IP address of the device?
Answer
-
ipconfig
-
ping
-
tracert
-
nslookup
Question 34
Question
Refer to the exhibit. Which Microsoft Windows application is being used?
Answer
-
Event Viewer
-
PowerShell
-
Task Manager
-
Performance Monitor
Question 35
Question
What are two reasons for entering the ipconfig command on a Windows PC? (Choose two.)
Answer
-
to review the network configuration on the PC
-
to check if the DNS server can be contacted
-
to ensure that the PC can connect to remote networks
-
to review the status of network media connections
-
to display the bandwidth and throughput of the network connection
Question 36
Question
What are two advantages of the NTFS file system compared with FAT32? (Choose two.)
Answer
-
NTFS allows the automatic detection of bad sectors.
-
NTFS is easier to configure.
-
NTFS allows faster formatting of drives.
-
NTFS provides more security features.
-
NTFS supports larger files.
-
NTFS allows faster access to external peripherals such as a USB drive.
Question 37
Question
What is the purpose of using the net accounts command in Windows?
Answer
-
to start a network service
-
to display information about shared network resources
-
to show a list of computers and network devices on the network
-
to review the settings of password and logon requirements for users
Question 38
Question
What are two reasons for entering the ping 127.0.0.1 command on a Windows PC? (Choose two.)
Answer
-
to check if the NIC functions as expected
-
to check if the default gateway is configured correctly
-
to display the bandwidth and throughput of the network connection
-
to check if the TCP/IP protocol suite is installed properly
-
to ensure that the PC can connect to remote networks
Question 39
Question
Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
Answer
-
It is easier to use than other operating systems.
-
It is more secure than other server operating systems.
-
The administrator has more control over the operating system.
-
More network applications are created for this environment
Question 40
Question
Which Linux command can be used to display the name of the current working directory?
Question 41
Question
Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file?
ls –l analyst.txt
-rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
Answer
-
write only
-
read, write, execute
-
read, write
-
read only
Question 42
Question
A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?
Answer
-
file viewer
-
package management tool
-
terminal emulator
-
system viewer
Question 43
Question
The image displays a laptop that is acting as the SSH client that is communicating with an SSH server.
Refer to the exhibit. Which well-known port number is used by the server?
Question 44
Question
How is a server different from a workstation computer?
Answer
-
The server works as a standalone computer.
-
The server is designed to provide services to clients.
-
The workstation has fewer applications installed.
-
The workstation has more users who attach to it.
Question 45
Question
Which two methods can be used to harden a computing device? (Choose two.)
Answer
-
Allow default services to remain enabled.
-
Update patches on a strict annual basis irrespective of release date.
-
Enforce the password history mechanism.
-
Ensure physical security.
-
Allow USB auto-detection.
Question 46
Question
What is the main purpose of the X Window System?
Answer
-
to provide a customizable CLI environment
-
to provide a basic framework for a GUI
-
to provide remote access to a Linux-based system
-
to provide a basic set of penetration testing tools
Question 47
Question
Which Linux command is used to manage processes?
Question 48
Question
Why is Linux considered to be better protected against malware than other operating systems?
Answer
-
fewer deployments
-
integrated firewall
-
customizable penetration and protection tools
-
file system structure, file permissions, and user account restrictions
Question 49
Question
Which two Linux commands might be used before using the kill command? (Choose two.)
Question 50
Question
What term is used for operating system updates?
Answer
-
patches
-
new releases
-
penetration testing
-
packages
Question 51
Question
What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed?
Answer
-
penetration testing
-
package manager
-
rootkit
-
compiler
Question 52
Question
What is the well-known port address number used by DNS to serve requests?
Question 53
Question
Which file system is the primary file system used by Apple in current Macintosh computers? (спорный вопрос = оба варианта ответа подходят, но в книге указан лишь HFS+).
Question 54
Question
Which type of tool allows administrators to observe and understand every detail of a network transaction?
Answer
-
malware analysis tool
-
packet capture software
-
ticketing system
-
log manager
Question 55
Question
Which command can be utilized to view log entries of NGINX system events in real time?
