New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

ECCouncil 312-38 Certified Network Defender (CND) Exam Practice Test

Page: 1 / 36
Total 362 questions

Certified Network Defender (CND) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. Which step should Malone list as the last step in the incident response methodology?

Options:

A.

Malone should list a follow-up as the last step in the methodology

B.

Recovery would be the correct choice for the last step in the incident response methodology

C.

He should assign eradication to the last step.

D.

Containment should be listed on Malone's plan for incident response.

Question 2

You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations

to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From

your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?

Options:

A.

The best solution to cover the needs of this company would be a HIDS device.

B.

A NIDS device would work best for the company

C.

You are suggesting a NIPS device

D.

A HIPS device would best suite this company

Question 3

Jason has set a firewall policy that allows only a specific list of network services and deny everything else. This strategy is known as a____________.

Options:

A.

Default allow

B.

Default deny

C.

Default restrict

D.

Default access

Question 4

Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control

measures for their files and folders. Which access control did Ross implement?

Options:

A.

Discretionary access control

B.

Mandatory access control

C.

Non-discretionary access control

D.

Role-based access control

Question 5

Richard has been working as a Linux system administrator at an MNC. He wants to maintain a productive and secure environment by improving the performance of the systems through Linux patch management. Richard is using Ubuntu and wants to patch the Linux systems manually. Which among the following command installs updates (new ones) for Debun based Linux OSes?

Options:

A.

sudo apt-get dist-upgrade

B.

sudo apt-get update

C.

sudo apt-get dist-update

D.

sudo apt-get upgrate

Question 6

Identify the Password Attack Technique in which the adversary attacks cryptographic hash functions based on the probability, that if a hashing process is used for creating a key, then the same is

used for other keys?

Options:

A.

Dictionary Attack

B.

Brute Forcing Attack

C.

Hybrid Attack

D.

Birthday Attack

Question 7

Management asked Adam to implement a system allowing employees to use the same credentials to access multiple applications. Adam should implement the--------------------------authentication technique to satisfy the

management request.

Options:

A.

Two-factor Authentication

B.

Smart Card Authentication

C.

Single-sign-on

D.

Biometric

Question 8

What should a network administrator perform to execute/test the untrusted or untested programs or code from untrusted or unverified third-parties without risking the host system or OS?

Options:

A.

Application Whitelisting

B.

Application Blacklisting

C.

Deployment of WAFs

D.

Application Sandboxing

Question 9

What defines the maximum time period an organization is willing to lose data during a major IT outage event?

Options:

A.

BC

B.

RTO

C.

DR

D.

RPO

Question 10

Identify the network topology in which the network devices are connected such that every device has a point-to-point link to all the other devices.

Options:

A.

Star Topology

B.

Hybrid Topology

C.

Mesh Topology

D.

Bus Topology

Question 11

According to the company's security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows

Authentication. What needs to happen to force this server to use Windows Authentication?

Options:

A.

Edit the ADLIN file.

B.

Edit the shadow file.

C.

Remove the /var/bin/localauth.conf file.

D.

Edit the PAM file to enforce Windows Authentication

Question 12

Which of the following includes examining the probability, impact status, and exposure of risk?

Options:

A.

Risk Review

B.

Risk Tracking

C.

Risk Identification

D.

Risk Assessment

Question 13

Which firewall technology can filler application-specific commands such as CET and POST requests?

Options:

A.

Circuit-level gateways

B.

Application-level gateways

C.

Application proxy

D.

Stateful multi-layer inspection

Question 14

Which of the following is a data destruction technique that protects the sensitivity of information against a laboratory attack where an unauthorized individual uses signal processing recovery tools in a laboratory environment to recover the information?

Options:

A.

Purging

B.

Destroying

C.

Clearing

D.

Disposal

Question 15

John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

Options:

A.

DMZ

B.

Proxies

C.

VPN

D.

NAT

Question 16

Which of the following is a best practice for wireless network security?

