Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office. What layer of the OSI model do IPsec tunnels function on?
Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?
Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or
multiple fields?
Individuals in the organization using system resources against acceptable usage policies indicates which of the following security incident:
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which
of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?
Michael decides to view the-----------------to track employee actions on the organization's network.
Maximus Tech Is a multinational company that uses Cisco ASA Firewalls for their systems. Jason is the one of the members of the team that checks the logs at Maximus Tech. As a part of his job. he is going through me logs and he came across a firewall log that looks like this:
May 06 2018 21:27:27 asa 1: % ASA -6-11008: User enable_16' executed the 'configure term' command
Based on the security level mentioned in the log, what did Jason understand about the description of this message?
Jason has set a firewall policy that allows only a specific list of network services and deny everything else. This strategy is known as a____________.
Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?
Which subdirectory in /var/log directory stores information related to Apache web server?
John, a network administrator, is configuring Amazon EC2 cloud service for his organization. Identify the type of cloud service modules his organization adopted.
Which of the following manages the Docker images, containers, networks, and storage volume and processes the request of Docker API?
What should a network administrator perform to execute/test the untrusted or untested programs or code from untrusted or unverified third-parties without risking the host system or OS?
Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?
Which of the following Wireshark filters can a network administrator use to view the packets without any flags set in order to detect TCP Null Scan attempts?
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's_________integrity check mechanism provides security against a replay attack
Who oversees all the incident response activities in an organization and is responsible for all actions of the IR team and IR function?
Which technique is used in RAID level 0 where the data is split into blocks and written evenly across multiple disks?
Which of the following statements holds true in terms of virtual machines?
Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. Which step should Malone list as the last step in the incident response methodology?
Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting,
Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment
plan?
Arman transferred some money to his friend’s account using a net banking service. After a few hours, his friend informed him that he hadn’t received the money yet. Arman logged on to the bank’s website to investigate and discovered that the amount had been transferred to an unknown account instead. The bank, upon receiving Arman’s complaint, discovered that someone had established a station between Arman’s and the bank server’s communication system. The station intercepted the communication and inserted another account number replacing his friend’s account number. What is
such an attack called?
Justine has been tasked by her supervisor to ensure that the company's physical security is on the same level as their logical security measures. She installs video cameras at all entrances and exits and installs badge
access points for all doors. The last item she wants to install is a method to prevent unauthorized people piggybacking employees. What should she install to prevent piggybacking?
Which type of information security policy addresses the implementation and configuration of technology and user behavior?
According to standard loT security practice, loT Gateway should be connected to a -------------
Heather has been tasked with setting up and implementing VPN tunnels to remote offices. She will most likely be implementing IPsec VPN tunnels to connect the offices. At what layer of the OSI model does an IPsec
tunnel function on?
Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?
John, who works as a team lead in Zen Technologies, found that his team members were accessing social networking sites, shopping sites and watching movies during office hours. He approached the
network admin to block such websites. What kind of network security device can be used to implement John’s decision?
Which of the following helps in viewing account activity and events for supported services made by AWS?
The Circuit-level gateway firewall technology functions at which of the following OSI layer?
James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep
attack. Which of the following Wireshark filters will he use?
John has been working a* a network administrator at an IT company. He wants to prevent misuse of accounts by unauthorized users. He wants to ensure that no accounts have empty passwords. Which of the following commands does John use to list all the accounts with an empty password?
Which of the following interfaces uses hot plugging technique to replace computer components without the need to shut down the system?
Which of the following incident handling stage removes the root cause of the incident?
Which of the following is a windows in-built feature that provides filesystem-level encryption in the OS (starting from Windows 2000). except the Home version of Windows?
Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle's company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on
logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide
solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement
and be network-wide. What type of solution would be best for Lyle?
Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?
Which among the following tools can help in identifying IoEs to evaluate human attack surface?
An IT company has just been hit with a severe external security breach. To enhance the company’s security posture, the network admin has decided to first block all the services and then individually
enable only the necessary services. What is such an Internet access policy called?
Which of following are benefits of using loT devices in loT-enabled environments? I. loT device car be connected anytime M. loT device can be connected at any place ill. loT devices connected to anything
An attacker has access to password hashes of a Windows 7 computer. Which of the following attacks can the attacker use to reveal the passwords?
Which of the following network security protocols protects from sniffing attacks by encrypting entire communication between the clients and server including user passwords?
Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to
ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?
Which of the following types of information can be obtained through network sniffing? (Select all that apply)
Wallcot, a retail chain in US and Canada, wants to improve the security of their administration
offices. They want to implement a mechanism with two doors. Only one of the doors can be opened at a
time. Once people enter from the first door, they have to be authorized to open the next one. Failing
the authorization, the person will be locked between the doors until an authorized person lets him or
her out. What is such a mechanism called?
In Public Key Infrastructure (PKI), which authority is responsible for issuing and verifying the certificates?
Larry is responsible for the company's network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because
it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server
outside of the company's internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls. What
logical area is Larry putting the new email server into?
Which of the following examines Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) for a disaster recovery strategy?
During a security awareness program, management was explaining the various reasons which create threats to network security. Which could be a possible threat to network security?