Answer
-
sudo journalctl –u nginx.service -f
-
sudo journalctl –f
-
sudo journalctl –until "1 hour ago"
-
sudo journalctl –u nginx.services
Question 56
Question
What is the purpose of a Linux package manager?
Answer
-
It provides access to settings and the shutdown function.
-
It is used to compile code that creates an application.
-
It is used to install an application.
-
It provides a short list of tasks a particular application can perform.
Question 57
Question
Which user can override file permissions on a Linux computer?
Answer
-
only the creator of the file
-
any user that has 'group' permission to the file
-
any user that has 'other' permission to the file
-
root user
Question 58
Question
Which Linux file system introduced the journaled file system, which can be used to minimize the risk of file system corruption in the event of a sudden power loss?
Question 59
Question
What is the method employed by a Linux kernel to create new processes for multitasking of a process?
Question 60
Question
What is a purpose of apt-get commands?
Answer
-
to configure an appointment for a specific date and time
-
to configure and manage task (to-do) lists
-
to update the operating system
-
to apportion and configure a part of the hard disk for file storage
Question 61
Question
How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?
Answer
-
A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.
-
A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.
-
A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.
-
A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.
Question 62
Question
A high school in New York (school A) is using videoconferencing technology to establish student interactions with another high school (school B) in Russia. The videoconferencing is conducted between two end devices through the Internet. The network administrator of school A configures the end device with the IP address 209.165.201.10. The administrator sends a request for the IP address for the end device in school B and the response is 192.168.25.10. Neither school is using a VPN. The administrator knows immediately that this IP will not work. Why?
Answer
-
This is a link-local address.
-
This is a loopback address.
-
There is an IP address conflict.
-
This is a private IP address.
Question 63
Question
What is a socket?
Answer
-
the combination of the source and destination sequence numbers and port numbers
-
the combination of a source IP address and port number or a destination IP address and port number
-
the combination of the source and destination sequence and acknowledgment numbers
-
the combination of the source and destination IP address and source and destination Ethernet address
Question 64
Question
What part of the URL, http://www.cisco.com/index.html, represents the top-level DNS domain?
Question 65
Question
Refer to the exhibit. A cybersecurity analyst is viewing captured ICMP echo request packets sent from host A to host B on switch S2. What is the source MAC address of Ethernet frames carrying the ICMP echo request packets?
Answer
-
08-CB-8A-5C-D5-BA
-
00-D0-D3-BE-79-26
-
00-60-0F-B1-D1-11
-
01-90-C0-E4-55-BB
Question 66
Question
Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address 50:6a:03:96:71:22?
Answer
-
PC-A
-
router DG
-
DSN server
-
router ISP
-
web server
Question 67
Question
Which term is used to describe the process of placing one message format inside another message format?
Answer
-
encoding
-
multiplexing
-
encapsulation
-
segmentation
Question 68
Question
Which PDU format is used when bits are received from the network medium by the NIC of a host?
Answer
-
frame
-
file
-
packet
-
segment
Question 69
Question
What are two features of ARP? (Choose two.)
Answer
-
An ARP request is sent to all devices on the Ethernet LAN and contains the IP address of the destination host and its multicast MAC address.
-
If no device responds to the ARP request, then the originating node will broadcast the data packet to all devices on the network segment.
-
When a host is encapsulating a packet into a frame, it refers to the MAC address table to determine the mapping of IP addresses to MAC addresses.
-
If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast.
-
If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply.
Question 70
Question
In NAT translation for internal hosts, what address would be used by external users to reach internal hosts?
Answer
-
outside global
-
outside local
-
inside local
-
inside global
Question 71
Question
Refer to the exhibit. PC1 issues an ARP request because it needs to send a packet to PC2. In this scenario, what will happen next?
Answer
-
SW1 will send an ARP reply with the PC2 MAC address.
-
PC2 will send an ARP reply with its MAC address.
-
RT1 will send an ARP reply with its Fa0/0 MAC address.
-
RT1 will send an ARP reply with the PC2 MAC address.
