Summer Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certified Network Defender (CND) Question and Answers

Certified Network Defender (CND)

Last Update Jul 23, 2024
Total Questions : 362

We are offering FREE 312-38 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 312-38 free exam questions and then go for complete pool of Certified Network Defender (CND) test questions that will help you more.

312-38 pdf

312-38 PDF

$35  $99.99
312-38 Engine

312-38 Testing Engine

$42  $119.99
312-38 PDF + Engine

312-38 PDF + Testing Engine

$56  $159.99
Questions 1

In what type of IoT communication model do devices interact with each other through the internet, primarily using protocols such as ZigBee, Z-Wave, or Bluetooth?

Options:

A.  

Back-End Data-Sharing Model

B.  

Device-to-Gateway Model

C.  

Device-to-Cloud Model

D.  

Device-to-Device Model

Discussion 0
Questions 2

USB ports enabled on a laptop is an example of____

Options:

A.  

System Attack Surface

B.  

Network Attack Surface

C.  

Physical Attack Surface

D.  

Software attack Surface

Discussion 0
Questions 3

Clement is the CEO of an IT firm. He wants to implement a policy allowing employees with a preapproved set of devices from which the employees choose devices (laptops, smartphones, and tablets) to access company data as per the organization's access privileges. Which among the following policies does Clement want to enforce?

Options:

A.  

BYOD policy

B.  

COPE policy

C.  

CYOD policy

D.  

COBO policy

Discussion 0
Questions 4

According to standard loT security practice, loT Gateway should be connected to a -------------

Options:

A.  

Border router

B.  

Secure router

C.  

Pouter that is connected to internal servers

D.  

Router that is connected to other subnets

Discussion 0
Questions 5

Which RAID level does not provide data redundancy?

Options:

A.  

RAID level 0

B.  

RAID level 1

C.  

RAID level 50

D.  

RAID level 10

Discussion 0
Questions 6

HexCom, a leading IT Company in the USA, realized that their employees were having trouble accessing multiple servers with different passwords. Due to this, the centralized server was also being

overburdened by avoidable network traffic. To overcome the issue, what type of authentication can be given to the employees?

Options:

A.  

Two-Factor Authentication

B.  

Biometric Authentication

C.  

Single Sign-on (SSO)

D.  

Smart Card Authentication

Discussion 0
Questions 7

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

Options:

A.  

Proactive approach

B.  

Retrospective approach

C.  

Preventive approach

D.  

Reactive approach

Discussion 0
Questions 8

Which of the following is a data destruction technique that protects the sensitivity of information against a laboratory attack where an unauthorized individual uses signal processing recovery tools in a laboratory environment to recover the information?

Options:

A.  

Purging

B.  

Destroying

C.  

Clearing

D.  

Disposal

Discussion 0
Questions 9

Which of the following refers to a potential occurrence of an undesired event that can eventually damage and interrupt the operational and functional activities of an organization?

Options:

A.  

Attack

B.  

Risk

C.  

Threat

D.  

Vulnerability

Discussion 0
Questions 10

What is the best way to describe a mesh network topology?

Options:

A.  

A network the is extremely cost efficient, offering the best option for allowing computers to communicate amongst each other.

B.  

A network in which every computer in the network can communicate with a single central computer.

C.  

A network in which every computer in the network has a connection to each and every computer in the network.

D.  

A network in which every computer meshes together to form a hybrid between a star and bus topology.

Discussion 0
Questions 11

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend

them against this allegation.

Options:

A.  

PR Specialist

B.  

Attorney

C.  

Incident Handler

D.  

Evidence Manager

Discussion 0
Questions 12

Which encryption algorithm does S/MIME protocol implement for digital signatures in emails?

Options:

A.  

Rivest-Shamir-Adleman encryption

B.  

Digital Encryption Standard

C.  

Triple Data Encryption Standard

D.  

Advanced Encryption Standard

Discussion 0
Questions 13

Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?

Options:

A.  

MicroBurst

B.  

POSH -Sysmon

C.  

SecurityPolicyDsc

D.  

