NEW QUESTION 1
Netflow uses which format?

• A. base 10
• B. ASCII
• C. Binary
• D. Hexadecimal

Answer: C

NEW QUESTION 2
Which process continues to be recorded in the process table after it has ended and the status is returned to the parent?

• A. daemon
• B. zombie
• C. orphan
• D. child

Answer: B

NEW QUESTION 3
Which definition of vulnerability is true?

• A. an exploitable unpatched and unmitigated weakness in software
• B. an incompatible piece of software
• C. software that does not have the most current patch applied
• D. software that was not approved for installation

Answer: A

NEW QUESTION 4
What is a trunk link used for?

• A. To pass multiple virtual LANs
• B. To connect more than two switches
• C. To enable Spanning Tree Protocol
• D. To encapsulate Layer 2 frames

Answer: A

NEW QUESTION 5
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture?

• A. NTP
• B. HTTP
• C. DNS
• D. SSH

Answer: B

NEW QUESTION 6
At which OSI layer does a router typically operate?

• A. Transport
• B. Network
• C. Data link
• D. Application

Answer: B

NEW QUESTION 7
Which term describes reasonable effort that must be made to obtain relevant information to facilitate appropriate courses of action?

• A. Due diligence
• B. ethical behavior
• C. decision making
• D. data mining.

Answer: A

NEW QUESTION 8
Which definition of the IIS Log Parser tool is true?

• A. a logging module for IIS that allows you to log to a database
• B. a data source control to connect to your data source
• C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
• D. a powerful versatile tool that verifies the integrity of the log files

Answer: C

NEW QUESTION 9
In which context is it inappropriate to use a hash algorithm?

• A. Telnet logins
• B. Verifying file integrity
• C. SSH logins
• D. Digital signature verification

Answer: A

NEW QUESTION 10
Which definition of a daemon on Linux is true?

• A. error check right after the call to fork a process
• B. new process created by duplicating the calling process
• C. program that runs unobtrusively in the background
• D. set of basic CPU instructions

Answer: C

NEW QUESTION 11
An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity?

• A. The switch could offer fake DHCP addresses.
• B. The switch could become the root bridge.
• C. The switch could be allowed to join the VTP domain
• D. The switch could become a transparent bridge.

Answer: B

NEW QUESTION 12
Which actions can a promiscuous IPS take to mitigate an attack? Choose three

• A. Denying Frames
• B. Resetting the TCP Connection
• C. Requesting host blocking
• D. Modifying packets
• E. Denying packets
• F. Requesting connection blocking

Answer: BCF

NEW QUESTION 13
You discover that a foreign government hacked one of the defense contractors in your country and stole intellectual property. In this situation, which option is considered the threat agent?

• A. method in which the hack occurred
• B. defense contractor that stored the intellectual property
• C. intellectual property that was stolen
• D. foreign government that conducted the attack

Answer: D

NEW QUESTION 14
Which situation indicates application-level white listing?

• A. Allow everything and deny specific executable files.
• B. Allow specific executable files and deny specific executable files.
• C. Writing current application attacks on a whiteboard daily.
• D. Allow specific files and deny everything else.

Answer: D

NEW QUESTION 15
which options is true when using the traffic mirror feature in a switch

• A. Ethernet headers are modified
• B. packets payloads are lost
• C. packets are not processed
• D. full capture is possible

Answer: D

NEW QUESTION 16
Company XX must filter/control some application and limited connection based on location across the network, which technology can be used?

• A. HIDS.
• B. NGFW.
• C. Web proxy.
• D. Load balancers.

Answer: B

NEW QUESTION 17
What does the sum of the risks presented by an application represent for that application?

• A. Application attack surface
• B. Security violation
• C. Vulnerability
• D. HIPPA violation

Answer: A

NEW QUESTION 18
Which of the following is true about heuristic-based algorithms?

• A. Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize the possibility of false positives.
• B. Heuristic-based algorithms do not require fine tuning.
• C. Heuristic-based algorithms support advanced malware protection.
• D. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and tuning.

Answer: A

NEW QUESTION 19
Which security monitoring data type requires the most storage space?

• A. full packet capture
• B. transaction data
• C. statistical data
• D. session data

Answer: A

NEW QUESTION 20
What is PHI?

• A. Protected HIPAA information
• B. Protected health information
• C. Personal health information
• D. Personal human information

Answer: B

NEW QUESTION 21
Which tool is commonly used by threat actors on a webpage to take advantage of the software vulnerabilities of a system to spread malware?

• A. exploit kit
• B. root kit
• C. vulnerability kit
• D. script kiddie kit

Answer: B

NEW QUESTION 22
......