-
SW1 will send an ARP reply with its Fa0/1 MAC address.
Question 72
Question
Which two characteristics are associated with UDP sessions? (Choose two.)
Answer
-
Unacknowledged data packets are retransmitted.
-
Destination devices receive traffic with minimal delay.
-
Destination devices reassemble messages and pass them to an application.
-
Transmitted data segments are tracked.
-
Received data is unacknowledged.
Question 73
Question
Refer to the exhibit. What is the global IPv6 address of the host in uncompressed format?
Answer
-
2001:0DB8:0000:0000:0BAF:0000:3F57:FE94
-
2001:0DB8:0000:0BAF:0000:0000:3F57:FE94
-
2001:DB80:0000:0000:BAF0:0000:3F57:FE94
-
2001:0DB8:0000:0000:0000:0BAF:3F57:FE94
Question 74
Question
What is the purpose of the routing process?
Answer
-
to provide secure Internet file transfer
-
to convert a URL name into an IP address
-
to forward traffic on the basis of MAC addresses
-
to encapsulate data that is used to communicate across a network
-
to select the paths that are used to direct traffic to destination networks
Question 75
Question
Which application layer protocol uses message types such as GET, PUT, and POST?
Question 76
Question
Which transport layer feature is used to guarantee session establishment?
Answer
-
UDP sequence number
-
TCP 3-way handshake
-
TCP port number
-
UDP ACK flag
Question 77
Question
What is the prefix length notation for the subnet mask 255.255.255.224?
Question 78
Question
What are two potential network problems that can result from ARP operation? (Choose two.)
Answer
-
Multiple ARP replies result in the switch MAC address table containing entries that match the MAC addresses of hosts that are connected to the relevant switch port.
-
Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent of intercepting network traffic.
-
On large networks with low bandwidth, multiple ARP broadcasts could cause data communication delays.
-
Manually configuring static ARP associations could facilitate ARP poisoning or MAC address spoofing.
-
Large numbers of ARP request broadcasts could cause the host MAC address table to overflow and prevent the host from communicating on the network.
Question 79
Question
Which TCP mechanism is used to identify missing segments?
Answer
-
sequence numbers
-
FCS
-
acknowledgments
-
window size
Question 80
Question
What is the purpose of ICMP messages?
Answer
-
to provide feedback of IP packet transmissions
-
to monitor the process of a domain name to IP address resolution
-
to inform routers about network topology changes
-
to ensure the delivery of an IP packet
Question 81
Question
What happens if part of an FTP message is not delivered to the destination?
Answer
-
The message is lost because FTP does not use a reliable delivery method.
-
The part of the FTP message that was lost is re-sent.
-
The FTP source host sends a query to the destination host.
-
The entire FTP message is re-sent.
Question 82
Question
What is the primary purpose of NAT?
Answer
-
conserve IPv4 addresses
-
allow peer-to-peer file sharing
-
enhance network performance
-
increase network security
Question 83
Question
Why does a Layer 3 device perform the ANDing process on a destination IP address and subnet mask?
Answer
-
to identify the network address of the destination network
-
to identify the host address of the destination host
-
to identify the broadcast address of the destination network
-
to identify faulty frames
Question 84
Question
Refer to the exhibit. Using the network in the exhibit, what would be the default gateway address for host A in the 192.133.219.0 network?
Answer
-
192.135.250.1
-
192.133.219.0
-
192.133.219.1
-
192.31.7.1
Question 85
Question
Which three IP addresses are private ? (Choose three.)
Answer
-
192.167.10.10
-
10.1.1.1
-
192.168.5.5
-
172.16.4.4
-
172.32.5.2
-
224.6.6.6
Question 86
Question
What are two types of addresses found on network end devices? (Choose two.)
Question 87
Question
Which OSI layer header is rewritten with new addressing information by a router when forwarding between LAN segments?
Answer
-
Layer 2
-
Layer 3
-
Layer 4
-
Layer 7
Question 88
Question
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
Question 89
Question
What are two uses of an access control list? (Choose two.)
Answer
-
ACLs can control which areas a host can access on a network.