Sysmon

Discussion 0
Questions 14

Will is working as a Network Administrator. Management wants to maintain a backup of all the company data as soon as it starts operations. They decided to use a RAID backup storage technology for their data backup

plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data written to one disk is copied automatically to the other disk as well. This maintains an additional copy of the data.

Which RAID level is used here?

Options:

A.  

RAID 3

B.  

RAID 1

C.  

RAID 5

D.  

RAID 0

Discussion 0
Questions 15

Geon Solutions INC., had only 10 employees when it started. But as business grew, the organization had to increase the amount of staff. The network administrator is finding it difficult to accommodate an increasing

number of employees in the existing network topology. So the organization is planning to implement a new topology where it will be easy to accommodate an increasing number of employees. Which network topology

will help the administrator solve the problem of needing to add new employees and expand?

Options:

A.  

Bus

B.  

Star

C.  

Ring

D.  

Mesh

Discussion 0
Questions 16

Identify the attack where an attacker manipulates or tricks people into revealing their confidential details like bank account information, credit card details, etc.?

Options:

A.  

Social Engineering Attacks

B.  

Port Scanning

C.  

DNS Footprinting

D.  

ICMP Scanning

Discussion 0
Questions 17

Who offers formal experienced testimony in court?

Options:

A.  

Incident analyzer

B.  

Evidence documenter

C.  

Expert witness

D.  

Attorney

Discussion 0
Questions 18

Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?

Options:

A.  

ISO/IEC 27004

B.  

ISO/IEC 27002

C.  

ISO/IEC 27006

D.  

ISO/IEC 27005

Discussion 0
Questions 19

If a network is at risk from unskilled individuals, what type of threat is this?

Options:

A.  

External Threats

B.  

Structured Threats

C.  

Unstructured Threats

D.  

Internal Threats

Discussion 0
Questions 20

Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is

encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.

Options:

A.  

Full Mesh Mode

B.  

Point-to-Point Mode

C.  

Transport Mode

D.  

Tunnel Mode

Discussion 0
Questions 21

Which of the following wireless encryption provides enhanced password protection, secured IoT connections, and encompasses stronger encryption techniques?

Options:

A.  

WEP

B.  

WPA

C.  

WPA2

D.  

WPA3

Discussion 0
Questions 22

Frank is a network technician working for a medium-sized law firm in Memphis. Frank and two other IT employees take care of all the technical needs for the firm. The firm's partners have asked that a secure wireless

network be implemented in the office so employees can move about freely without being tied to a network cable. While Frank and his colleagues are familiar with wired Ethernet technologies, 802.3, they are not familiar

with how to setup wireless in a business environment. What IEEE standard should Frank and the other IT employees follow to become familiar with wireless?

Options:

A.  

The IEEE standard covering wireless is 802.9 and they should follow this.

B.  

802.7 covers wireless standards and should be followed

C.  

They should follow the 802.11 standard

D.  

Frank and the other IT employees should follow the 802.1 standard.

Discussion 0
Questions 23

Which of the following best describes the Log Normalization process?

Options:

A.  

It is a process of accepting logs from homogenous sources with the same formats and converting them into a different format

B.  

It is a process of accepting logs from homogenous sources with different formats and converting them into a common format

C.  

It is a process of accepting logs from heterogeneous sources with different formats and converting them into a common format

D.  

It is a process of accepting logs from heterogeneous sources with the same formats and converting them into a different format

Discussion 0
Questions 24

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your

first reaction as a first responder?

Options:

A.  

Avoid Fear, Uncertainty and Doubt

B.  

Communicate the incident

C.  

Make an initial assessment

D.  

Disable Virus Protection

Discussion 0
Questions 25

In MacOS, how can the user implement disk encryption?

Options:

A.  

By enabling BitLocker feature

B.  

By executing dm-crypt command

C.  

By turning on Device Encryption feature

D.  

By enabling FileVault feature

Discussion 0
Questions 26

During the recovery process, RTO and RPO should be the main parameters of your disaster

recovery plan. What does RPO refer to?

Options:

A.  

The hot plugging technique used to replace computer components

B.  

The interval after which the data quality is lost

C.  