Options:

A.

Enabling the remote router login

B.

Do not changing the default SSID

C.

Do not placing packet filter between the AP and the corporate intranet

D.

Using SSID cloaking

Question 17

Which of the following RAID storage techniques divides the data into multiple blocks, which are further written across the RAID system?

Options:

A.

Mirroring

B.

Striping

C.

None of these

D.

Parity

Question 18

In MacOS, how can the user implement disk encryption?

Options:

A.

By enabling BitLocker feature

B.

By executing dm-crypt command

C.

By turning on Device Encryption feature

D.

By enabling FileVault feature

Question 19

How is application whitelisting different from application blacklisting?

Options:

A.

It allows all applications other than the undesirable applications

B.

It allows execution of trusted applications in a unified environment

C.

It allows execution of untrusted applications in an isolated environment

D.

It rejects all applications other than the allowed applications

Question 20

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from certain region. You suspect a DoS incident on the network.

What will be your first reaction as a first responder?

Options:

A.

Disable Virus Protection

B.

Make an initial assessment

C.

Communicate the incident

D.

Avoid Fear, Uncertainty and Doubt

Question 21

Michelle is a network security administrator working in an MNC company. She wants to set a

resource limit for CPU in a container. Which command-line allows Michelle to limit a container to 2

CPUs?

Options:

A.

--cpu=“2”

B.

$cpu=“2”

C.

--cpus=“2”

D.

$cpus=“2”

Question 22

John, a network administrator, is configuring Amazon EC2 cloud service for his organization. Identify the type of cloud service modules his organization adopted.

Options:

A.

Software-as-a-Service (SaaS)

B.

Infrastructure-as-a-Service (IaaS)

C.

Platform-as-a-Service (PaaS)

D.

Storage-as-a-Service (SaaS)

Question 23

Under which of the following acts can an international financial institution be prosecuted if it fails to maintain the privacy of its customer’s information?

Options:

A.

GLBA

B.

FISMA

C.

DMCA

D.

SOX

Question 24

An IT company has just been hit with a severe external security breach. To enhance the company’s security posture, the network admin has decided to first block all the services and then individually

enable only the necessary services. What is such an Internet access policy called?

Options:

A.

Prudent Policy

B.

Permissive Policy

C.

Promiscuous Policy

D.

Paranoid Policy

Question 25

A network designer needs to submit a proposal for a company, which has just published a web

portal for its clients on the internet. Such a server needs to be isolated from the internal network,

placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with

three interfaces, one for the internet network, another for the DMZ server farm and another for the

internal network. What kind of topology will the designer propose?

Options:

A.

Screened subnet

B.

DMZ, External-Internal firewall

C.

Multi-homed firewall

D.

Bastion host

Question 26

According to standard loT security practice, loT Gateway should be connected to a -------------

Options:

A.

Border router

B.

Secure router

C.

Pouter that is connected to internal servers

D.

Router that is connected to other subnets

Question 27

Which subdirectory in /var/log directory stores information related to Apache web server?

Options:

A.

/var/log/maillog/

B.

/var/log/httpd/

C.

/var/log/apachelog/

D.

/var/log/lighttpd/

Question 28

Justine has been tasked by her supervisor to ensure that the company's physical security is on the same level as their logical security measures. She installs video cameras at all entrances and exits and installs badge

access points for all doors. The last item she wants to install is a method to prevent unauthorized people piggybacking employees. What should she install to prevent piggybacking?

Options:

A.

She should install a mantrap

B.

Justine needs to install a biometrics station at each entrance

C.

Justine will need to install a revolving security door

D.

She should install a Thompson Trapdoor.

Question 29

How is the chip-level security of an loT device achieved?

Options:

A.

Encrypting JTAC interface

B.

Keeping the device on a that network

C.

Closing insecure network services

D.

Changing the password of the router

Question 30

Which of the following types of information can be obtained through network sniffing? (Select all that apply)

Options:

A.

Programming errors

B.