-
ACLs provide a basic level of security for network access.
-
Standard ACLs can restrict access to specific applications and ports.
-
ACLs can permit or deny traffic based upon the MAC address originating on the router.
-
ACLs assist the router in determining the best path to a destination.
Question 90
Question
Which protocol or service is used to automatically synchronize the software clocks on Cisco routers?
Question 91
Question
Which wireless parameter is used by an access point to broadcast frames that include the SSID?
Answer
-
passive mode
-
security mode
-
channel setting
-
active mode
Question 92
Question
A Cisco router is running IOS 15. What are the two routing table entry types that will be added when a network administrator brings an interface up and assigns an IP address to the interface? (Choose two.)
Answer
-
route that is learned via OSPF
-
route that is learned via EIGRP
-
route that is manually entered by a network administrator
-
directly connected interface
-
local route interface
Question 93
Question
Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"?
Question 94
Question
What is the role of an IPS?
Answer
-
to detect patterns of malicious traffic by the use of signature files
-
to filter traffic based on defined rules and connection context
-
to filter traffic based on Layer 7 information
-
to enforce access control policies based on packet content
Question 95
Question
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
Question 96
Question
What does the TACACS+ protocol provide in a AAA deployment?
Answer
-
AAA connectivity via UDP
-
compatibility with previous TACACS protocols
-
authorization on a per-user or per-group basis
-
password encryption without encrypting the packet
Question 97
Question
Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured?
Question 98
Question
What information within a data packet does a router use to make forwarding decisions?
Answer
-
the destination service requested
-
the destination IP address
-
the destination host name
-
the destination MAC address
Question 99
Question
Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?
Question 100
Question
Which two statements are true about NTP servers in an enterprise network? (Choose two.)
Answer
-
NTP servers at stratum 1 are directly connected to an authoritative time source.
-
NTP servers ensure an accurate time stamp on logging and debugging information.
-
There can only be one NTP server on an enterprise network.
-
All NTP servers synchronize directly to a stratum 1 time source.
-
NTP servers control the mean time between failures (MTBF) for key network devices.
Question 101
Question
What is true concerning physical and logical topologies?
Answer
-
Physical topologies display the IP addressing scheme of each network.
-
Logical topologies refer to how a network transfers data between devices.
-
The logical topology is always the same as the physical topology.
-
Physical topologies are concerned with how a network transfers frames.
Question 102
Question
Which layer of the hierarchical design model is a control boundary between the other layers?
Answer
-
access
-
network
-
distribution
-
core
Question 103
Question
Which protocol or service allows network administrators to receive system messages that are provided by network devices?
Question 104
Question
What is a function of a proxy firewall?
Answer
-
uses signatures to detect patterns in network traffic
-
drops or forwards traffic based on packet header information
-
connects to remote servers on behalf of clients
-
filters IP traffic between bridged interfaces
Question 105
Question
What is the function of the distribution layer of the three-layer network design model?
Answer
-
aggregating access layer connections
-
providing high speed connection to the network edge
-
providing secure access to the Internet
-
providing direct access to the network
Question 106
Question
Which LAN topology requires a central intermediate device to connect end devices?
Question 107
Question
Which device can control and manage a large number of corporate APs?
Question 108
Question
For which discovery mode will an AP generate the most traffic on a WLAN?
Answer
-
active mode
-
mixed mode
-
passive mode
-
open mode
Question 109
Question
What is a feature of the TACACS+ protocol?
Answer
-
It utilizes UDP to provide more efficient packet transfer.
-
It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
-
It encrypts the entire body of the packet for more secure communications.
-
It combines authentication and authorization as one process.
Question 110
Question
What is the only attribute used by standard access control lists to identify traffic?
Answer
-
source MAC address
-
protocol type
-
source IP address
-
source TCP port
Question 111
Question
What type of malware has the primary objective of spreading across the network?
Answer
-
virus
-
worm
-
Trojan horse
-
botnet
Question 112
Question
Why would a rootkit be used by a hacker?