The encryption feature, acting as add-on security to the data

D.  

The duration required to restore the data

Discussion 0
Questions 27

Physical access controls help organizations monitor, record, and control access to the information assets and facility. Identify the category of physical security controls which includes security labels and

warning signs.

Options:

A.  

Administrative control

B.  

Physical control

C.  

Technical control

D.  

Environmental control

Discussion 0
Questions 28

You want to increase your network security implementing a technology that only allows certain MAC addresses in specific ports in the switches; which one of the above is the best choice?

Options:

A.  

Port Security

B.  

Port Detection

C.  

Port Authorization

D.  

Port Knocking

Discussion 0
Questions 29

Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as

PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?

Options:

A.  

Module logging

B.  

Script block logging

C.  

Event logging

D.  

Transcript logging

Discussion 0
Questions 30

Who is responsible for conveying company details after an incident?

Options:

A.  

PR specialist

B.  

IR officer

C.  

IR manager

D.  

IR custodians

Discussion 0
Questions 31

What is the IT security team responsible for effectively managing the security of the organization’s IT infrastructure, called?

Options:

A.  

Grey Team

B.  

Red Team

C.  

Blue Team

D.  

Yellow Team

Discussion 0
Questions 32

The GMT enterprise is working on their internet and web usage policies. GMT would like to control

internet bandwidth consumption by employees. Which group of policies would this belong to?

Options:

A.  

Enterprise Information Security Policy

B.  

System Specific Security Policy

C.  

Network Services Specific Security Policy

D.  

Issue Specific Security Policy

Discussion 0
Questions 33

Patrick wants to change the file permission of a file with permission value 755 to 744. He used a Linux command chmod [permission Value] [File Name] to make these changes. What will be the change

in the file access?

Options:

A.  

He changed the file permission from rwxr-xr-x to rwx-r--r--

B.  

He changes the file permission from rwxr-xr-x to rw-rw-rw-

C.  

He changed the file permission from rw------- to rw-r--r--

D.  

He changed the file permission from rwxrwxrwx to rwx------

Discussion 0
Questions 34

Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:

Options:

A.  

Cloud to service attack surface

B.  

User to service attack surface

C.  

User to cloud attack surface

D.  

Cloud to user attack surface

Discussion 0
Questions 35

According to the company's security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows

Authentication. What needs to happen to force this server to use Windows Authentication?

Options:

A.  

Edit the ADLIN file.

B.  

Edit the shadow file.

C.  

Remove the /var/bin/localauth.conf file.

D.  

Edit the PAM file to enforce Windows Authentication

Discussion 0
Questions 36

Which of the following is a drawback of traditional perimeter security?

Options:

A.  

Traditional firewalls are static in nature

B.  

Traditional VPNs follow identity centric instead of trust based network centric approach

C.  

Traditional perimeter security is identity-centric

D.  

Traditional firewalls are dynamic in nature

Discussion 0
Questions 37

The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in

transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?

Options:

A.  

Hashing; hash code

B.  

Symmetric encryption; secret key

C.  

Hashing; public key

D.  

Asymmetric encryption; public key

Discussion 0
Questions 38

Who acts as an intermediary to provide connectivity and transport services between cloud consumers and providers?

Options:

A.  

Cloud Auditor

B.  

Cloud Broker

C.  

Cloud Carrier

D.  

Cloud Consultant

Discussion 0
Questions 39

Which of the following is not part of the recommended first response steps for network defenders?

Options:

A.  

Restrict yourself from doing the investigation

B.  

Extract relevant data from the suspected devices as early as possible

C.  

Disable virus protection

D.  

Do not change the state of the suspected device

Discussion 0
Questions 40

Which of the following provides the target for designing DR and BC solutions?

Options:

A.  

RCO

B.  

RTO

C.  

RPO

D.  

RGO

Discussion 0
Questions 41

An attacker has access to password hashes of a Windows 7 computer. Which of the following attacks can the attacker use to reveal the passwords?

Options:

A.  

Brute force

B.  

XSS

C.  

Dictionary attacks

D.  

Rainbow table

Discussion 0
Questions 42

The SNMP contains various commands that reduce the burden on the network administrators.