DNS traffic

C.

Telnet passwords

D.

Syslog traffic

Question 31

How is a “risk” represented?

Options:

A.

Asset + threat

B.

Motive (goal) + method

C.

Asset + threat + vulnerability

D.

Motive (goal) + method + vulnerability

Question 32

The--------------protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.

Options:

A.

RARP

B.

ICMP

C.

DHCP

D.

ARP

Question 33

John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router. Which command will John use to enable NetFlow on

an interface?

Options:

A.

Router(Config-if) # IP route - cache flow

B.

Router# Netmon enable

C.

Router IP route

D.

Router# netflow enable

Question 34

Jason works as a System Administrator for Inc. The company has a Windows

based network. Sam, an employee of the company, accidentally changes some of the applications and

system settings. He complains to Jason that his system is not working properly. To troubleshoot the

problem, Jason diagnoses the internals of his computer and observes that some changes have been

made in Sam's computer registry. To rectify the issue, Jason has to restore the registry. Which of the

following utilities can Jason use to accomplish the task? Each correct answer represents a complete

solution. Choose all that apply.

Options:

A.

Resplendent registrar

B.

Reg.exe

C.

Regedit.exe

D.

EventCombMT

Question 35

Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view

the traffic?

Options:

A.

Tcp.flags==0x000

B.

Tcp.flags==0000x

C.

Tcp.flags==000x0

D.

Tcp.flags==x0000

Question 36

Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

Options:

A.

tcp.dstport==7 and udp.srcport==7

B.

tcp.dstport==7 and udp.dstport==7

C.

tcp.dstport==7 and udp.dstport==7

D.

tcp.dstport==7 and udp.srcport==7

Question 37

Katie has implemented the RAID level that split data into blocks and evenly write the data to multiple hard drives but does not provide data redundancy. This type of RAID level requires a minimum of________in order to

setup.

Options:

A.

Four drives

B.

Three drives

C.

Two drives

D.

Six drives

Question 38

Henry, head of network security at Gentech, has discovered a general report template that someone has reserved only for the CEO. Since the file has to be editable, viewable, and deletable by everyone, what permission value should he set?

Options:

A.

777

B.

700

C.

755

D.

0600

Question 39

John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which

of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?

Options:

A.

Tcp.flags==0x2b

B.

Tcp.flags=0x00

C.

Tcp.options.mss_val<1460

D.

Tcp.options.wscale_val==20

Question 40

An insider in Hexagon, a leading IT company in USA, was testing a packet crafting tool. This tool

generated a lot of malformed TCP/IP packets which crashed the main server’s operating system leading

to restricting the employees’ accesses. Which attack did the insider use in the above situation?

Options:

A.

DoS attack

B.

Session Hijacking

C.

Man-in-the-Middle

D.

Cross-Site-Scripting

Question 41

Patrick wants to change the file permission of a file with permission value 755 to 744. He used a Linux command chmod [permission Value] [File Name] to make these changes. What will be the change

in the file access?

Options:

A.

He changed the file permission from rwxr-xr-x to rwx-r--r--

B.

He changes the file permission from rwxr-xr-x to rw-rw-rw-

C.

He changed the file permission from rw------- to rw-r--r--

D.

He changed the file permission from rwxrwxrwx to rwx------

Question 42

Which wireless networking topology setup requires same channel name and SSID?

Options:

A.

Ad-Hoc standalone network architecture

B.

Infrastructure network topology

C.

Hybrid topology

D.

Mesh topology

Question 43

Which of the following provides a set of voluntary recommended cyber security features to include in network-capable loT devices?

Options:

A.

GCMA

B.

FCMA

C.

NIST

D.

GLBA

Question 44

Which RAID level system provides very good data performance but does not offer fault tolerance and data redundancy?

Options:

A.

PAID level 3

B.

RAID level 5

C.

RAID level 1

D.

RAID level 0

Question 45

What is the best way to describe a mesh network topology?

Options:

A.