Answer
-
to gain access to a device without being detected
-
to do reconnaissance
-
to reverse engineer binary files
-
to try to guess a password
Question 113
Question
Which type of hacker is motivated to protest against political and social issues?
Answer
-
cybercriminal
-
script kiddie
-
vulnerability broker
-
hacktivist
Question 114
Question
What is a characteristic of a Trojan horse as it relates to network security?
Answer
-
Extreme quantities of data are sent to a particular network device interface.
-
An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
-
Too much information is destined for a particular memory block, causing additional memory areas to be affected.
-
Malware is contained in a seemingly legitimate executable program.
Question 115
Question
What is a botnet?
Answer
-
a group of web servers that provide load balancing and fault tolerance
-
an online video game intended for multiple players
-
a network that allows users to bring their own technology
-
a network of infected computers that are controlled as a group
Question 116
Question
Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?
Answer
-
DoS
-
FTP
-
data-sending
-
proxy
Question 117
Question
What is the primary goal of a DoS attack?
Answer
-
to prevent the target server from being able to handle additional requests
-
to scan the data on the target server
-
to facilitate access to external networks
-
to obtain all addresses in the address book within the server
Question 118
Question
What is a main purpose of launching an access attack on network systems?
Answer
-
to prevent other users from accessing the system
-
to scan for accessible networks
-
to gather information about the network
-
to retrieve data
Question 119
Question
What causes a buffer overflow?
Answer
-
launching a security countermeasure to mitigate a Trojan horse
-
attempting to write more data to a memory location than that location can hold
-
sending repeated connections such as Telnet to a particular device, thus denying other data sources
-
sending too much information to two or more interfaces of the same device, thereby causing dropped packets
-
downloading and installing too many software updates at one time
Question 120
Question
A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?
Answer
-
DoS
-
spyware
-
Trojan horse
-
ransomware
Question 121
Question
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
Answer
-
spam
-
spyware
-
vishing
-
target phishing
-
spear phishing
Question 122
Question
Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?
Answer
-
packet sniffer attack
-
denial of service attack
-
buffer overflow attack
-
brute-force attack
-
port redirection attack
-
IP spoofing attack
Question 123
Question
In what way are zombies used in security attacks?
Answer
-
They are infected machines that carry out a DDoS attack.
-
They are maliciously formed code segments used to replace legitimate applications.
-
They target specific individuals to gain corporate or personal information.
-
They probe a group of machines for open ports to learn which services are running
Question 124
Question
What are two evasion methods used by hackers? (Choose two.)
Answer
-
scanning
-
encryption
-
access attack
-
phishing
-
resource exhaustion
Question 125
Question
What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
Answer
-
to retrieve and modify data
-
to scan for accessibility
-
to escalate access privileges
-
to prevent other users from accessing the system
-
to gather information about the network and devices
Question 126
Question
What are three techniques used in social engineering attacks? (Choose three.)
Answer
-
vishing
-
phishing
-
pretexting
-
buffer overflow
-
man-in-the-middle
-
sending junk email
Question 127
Question
An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?
Answer
-
port redirection
-
trust exploitation
-
buffer overflow
-
man in the middle
Question 128
Question
A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors? (Choose two.)
Answer
-
The computer emits a hissing sound every time the pencil sharpener is used.
-
The computer freezes and requires reboots.
-
No sound emits when an audio CD is played.
-
The computer gets increasingly slower to respond.
-
The computer beeps once during the boot process.
Question 129
Question
Which type of security attack would attempt a buffer overflow?
Answer
-
ransomware
-
reconnaissance
-
DoS
-
scareware
Question 130
Question
What is a significant characteristic of virus malware?
Answer
-
Virus malware is only distributed over the Internet.
-
Once installed on a host system, a virus will automatically propagate itself to other systems.
-
A virus is triggered by an event on the host system.
-
A virus can execute independently of the host system
Question 131
Question
A senior citizen receives a warning on the computer that states that the operating system registry is corrupt and to click a particular link to repair it. Which type of malware is being used to try to create the perception of a computer threat to the user?
Answer
-
DoS
-
scareware
-
phishing
-
adware
Question 132
Question
What is the motivation of a white hat attacker?