Which of the following commands is used by SNMP agents to notify SNMP managers about an event occurring in the network?

Options:

A.  

SET

B.  

TRAPS

C.  

INFORM

D.  

RESPONSE

Discussion 0
Questions 43

Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?

Options:

A.  

Shared Responsibility Model for Container Services

B.  

Shared Responsibility Model for Infrastructure Services

C.  

Shared Responsibility Model for Abstract Services

D.  

Shared Responsibility Model for Storage Services

Discussion 0
Questions 44

An employee of a medical service company clicked a malicious link in an email sent by an attacker. Suddenly, employees of the company are not able to access billing information or client record as it is

encrypted. The attacker asked the company to pay money for gaining access to their data. Which type of malware attack is described above?

Options:

A.  

Logic bomb

B.  

Rootkits

C.  

Trojan

D.  

Ransomware

Discussion 0
Questions 45

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal

advice to defend them against this allegation.

Options:

A.  

Evidence Manager

B.  

Incident Handler

C.  

Attorney

D.  

PR Specialist

Discussion 0
Questions 46

The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager

talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed. What is/are the reason(s) Alex is suggesting that James use a differential backup?

(Select all that apply)

Options:

A.  

Less storage space is required

B.  

Father restoration

C.  

Slower than a full backup

D.  

Faster than a full backup

E.  

Less expensive than full backup

Discussion 0
Questions 47

An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then

upload this file into the cracking application that runs against the user accounts. Which of the following password cracking techniques is the attacker trying?

Options:

A.  

Bruteforce

B.  

Rainbow table

C.  

Hybrid

D.  

Dictionary

Discussion 0
Questions 48

Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to

ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?

Options:

A.  

Usability

B.  

Data Integrity

C.  

Availability

D.  

Confidentiality

Discussion 0
Questions 49

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what

command should he execute?

Options:

A.  

# update-rc.d -f [service name] remove

B.  

# service [service name] stop

C.  

# ps ax | grep [Target Process]

D.  

# kill -9 [PID]

Discussion 0
Questions 50

Which of the following indicators are discovered through an attacker's intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?

Options:

A.  

Key risk indicators

B.  

Indicators of compromise

C.  

Indicators of attack

D.  

Indicators of exposure

Discussion 0
Questions 51

Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?

Options:

A.  

Contain the damage

B.  

Disconnect the five infected devices from the network

C.  

Inform the IRT about the incident and wait for their response

D.  

Inform everybody in the organization about the attack

Discussion 0
Questions 52

Identity the method involved in purging technique of data destruction.

Options:

A.  

Incineration

B.  

Overwriting

C.  

Degaussing

D.  

Wiping

Discussion 0
Questions 53

Which type of training can create awareness among employees regarding compliance issues?

Options:

A.  

Social engineering awareness training

B.  

Security policy training

C.  

Physical security awareness training

D.  

Training on data classification

Discussion 0
Questions 54

John, a network administrator, is configuring Amazon EC2 cloud service for his organization. Identify the type of cloud service modules his organization adopted.

Options:

A.  

Software-as-a-Service (SaaS)

B.  

Infrastructure-as-a-Service (IaaS)

C.  

Platform-as-a-Service (PaaS)

D.  

Storage-as-a-Service (SaaS)

Discussion 0
Questions 55

Which type of modulation technique is used in local area wireless networks (LAWNs)?

Options:

A.  

FHSS

B.  

OFDM

C.  

DSSS

D.  

MIMO-OFDM

Discussion 0
Questions 56

What is Azure Key Vault?

Options:

A.  

It is secure storage for the keys used to encrypt data at rest in Azure services

B.  

It is secure storage for the keys used to encrypt data in motion in Azure services

C.  

It is secure storage for the keys used to encrypt data in use in Azure services

D.  

It is secure storage for the keys used to configure IAM in Azure services

Discussion 0
Questions 57

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of

following physical security measures should the administrator use?

Options:

A.  

Bollards

B.  

Fence

C.  

Video surveillance

D.  