A network the is extremely cost efficient, offering the best option for allowing computers to communicate amongst each other.

B.

A network in which every computer in the network can communicate with a single central computer.

C.

A network in which every computer in the network has a connection to each and every computer in the network.

D.

A network in which every computer meshes together to form a hybrid between a star and bus topology.

Question 46

Which of the following is true regarding any attack surface?

Options:

A.

Decrease in vulnerabilities decreases the attack surface

B.

Increase in vulnerabilities decreases the attack surface

C.

Decrease in risk exposures increases the attack surface

D.

Decrease in vulnerabilities increases the attack surface

Question 47

------------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

Options:

A.

802.15

B.

802.16

C.

802.15.4

D.

802.12

Question 48

Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?

Options:

A.

Indicators of attack

B.

Key risk indicators

C.

Indicators of exposure

D.

Indicators of compromise

Question 49

Alex is administrating the firewall in the organization's network. What command will he use to check the ports applications open?

Options:

A.

Netstat -an

B.

Netstat -o

C.

Netstat -a

D.

Netstat -ao

Question 50

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of

following physical security measures should the administrator use?

Options:

A.

Bollards

B.

Fence

C.

Video surveillance

D.

Mantrap

Question 51

Which of the following security models enable strict identity verification for every user or device attempting to access the network resources?

1. Zero-trust network model

2. Castle-and-Moat model

Options:

A.

Both 1 and 2

B.

1 only

C.

2 only

D.

None

Question 52

Which component of the data packets is encrypted in Transport mode encryption of an IPsec server?

Options:

A.

Payload

B.

Header

C.

Header and Payload

D.

Encryption is not used in IPsec server

Question 53

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting,

Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment

plan?

Options:

A.

Their first step is to analyze the data they have currently gathered from the company or interviews.

B.

Their first step is to make a hypothesis of what their final findings will be.

C.

Their first step is to create an initial Executive report to show the management team.

D.

Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Question 54

An employee of a medical service company clicked a malicious link in an email sent by an attacker. Suddenly, employees of the company are not able to access billing information or client record as it is

encrypted. The attacker asked the company to pay money for gaining access to their data. Which type of malware attack is described above?

Options:

A.

Logic bomb

B.

Rootkits

C.

Trojan

D.

Ransomware

Question 55

Daniel who works as a network administrator has just deployed an in his organizations network. He wants to calculate the False Positive rate for his implementation. Which of the following formulas will he use to calculate the False Positive rate?

Options:

A.

False Positive/False Positive+True Negative

B.

True Negative/False Negative+True Positive

C.

False Negative/False Negative+True Positive

D.

False Negative/True Negative+True Positive

Question 56

Which of the following indicators are discovered through an attacker's intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?

Options:

A.

Key risk indicators

B.

Indicators of compromise

C.

Indicators of attack

D.

Indicators of exposure

Question 57

Which among the following filter is used to detect a SYN/FIN attack?

Options:

A.

tcp.flags==0x002

B.

tcp.flags==0x004

C.

tcp.flags==0x003

D.

tcp.flags==0x001

Question 58

Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented.

What is the correct hierarchy for a security policy implementation?

Options:

A.

Laws, Policies, Regulations, Procedures and Standards

B.

Regulations, Policies, Laws, Standards and Procedures

C.

Laws, Regulations, Policies, Standards and Procedures

D.

Procedures, Policies, Laws, Standards and Regulations

Question 59

Disaster Recovery is a _________.

Options:

A.

Operation-centric strategy

B.

Security-centric strategy

C.

Data-centric strategy

D.

Business-centric strategy

Question 60

Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is

encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.

Options:

A.

Full Mesh Mode

B.

Point-to-Point Mode

C.

Transport Mode

D.

Tunnel Mode

Question 61

Which of the following connects the SDN controller and SDN networking devices and relays information from network services to network devices such as switches and routers?

Options:

A.

Eastbound API

B.

Northbound API

C.

Southbound API

D.