Answer
-
fine tuning network devices to improve their performance and efficiency
-
taking advantage of any vulnerability for illegal personal gain
-
studying operating systems of various platforms to develop a new system
-
discovering weaknesses of networks and systems to improve the security level of these systems
Question 133
Question
What is a ping sweep?
Answer
-
a network scanning technique that indicates the live hosts in a range of IP addresses.
-
a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain.
-
a software application that enables the capture of all network packets that are sent across a LAN.
-
a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services
Question 134
Question
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
Answer
-
Trojan
-
vishing
-
phishing
-
backdoor
Question 135
Question
What are the three major components of a worm attack? (Choose three.)
Question 136
Question
Which security threat installs on a computer without the knowledge of the user and then monitors computer activity?
Answer
-
spyware
-
viruses
-
worms
-
adware
Question 137
Question
What are two monitoring tools that capture network traffic and forward it to network monitoring devices? (Choose two.)
Answer
-
SPAN
-
network tap
-
SNMP
-
SIEM
-
Wireshark
Question 138
Question
Which technology is an open source SIEM system?
Answer
-
Wireshark
-
StealWatch
-
Splunk
-
ELK
Question 139
Question
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?
Answer
-
IP address spoofing
-
DHCP starvation
-
CAM table attack
-
DHCP spoofing
Question 140
Question
Which protocol would be the target of a cushioning attack?
Question 141
Question
Which network monitoring capability is provided by using SPAN?
Answer
-
Network analysts are able to access network device log files and to monitor network behavior.
-
Statistics on packets flowing through Cisco routers and multilayer switches can be captured.
-
Traffic exiting and entering a switch is copied to a network monitoring device.
-
Real-time reporting and long-term analysis of security events are enabled.
Question 142
Question
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
Question 143
Question
Refer to the exhibit. What protocol would be used by the syslog server service to create this type of output for security purposes?
Question 144
Question
What is the result of a passive ARP poisoning attack?
Answer
-
Confidential information is stolen.
-
Network clients experience a denial of service.
-
Data is modified in transit or malicious data is inserted in transit.
-
Multiple subdomains are created.
Question 145
Question
Which term is used for bulk advertising emails flooded to as many end users as possible?
Answer
-
spam
-
adware
-
brute force
-
phishing
Question 146
Question
Which capability is provided by the aggregation function in SIEM?
Answer
-
reducing the volume of event data by consolidating duplicate event records
-
searching logs and event records of multiple sources for more complete forensic analysis
-
presenting correlated and aggregated event data in real-time monitoring
-
increasing speed of detection and reaction to security threats by examining logs from many systems and applications
Question 147
Question
Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?
Answer
-
HTTP or HTTPS
-
ICMP
-
DNS
-
DHCP
Question 148
Question
Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device?
Answer
-
SPAN
-
Wireshark
-
NetFlow
-
SIEM
Question 149
Question
What are two methods used by cybercriminals to mask DNS attacks? (Choose two.)
Question 150
Question
Which protocol is exploited by cybercriminals who create malicious iFrames?
Question 151
Question
Which SIEM function is associated with speeding up detection of security threats by examining logs and events from different systems?
Answer
-
forensic analysis
-
retention
-
correlation
-
aggregation
Question 152
Question
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
Answer
-
reset attack
-
session hijacking attack
-
port scan attack
-
SYN flood attack
Question 153
Question
In which type of attack is falsified information used to redirect users to malicious Internet sites?
Question 154
Question
Refer to the exhibit. A junior network administrator is inspecting the traffic flow of a particular server in order to make security recommendations to the departmental supervisor. Which recommendation should be made?
Answer
-
A more secure protocol should be used.
-
The total length (TL) field indicates an unsecure Layer 4 protocol is being used.
-
The person accessing the server should never access it from a device using a private IP address.
-
The person accessing the server should use the private IP address of the server.
Question 155
Question
Which network monitoring tool saves captured packets in a PCAP file?