Mantrap

Discussion 0
Questions 58

What defines the maximum time period an organization is willing to lose data during a major IT outage event?

Options:

A.  

BC

B.  

RTO

C.  

DR

D.  

RPO

Discussion 0
Questions 59

Riya bought some clothes and a watch from an online shopping site a few days back. Since then,

whenever she accesses any other application (games, browser, etc.) on her mobile, she is spammed with

advertisements for clothes and watches similar to the ones she bought. What can be the underlying

reason for Riya’s situation?

Options:

A.  

Ria’s system was infected by Adware

B.  

Ria’s system was infected by Spyware

C.  

Ria’s system was infected by Backdoor

D.  

Ria’s system was infected by Rootkit

Discussion 0
Questions 60

Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

Options:

A.  

tcp.dstport==7 and udp.srcport==7

B.  

tcp.dstport==7 and udp.dstport==7

C.  

tcp.dstport==7 and udp.dstport==7

D.  

tcp.dstport==7 and udp.srcport==7

Discussion 0
Questions 61

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Options:

A.  

tcp.flags==0x003

B.  

tcp.flags==0X029

C.  

TCP.flags==0x300

D.  

tcp.dstport==7

Discussion 0
Questions 62

Martin is a professional hacker. He is performing reconnaissance on an organization to hack a few

target systems. As a part of this method, he needs to determine what hosts are available on the

network, what services those hosts are offering, what operating systems they are running, what type of

packet filters/firewalls, etc. To obtain such information, Martin decided to use automated tools.

Which of the following tool must be employed by Martin?

Options:

A.  

Burp Suite

B.  

FOCA

C.  

Nmap

D.  

Zendio

Discussion 0
Questions 63

A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0. What IP address class is the network range a part of?

Options:

A.  

Class C

B.  

Class A

C.  

Class B

D.  

Class D

Discussion 0
Questions 64

Which of the following data security technology can ensure information protection by obscuring specific areas of information?

Options:

A.  

Data encryption

B.  

Data hashing

C.  

Data masking

D.  

Data retention

Discussion 0
Questions 65

Cindy is the network security administrator for her company. She just got back from a security

conference in Las Vegas where they talked about all kinds of old and new security threats; many of

which she did not know of. She is worried about the current security state of her company's network so

she decides to start scanning the network from an external IP address. To see how some of the hosts on

her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK

response. Before the connection is established, she sends RST packets to those hosts to stop the session.

She has done this to see how her intrusion detection system will log the traffic. What type of scan is

Cindy attempting here?

Options:

A.  

Cindy is using a half-open scan to find live hosts on her network.

B.  

The type of scan she is using is called a NULL scan

C.  

She is utilizing a RST scan to find live hosts that are listening on her network

D.  

Cindy is attempting to find live hosts on her company’s network by using a XMAS scan

Discussion 0
Questions 66

How is the chip-level security of an loT device achieved?

Options:

A.  

Encrypting JTAC interface

B.  

Keeping the device on a that network

C.  

Closing insecure network services

D.  

Changing the password of the router

Discussion 0
Questions 67

An IT company has just been hit with a severe external security breach. To enhance the company’s security posture, the network admin has decided to first block all the services and then individually

enable only the necessary services. What is such an Internet access policy called?

Options:

A.  

Prudent Policy

B.  

Permissive Policy

C.  

Promiscuous Policy

D.  

Paranoid Policy

Discussion 0
Questions 68

Bankofamerica Enterprise is working on an internet and usage policy in a way to control the

internet demand. What group of policy does this belong to?

Options:

A.  

Enterprise Information Security Policy

B.  

Issue Specific Security Policy

C.  

Network Services Specific Security Policy

D.  

System Specific Security Policy

Discussion 0
Questions 69

Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

Options:

A.  

Pipe Model

B.  

AAA model

C.  

Hub-and-Spoke VPN model

D.  

Hose mode

Discussion 0
Questions 70

Which of the following type of UPS is used to supply power above 10kVA and provides an ideal electric output presentation, and its constant wear on the power components reduces the

dependability?

Options:

A.  

Stand by On-line hybrid

B.  

Line Interactive

C.  

Double conversion on-line

D.  