Westbound API

Question 62

Which type of training can create awareness among employees regarding compliance issues?

Options:

A.

Social engineering awareness training

B.

Security policy training

C.

Physical security awareness training

D.

Training on data classification

Question 63

A popular e-commerce company has recently received a lot of complaints from its customers. Most

of the complaints are about the customers being redirected to some other website when trying to

access the e-com site, leading to all their systems being compromised and corrupted. Upon

investigation, the network admin of the firm discovered that some adversary had manipulated the

company’s IP address in the domain name server’s cache. What is such an attack called?

Options:

A.

DNS Poisoning

B.

DNS Application

C.

DNS Attacked by DDoS

D.

DNS Hijacking

Question 64

Jeanne is working as a network administrator in an IT company. She wants to control/limit container

access to CPU, memory, swap, block IO (rates), network. Which Linux kernel feature allows Jeanne to

manage, restrict, and audit groups of the process?

Options:

A.

Cgroups

B.

LSMs

C.

Seccomp

D.

Userns

Question 65

Which category of suspicious traffic signatures includes SYN flood attempts?

Options:

A.

Informational

B.

Denial of Service

C.

Reconnaissance

D.

Unauthorized access

Question 66

You want to increase your network security implementing a technology that only allows certain MAC addresses in specific ports in the switches; which one of the above is the best choice?

Options:

A.

Port Security

B.

Port Detection

C.

Port Authorization

D.

Port Knocking

Question 67

Timothy works as a network administrator in a multinational organization. He decides to implement a dedicated network for sharing storage resources. He uses a_______as it seperates the storage units from the

servers and the user network.

Options:

A.

SAN

B.

SCSA

C.

NAS

D.

SAS

Question 68

Hacktivists are threat actors, who can be described as -------------------

Options:

A.

People motivated by religious beliefs

B.

Disgruntled/terminated employees

C.

People motivated by monetary gams

D.

People having political or social agenda

Question 69

Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works.

The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred's supervisor wants to implement

tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred's boss wants a solution that will be placed on all computers throughout the company and

monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. What type of solution does Fred's boss want to implement?

Options:

A.

Fred's boss wants a NIDS implementation.

B.

Fred's boss wants Fred to monitor a NIPS system.

C.

Fred's boss wants to implement a HIPS solution.

D.

Fred's boss wants to implement a HIDS solution.

Question 70

Which field is not included in the TCP header?

Options:

A.

Source IP address

B.

Acknowledgment number

C.

Sequence number

D.

Source Port

Question 71

Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as

PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?

Options:

A.

Module logging

B.

Script block logging

C.

Event logging

D.

Transcript logging

Question 72

Leslie, the network administrator of Livewire Technologies, has been recommending multilayer inspection firewalls to deploy the company’s infrastructure. What layers of the TCP/IP model can it protect?

Options:

A.

Network interface, TCP, and IP

B.

Application, TCP, and IP

C.

IP. application, and network interface

D.

Application, IP, and network interface

Question 73

Which among the following is used to limit the number of cmdlets or administrative privileges of administrator, user, or service accounts?

Options:

A.

Just Enough Administration (EA)

B.

User Account Control (UAC)

C.

Windows Security Identifier (SID)

D.

Credential Guard

Question 74

Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:

Options:

A.

Cloud to service attack surface

B.

User to service attack surface

C.

User to cloud attack surface

D.

Cloud to user attack surface

Question 75

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your

first reaction as a first responder?

Options:

A.

Avoid Fear, Uncertainty and Doubt

B.

Communicate the incident

C.

Make an initial assessment

D.

Disable Virus Protection

Question 76

Cindy is the network security administrator for her company. She just got back from a security

conference in Las Vegas where they talked about all kinds of old and new security threats; many of

which she did not know of. She is worried about the current security state of her company's network so

she decides to start scanning the network from an external IP address. To see how some of the hosts on

her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK

response. Before the connection is established, she sends RST packets to those hosts to stop the session.