Answer
-
Wireshark
-
SIEM
-
SNMP
-
NetFlow
Question 156
Question
Which cyber attack involves a coordinated attack from a botnet of zombie computers?
Answer
-
ICMP redirect
-
MITM
-
DDoS
-
address spoofing
Question 157
Question
How is optional network layer information carried by IPv6 packets?
Answer
-
inside an options field that is part of the IPv6 packet header
-
inside the Flow Label field
-
inside the payload carried by the IPv6 packet
-
inside an extension header attached to the main IPv6 packet header
Question 158
Question
What type of attack targets an SQL database using the input field of a user?
Answer
-
Cross-site scripting
-
SQL injection
-
buffer overflow
-
XML injection
Question 159
Question
What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?
Answer
-
port mirroring
-
NetFlow
-
SNMP
-
network tap
Question 160
Question
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
Answer
-
availability
-
confidentiality
-
integrity
-
scalability
Question 161
Question
What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
Question 162
Question
What is the principle of least privilege access control model?
Answer
-
User access to data is based on object attributes.
-
Users are granted rights on an as-needed approach.
-
Users are granted the strictest access control possible to data.
-
Users control access to data they own.
Question 163
Question
Which statement describes a difference between RADIUS and TACACS+?
Answer
-
RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not.
-
RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
-
RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.
-
RADIUS uses TCP whereas TACACS+ uses UDP.
Question 164
Question
What is the purpose of mobile device management (MDM) software?
Answer
-
It is used to create a security policy.
-
It is used to implement security policies, setting, and software configurations on mobile devices.
-
It is used by threat actors to penetrate the system.
-
It is used to identify potential mobile device vulnerabilities.
Question 165
Question
What service determines which resources a user can access along with the operations that a user can perform?
Answer
-
authentication
-
biometric
-
authorization
-
accounting
-
token
Question 166
Question
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?
Answer
-
automation
-
accounting
-
authentication
-
authorization
Question 167
Question
In threat intelligence communications, what set of specifications is for exchanging cyberthreat information between organizations?
Answer
-
Trusted automated exchange of indicator information (TAXII)
-
Structured threat information expression (STIX)
-
Automated indicator sharing (AIS)
-
Common vulnerabilities and exposures (CVE)
Question 168
Question
What three items are components of the CIA triad? (Choose three.)
Answer
-
integrity
-
availability
-
confidentiality
-
access
-
scalability
-
intervention
Question 169
Question
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
Answer
-
integrity
-
scalability
-
availability
-
confidentiality
Question 170
Question
Which AAA component can be established using token cards?
Answer
-
authorization
-
authentication
-
auditing
-
accounting
Question 171
Question
Which method is used to make data unreadable to unauthorized users?
Question 172
Question
Which two areas must an IT security person understand in order to identify vulnerabilities on a network? (Choose two.)
Answer
-
number of systems on each network
-
network baseline data
-
data analysis trends
-
hardware used by applications
-
important applications used
Question 173
Question
Which three services are provided by the AAA framework? (Choose three.)
Answer
-
autoconfiguration
-
automation
-
authorization
-
authentication
-
autobalancing
-
accounting
Question 174
Question
How does BYOD change the way in which businesses implement networks?
Answer
-
BYOD provides flexibility in where and how users can access network resources.
-
BYOD requires organizations to purchase laptops rather than desktops.
-
BYOD users are responsible for their own network security, thus reducing the need for organizational security policies.
-
BYOD devices are more expensive than devices that are purchased by an organization.
Question 175
Question
Which technology provides the framework to enable scalable access security?
Answer
-
AutoSecure
-
role-based CLI access
-
authentication, authorization, and accounting
-
Simple Network Management Protocol
-
Cisco Configuration Professional communities
Question 176
Question
Which device is usually the first line of defense in a layered defense-in-depth approach?
Answer
-
access layer switch
-
internal router
-
edge router
-
firewall
Question 177
Question
In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.)
Answer
-
assets that need protection
-
location of attacker or attackers
-
total number of devices that attach to the wired and wireless network
-
threats to assets
-
vulnerabilities in the system
-
past security breaches
Question 178
Question
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
Question 179
Question
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?