A company wants to implement a data backup method that allows them to encrypt the data ensuring its security as well as access it at any time and from any location. What is the appropriate backup method
that should be implemented?
Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what
command should he execute?
Which of the following is a data destruction technique that protects the sensitivity of information against a laboratory attack where an unauthorized individual uses signal processing recovery tools in a laboratory environment to recover the information?
Which wireless networking topology setup requires same channel name and SSID?
You are tasked to perform black hat vulnerability assessment for a client. You received official written permission to work with: company site, forum, Linux server with LAMP, where this site is hosted.
Which vulnerability assessment tool should you consider using?
Which risk management phase helps in establishing context and quantifying risks?
David, a network and system admin, encrypted all the files in a Windows system that supports NTFS file system using Encrypted File Systems (EFS). He then backed up the same files into another Windows
system that supports FAT file system. Later, he found that the backup files were not encrypted. What could be the reason for this?
Which of the following provides the target for designing DR and BC solutions?
John is a senior network security administrator working at a multinational company. He wants to block specific syscalls from being used by container binaries. Which Linux kernel feature restricts actions
within the container?
Ryan is a network security administrator, who wants to implement local security policies for privileges granted to users and groups, system security audit settings, user authentication, and want to
send security audit messages to the Event Log. Which Windows security component fulfills Ryan’s requirement?
Michelle is a network security administrator working in an MNC company. She wants to set a
resource limit for CPU in a container. Which command-line allows Michelle to limit a container to 2
CPUs?
Which component of the data packets is encrypted in Transport mode encryption of an IPsec server?
The GMT enterprise is working on their internet and web usage policies. GMT would like to control
internet bandwidth consumption by employees. Which group of policies would this belong to?
The network administrator wants to strengthen physical security in the organization. Specifically, to
implement a solution stopping people from entering certain restricted zones without proper credentials.
Which of following physical security measures should the administrator use?
Which type of risk treatment process Includes not allowing the use of laptops in an organization to ensure its security?
An insider in Hexagon, a leading IT company in USA, was testing a packet crafting tool. This tool
generated a lot of malformed TCP/IP packets which crashed the main server’s operating system leading
to restricting the employees’ accesses. Which attack did the insider use in the above situation?
Which among the following control and manage the communication between VNF with computing, storage, and network resources along with virtualization?
Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?
Which of the following attack signature analysis techniques are implemented to examine the header information and conclude that a packet has been altered?
A popular e-commerce company has recently received a lot of complaints from its customers. Most
of the complaints are about the customers being redirected to some other website when trying to
access the e-com site, leading to all their systems being compromised and corrupted. Upon
investigation, the network admin of the firm discovered that some adversary had manipulated the
company’s IP address in the domain name server’s cache. What is such an attack called?
Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as
PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?
How can organizations obtain information about threats through human intelligence?
Which of the following systems includes an independent NAS Head and multiple storage arrays?
Based on which of the following registry key, the Windows Event log audit configurations are recorded?
Which category of suspicious traffic signatures includes SYN flood attempts?
A newly joined network administrator wants to assess the organization against possible risk. He notices the organization doesn't have a________identified which helps measure how risky an activity is.
Katie has implemented the RAID level that split data into blocks and evenly write the data to multiple hard drives but does not provide data redundancy. This type of RAID level requires a minimum of________in order to
setup.
An US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that require a minimum of six drives but will meet high fault tolerance and with a
high speed for the data read and write operations. What RAID level is John considering to meet this requirement?
Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:
Which of the following data security technology can ensure information protection by obscuring specific areas of information?
Kyle is an IT technician managing 25 workstations and 4 servers. The servers run applications and mostly store confidential data. Kyle must backup the server's data daily to ensure nothing is lost. The power in the
company's office is not always reliable, Kyle needs to make sure the servers do not go down or are without power for too long. Kyle decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters
and converters to charge the battery and provides power when needed. What type of UPS has Kyle purchased?
Oliver is a Linux security administrator at an MNC. An employee named Alice has resigned from his organization and Oliver wants to disable this user in Ubuntu. Which of the following commands can be used to accomplish this?
Who acts as an intermediary to provide connectivity and transport services between cloud consumers and providers?
Jeanne is working as a network administrator in an IT company. She wants to control/limit container
access to CPU, memory, swap, block IO (rates), network. Which Linux kernel feature allows Jeanne to
manage, restrict, and audit groups of the process?
Identify the firewall technology that monitors the TCP handshake between the packets to determine whether a requested session is legitimate.
A network designer needs to submit a proposal for a company, which has just published a web
portal for its clients on the internet. Such a server needs to be isolated from the internal network,
placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with
three interfaces, one for the internet network, another for the DMZ server farm and another for the
internal network. What kind of topology will the designer propose?
Which of the following filters can be used to detect UDP scan attempts using Wireshark?
Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented.
What is the correct hierarchy for a security policy implementation?
Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when
deciding on the appropriate backup medium?
You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your
first reaction as a first responder?
John is working as a network defender at a well-reputed multinational company. He wanted to implement security that can help him identify any future attacks that can betargeted toward his organization and
take appropriate security measures and actions beforehand to defend against them. Which one of the following security defense techniques should be implement?