NEW QUESTION 1
Which of the following are the types of intrusion detection systems?
Each correct answer represents a complete solution. Choose all that apply.

• A. Host-based intrusion detection system (HIDS)
• B. Client-based intrusion detection system (CIDS)
• C. Server-based intrusion detection system (SIDS)
• D. Network intrusion detection system (NIDS)

Answer: AD

NEW QUESTION 2
Which of the following attack vectors are addressed by Xinetd and TCP Wrappers?

• A. Outsider attack from network
• B. Outsider attack from a telephone
• C. Insider attack from local network
• D. Attack from previously installed malicious code
• E. A and B
• F. A and C
• G. B and D
• H. C and D

Answer: B

NEW QUESTION 3
You work as a Network Administrator for Net World Inc. The company has a Linux-based network. For testing purposes, you have configured a default IP-table with several filtering rules. You want to reconfigure the table. For this, you decide to remove the rules from all the chains in the table. Which of the following commands will you use?

• A. IPTABLES -D
• B. IPTABLES -A
• C. IPTABLES -h
• D. IPTABLES -F

Answer: D

NEW QUESTION 4
One of your Linux systems was compromised last night. According to change management history and a recent vulnerability scan, the system's patches were up-to-date at the time of the attack. Which of the following statements is the Most Likely explanation?

• A. It was a zero-day exploi
• B. It was a Trojan Horse exploi
• C. It was a worm exploi
• D. It was a man-in-middle exploi

Answer: A

NEW QUESTION 5
You are doing some analysis of malware on a Unix computer in a closed test network. The IP address of the computer is 192.168.1.120. From a packet capture, you see the malware is attempting to do a DNS query for a server called iamabadserver.com so that it can connect to it. There is no DNS server on the test network to do name resolution. You have another computer, whose IP is 192.168.1.115, available on the test network that you would like for the malware connect to it instead. How do you get the malware to connect to that computer on the test network?

• A. You modify the HOSTS file on the computer you want the malware to connect to and add an entry that reads: 192.168.1.120 iamabadserver iamabadserver.com
• B. You modify the HOSTS file on the Unix computer your malware is running on and add an entry that reads: 192.168.1.115 iamabadserveriamabadserver.com
• C. You modify the HOSTS file on the Unix computer your malware is running on and add an entry that reads: 192.168.1.120 iamabadserver iamabadserver.com
• D. You modify the HOSTS file on the computer you want the malware to connect to and add an entry that reads: 192.168.1.115 iamabadserver iamabadserver.com

Answer: B

NEW QUESTION 6
Which of the following defines the communication link between a Web server and Web
applications?

• A. CGI
• B. PGP
• C. Firewall
• D. IETF

Answer: A

NEW QUESTION 7
Which of the following statements about Secure Sockets Layer (SSL) are true? Each correct answer represents a complete solution. Choose two.

• A. It provides communication privacy, authentication, and message integrit
• B. It provides mail transfer servic
• C. It uses a combination of public key and symmetric encryption for security of dat
• D. It provides connectivity between Web browser and Web serve

Answer: AC

NEW QUESTION 8
A new data center is being built where customer credit information will be processed and stored. Which of the following actions will help maintain the confidentiality of the data?

• A. Environmental sensors in the server room
• B. Access control system for physical building
• C. Automated fire detection and control systems
• D. Frequent off-site backup of critical databases

Answer: B

NEW QUESTION 9
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server. Which of the following tasks will he accomplish?

• A. None of the tasks will be accomplishe
• B. He will be able to check the file system type on each computer's hard dis
• C. He will be able to accomplish all the task
• D. He will be able to check all available security updates and shared folder

Answer: C

NEW QUESTION 10
Which access control mechanism requires a high amount of maintenance since all data must be classified, and all users granted appropriate clearance?

• A. Mandatory
• B. Discretionary
• C. Rule set-based
• D. Role-Based

Answer: A

NEW QUESTION 11
If you do NOT have an original file to compare to, what is a good way to identify steganography in potential carrier files?

• A. Determine normal properties through methods like statistics and look for changes
• B. Determine normal network traffic patterns and look for changes
• C. Find files with the extension .stg
• D. Visually verify the files you suspect to be steganography messages

Answer: A

NEW QUESTION 12
If a DNS client wants to look up the IP address for good.news.com and does not receive an authoritative reply from its local DNS server, which name server is most likely to provide an authoritative reply?

• A. The news.com domain name server
• B. The .com (top-level) domain name server
• C. The .(root-level) domain name server
• D. The .gov (top-level) domain name server

Answer: A

NEW QUESTION 13
A US case involving malicious code is brought to trial. An employee had opened a helpdesk ticket to report specific instances of strange behavior on her system. The IT helpdesk representative collected information by interviewing the user and escalated the ticket to the system administrators. As the user had regulated and sensitive data on her computer, the system administrators had the hard drive sent to the company's forensic consultant for analysis and configured a new hard drive for the user. Based on the recommendations from the forensic consultant and the company's legal department, the CEO decided to prosecute the author of the malicious code. During the court case, which of the following would be able to provide direct evidence?

• A. The IT helpdesk representative
• B. The company CEO
• C. The user of the infected system
• D. The system administrator who removed the hard drive

Answer: C

NEW QUESTION 14
What is the discipline of establishing a known baseline and managing that condition known as?

• A. Condition deployment
• B. Observation discipline
• C. Security establishment
• D. Configuration management

Answer: C

NEW QUESTION 15
What is the function of the TTL (Time to Live) field in IPv4 and the Hop Limit field in IPv6 In an IP Packet header?

• A. These fields are decremented each time a packet is retransmitted to minimize the possibility of routing loop
• B. These fields are initialized to an initial value to prevent packet fragmentation and fragmentation attack
• C. These fields are recalculated based on the required time for a packet to arrive at its destinatio
• D. These fields are incremented each time a packet is transmitted to indicate the number of routers that an IP packet has traverse

Answer: A

NEW QUESTION 16
Which of the following is a required component for successful 802.lx network authentication?

• A. Supplicant
• B. 3rd-party Certificate Authority
• C. Ticket Granting Server (TGS)
• D. IPSec

Answer: A

NEW QUESTION 17
Which of the following protocols implements VPN using IPSec?

• A. SLIP
• B. PPP
• C. L2TP
• D. PPTP

Answer: C

NEW QUESTION 18
Your CIO has found out that it is possible for an attacker to clone your company's RFID (Radio Frequency ID) based key cards. The CIO has tasked you with finding a way to ensure that anyone entering the building is an employee. Which of the following authentication types would be the appropriate solution to this problem?

• A. Mandatory Access Controls
• B. Bell-LaPadula
• C. Two-Factor
• D. TACACS

Answer: C

NEW QUESTION 19
You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.
What will be the key functions of the sensors in such a physical layout?
Each correct answer represents a complete solution. Choose all that apply.

• A. To collect data from operating system logs
• B. To notify the console with an alert if any intrusion is detected
• C. To analyze for known signatures
• D. To collect data from Web servers

Answer: BC

NEW QUESTION 20
......