She has done this to see how her intrusion detection system will log the traffic. What type of scan is

Cindy attempting here?

Options:

A.

Cindy is using a half-open scan to find live hosts on her network.

B.

The type of scan she is using is called a NULL scan

C.

She is utilizing a RST scan to find live hosts that are listening on her network

D.

Cindy is attempting to find live hosts on her company’s network by using a XMAS scan

Question 77

Identify the type of event that is recorded when an application driver loads successfully in Windows.

Options:

A.

Success Audit

B.

Error

C.

Warning

D.

Information

Question 78

Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?

Options:

A.

System Specific Security Policy (SSSP)

B.

Incident Response Policy (IRP)

C.

Enterprise Information Security Policy (EISP)

D.

Issue Specific Security Policy (ISSP)

Question 79

James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company

schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email

encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails. What should James use?

Options:

A.

James could use PGP as a free option for encrypting the company's emails.

B.

James should utilize the free OTP software package.

C.

James can use MD5 algorithm to encrypt all the emails

D.

James can enforce mandatory HTTPS in the email clients to encrypt emails

Question 80

The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in

transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?

Options:

A.

Hashing; hash code

B.

Symmetric encryption; secret key

C.

Hashing; public key

D.

Asymmetric encryption; public key

Question 81

Which of the following Layers of IoT Architecture provides dashboards to monitor, analyze, and implement proactive decisions?

Options:

A.

Device Layer

B.

Communication Layer

C.

Cloud Layer

D.

Process Layer

Question 82

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?

Options:

A.

Containment

B.

Assign eradication

C.

A follow-up

D.

Recovery

Question 83

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Options:

A.

tcp.flags==0x003

B.

tcp.flags==0X029

C.

TCP.flags==0x300

D.

tcp.dstport==7

Question 84

You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile

users working from laptops on Windows 8. Last week 10 of your company's laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information. While

doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information. What built-in Windows feature could you have implemented to protect the

sensitive information on these laptops?

Options:

A.

You should have used 3DES.

B.

You should have implemented the Distributed File System (DFS).

C.

If you would have implemented Pretty Good Privacy (PGP).

D.

You could have implemented the Encrypted File System (EFS)

Question 85

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?

Options:

A.

Assign eradication.

B.

Recovery

C.

Containment

D.

A follow-up.

Question 86

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend

them against this allegation.

Options:

A.

PR Specialist

B.

Attorney

C.

Incident Handler

D.

Evidence Manager

Question 87

Which scan attempt can penetrate through a router and a firewall that filter incoming packets with particular flags set and is not supported by Windows?

Options:

A.

ARP scan attempt

B.

TCP full connect scan attempt

C.

TCP null scan attempt

D.

PINC sweep attempt

Question 88

Who is responsible for executing the policies and plans required for supporting the information technology and computer systems of an organization?

Options:

A.

Senior management

B.

IT security practitioners

C.

Business and functional managers

D.

Chief Information Officer (CIO)

Question 89

Delta IT solutions suffered a substantial data loss translating into a huge monetary loss for them. While investigation, the network admin analyzed all the packets and traffic transmitted across the

network and identified that some user, within the organization, had leaked the data. Which of the following devices could have helped the network admin reach this conclusion?

Options:

A.

Internet Content Filter

B.

Network Access Control

C.

Network Protocol Analyzer

D.

Intrusion Detection System

Question 90

Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and Hateful inspection?

Options:

A.

Circuit-level gateway firewall

B.

Next generation firewall

C.

Network address translation

D.

Stateful muIti-layer inspection firewall

Question 91

Which type of attack is used to hack an IoT device and direct large amounts of network traffic toward a web server, resulting in overloading the server with connections and preventing any new connections?

Options:

A.

XSS

B.

DDoS

C.

XCRF

D.

Sniffing

Question 92

Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to

ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?

Options:

A.

Confidentiality

B.

Availability

C.

Data Integrity

D.