Answer
-
mandatory access control (MAC)
-
discretionary access control (DAC)
-
attribute-based access control (ABAC)
-
Non-discretionary access control
Question 180
Question
Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN?
Question 181
Question
A security specialist is tasked to ensure that files transmitted between the headquarters office and the branch office are not altered during transmission. Which two algorithms can be used to achieve this task? (Choose two.)
Question 182
Question
In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?
Answer
-
HTTPS traffic can carry a much larger data payload than HTTP can carry.
-
HTTPS traffic is much faster than HTTP traffic.
-
HTTPS traffic does not require authentication.
-
HTTPS traffic enables end-to-end encryption.
Question 183
Question
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
Answer
-
hashing algorithms
-
digital signatures
-
symmetric keys
-
PKI certificates
Question 184
Question
Which three algorithms are designed to generate and verify digital signatures? (Choose three.)
Answer
-
IKE
-
DSA
-
RSA
-
ECDSA
-
AES
-
3DES
Question 185
Question
What are two properties of a cryptographic hash function? (Choose two.)
Answer
-
Complex inputs will produce complex hashes.
-
Hash functions can be duplicated for authentication purposes.
-
The hash function is one way and irreversible.
-
The input for a particular hash algorithm has to have a fixed size.
-
The output is a fixed length.
Question 186
Question
Which statement is a feature of HMAC?
Answer
-
HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
-
HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
-
HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
-
HMAC is based on the RSA hash function.
Question 187
Question
Which two statements describe the characteristics of symmetric algorithms? (Choose two.)
Answer
-
They are commonly used with VPN traffic.
-
They use a pair of a public key and a private key.
-
They are commonly implemented in the SSL and SSH protocols.
-
They provide confidentiality, integrity, and availability.
-
They are referred to as a pre-shared key or secret key.
Question 188
Question
Which encryption algorithm is an asymmetric algorithm?
Question 189
Question
Which statement describes the use of certificate classes in the PKI?
Answer
-
Email security is provided by the vendor, not by a certificate.
-
A vendor must issue only one class of certificates when acting as a CA.
-
A class 5 certificate is more trustworthy than a class 4 certificate.
-
The lower the class number, the more trusted the certificate.
Question 190
Question
What is the focus of cryptanalysis?
Question 191
Question
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
Answer
-
The users must obtain the certificate of the CA and then their own certificate.
-
The CA is always required, even after user verification is complete.
-
CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network.
-
After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.
Question 192
Question
When implementing keys for authentication, if an old key length with 4 bits is increased to 8 bits, which statement describes the new key space?
Answer
-
The key space is increased by 3 times.
-
The key space is increased by 8 times.
-
The key space is increased by 15 times.
-
The key space is increased by 16 times.
Question 193
Question
What is the service framework that is needed to support large-scale public key-based technologies?
Question 194
Question
What are the two important components of a public key infrastructure (PKI) used in network security? (Choose two.)
Answer
-
symmetric encryption algorithms
-
certificate authority
-
intrusion prevention system
-
digital certificates
-
pre-shared key generation
Question 195
Question
A company is developing a security policy to ensure that OSPF routing updates are authenticated with a key. What can be used to achieve the task?
Question 196
Question
An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service?
Answer
-
the private key of the retailer
-
the digital signatures
-
the unique shared secret known only by the retailer and the customer
-
the public key of the retailer
Question 197
Question
Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
Answer
-
It uses a 112-bit encryption key.
-
It requires more CPU resources than software-based AES does.
-
It is an example of an asymmetric algorithm.
-
SEAL is a stream cipher.
Question 198
Question
What role does an RA play in PKI?
Answer
-
a super CA
-
a subordinate CA
-
a backup root CA
-
a root CA
Question 199
Question
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?
Answer
-
encryption
-
asymmetric key algorithm
-
digital signature
-
hash algorithm
Question 200
Question
Which three services are provided through digital signatures? (Choose three.)
Answer
-
accounting
-
authenticity
-
compression
-
nonrepudiation
-
integrity
-
encryption