Usability

Question 93

Which Internet access policy starts with all services blocked and the administrator enables safe and necessary services individually, which provides maximum security and logs everything, such as system

and network activities?

Options:

A.

Internet access policy

B.

Permissive policy

C.

Prudent policy

D.

Paranoid policy

Question 94

A network administrator is monitoring the network traffic with Wireshark. Which of the following filters will she use to view the packets moving without setting a flag to detect TCP Null Scan attempts?

Options:

A.

TCRflags==0x000

B.

Tcp.flags==0X029

C.

Tcp.dstport==7

D.

Tcp.flags==0x003

Question 95

Which of the following helps in viewing account activity and events for supported services made by AWS?

Options:

A.

AWS CloudFormation

B.

AWS Certificate Manager

C.

AWS CloudHSM

D.

AWS CloudTrial

Question 96

Which type of modulation technique is used in local area wireless networks (LAWNs)?

Options:

A.

FHSS

B.

OFDM

C.

DSSS

D.

MIMO-OFDM

Question 97

Which of the following characteristics represents a normal TCP packet?

Options:

A.

SYN and FIN bits are set

B.

Source or destination port b zero

C.

FIN ACK and ACK are used in terminating the connection

D.

The destination address is a broadcast address

Question 98

What is composite signature-based analysis?

Options:

A.

Multiple packet analysis is required to detect attack signatures

B.

Attack signatures are contained in packet headers

C.

Attack signatures are contained in packet payloads

D.

Single Packet analysis is enough to identify attack signatures

Question 99

Which of the following provides enhanced password protection, secured loT connections, and encompasses stronger encryption techniques?

Options:

A.

WPA3

B.

WEP

C.

WPA

D.

WPA2

Question 100

Which firewall technology can be implemented in all (application, session, transport, network, and presentation) layers of the OSl model?

Options:

A.

Circuit-level gateway

B.

Network address translation

C.

VPN

D.

Packet filtering

Question 101

Which of the following attack surface increase when you keep USB ports enabled on your laptop unnecessarily?

Options:

A.

Human attack surface

B.

Network attack surface

C.

Physical attack surface

D.

Software attack surface

Question 102

If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company’s Linux systems, which directory should he access?

Options:

A.

/etc/logrotate.conf

B.

/etc/hosts.allow

C.

/etc/crontab

D.

/etc/login.defs

Question 103

Which of the following intrusion detection techniques observes the network for abnormal usage patterns by determining the performance parameters for regular activities and monitoring for actions

beyond the normal parameters?

Options:

A.

Signature/Pattern matching

B.

Stateful protocol analysis

C.

None of these

D.

Statistical anomaly detection

Question 104

Ivan needs to pick an encryption method that is scalable even though it might be slower. He has settled on a method that works where one key is public and the other is private. What encryption method did Ivan settle

on?

Options:

A.

Ivan settled on the private encryption method.

B.

Ivan settled on the symmetric encryption method.

C.

Ivan settled on the asymmetric encryption method

D.

Ivan settled on the hashing encryption method

Question 105

A company wants to implement a data backup method which allows them to encrypt the data ensuring its security as well as access at any time and from any location. What is the appropriate backup method that

should be implemented?

Options:

A.

Onsite backup

B.

Hot site backup

C.

Offsite backup

D.

Cloud backup

Question 106

A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other f unction(s) of the device? (Select all that apply)

Options:

A.

Provides access memory, achieving high efficiency

B.

Assigns user addresses

C.

Enables input/output (I/O) operations

D.

Manages security keys

Question 107

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or

multiple fields?

Options:

A.

Automated Field Correlation

B.

Field-Based Approach

C.

Rule-Based Approach

D.

Graph-Based Approach

Question 108

Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?

Options:

A.

Contain the damage

B.

Disconnect the five infected devices from the network

C.

Inform the IRT about the incident and wait for their response

D.

Inform everybody in the organization about the attack

Page: 1 / 36
Total 362 questions