Stand by Ferro

Discussion 0
Questions 71

Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

Options:

A.  

IsEncrypted Enabled

B.  

NeverEncrypted disabled

C.  

Allow Encrypted

D.  

Always Encrypted

Discussion 0
Questions 72

A network designer needs to submit a proposal for a company, which has just published a web

portal for its clients on the internet. Such a server needs to be isolated from the internal network,

placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with

three interfaces, one for the internet network, another for the DMZ server farm and another for the

internal network. What kind of topology will the designer propose?

Options:

A.  

Screened subnet

B.  

DMZ, External-Internal firewall

C.  

Multi-homed firewall

D.  

Bastion host

Discussion 0
Questions 73

Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of

incident in the plan. Unsuccessful scans and probes are at what severity level?

Options:

A.  

Extreme severity level

B.  

Low severity level

C.  

Mid severity level

D.  

High severity level

Discussion 0
Questions 74

How is application whitelisting different from application blacklisting?

Options:

A.  

It allows all applications other than the undesirable applications

B.  

It allows execution of trusted applications in a unified environment

C.  

It allows execution of untrusted applications in an isolated environment

D.  

It rejects all applications other than the allowed applications

Discussion 0
Questions 75

Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?

Options:

A.  

Hash rule

B.  

Path rule

C.  

Internet zone rule

D.  

Certificate rule

Discussion 0
Questions 76

The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank's business is very high. How should this risk be categorized in the

risk matrix?

Options:

A.  

High

B.  

Medium

C.  

Extreme

D.  

Low

Discussion 0
Questions 77

Maximus Tech Is a multinational company that uses Cisco ASA Firewalls for their systems. Jason is the one of the members of the team that checks the logs at Maximus Tech. As a part of his job. he is going through me logs and he came across a firewall log that looks like this:

May 06 2018 21:27:27 asa 1: % ASA -6-11008: User enable_16' executed the 'configure term' command

Based on the security level mentioned in the log, what did Jason understand about the description of this message?

Options:

A.  

Normal but significant message

B.  

Informational message

C.  

Critical condition message

D.  

Warning condition message

Discussion 0
Questions 78

Which field is not included in the TCP header?

Options:

A.  

Source IP address

B.  

Acknowledgment number

C.  

Sequence number

D.  

Source Port

Discussion 0
Questions 79

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

Options:

A.  

Install a CCTV with cameras pointing to the entrance doors and the street

B.  

Use fences in the entrance doors

C.  

Use lights in all the entrance doors and along the company's perimeter

D.  

Use an IDS in the entrance doors and install some of them near the corners

Discussion 0
Questions 80

Assume that you are working as a network defender at the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

Options:

A.  

Based on the type of response needed for the incident

B.  

Based on a potential technical effect of the incident

C.  

Based on a first come first served basis

D.  

Based on approval from management

Discussion 0
Questions 81

Identify the minimum number of drives required to setup RAID level 5.

Options:

A.  

Multiple

B.  

3

C.  

4

D.  

2

Discussion 0
Questions 82

Henry needs to design a backup strategy for the organization with no service level downtime. Which backup method will he select?

Options:

A.  

Normal backup

B.  

Warm backup

C.  

Hot backup

D.  

Cold backup

Discussion 0
Questions 83

Which event type indicates a significant problem such as loss of data or loss of functionality?

Options:

A.  

Error

B.  

Warning

C.  

Information

D.  

Failure Audit

Discussion 0
Questions 84

Which of the following systems includes an independent NAS Head and multiple storage arrays?

Options:

A.  

Gateway NAS System

B.  

FreeNAS

C.  

Integrated NAS System

D.  

None of these

Discussion 0
Questions 85

Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?

Options:

A.  

RPO

B.  

RFO

C.  

RSP

D.  

RTO

Discussion 0
Questions 86

Which wireless networking topology setup requires same channel name and SSID?

Options:

A.  

Ad-Hoc standalone network architecture

B.  

Infrastructure network topology

C.  

Hybrid topology

D.  

Mesh topology

Discussion 0
Questions 87

Which of the following can be used to suppress fire from Class K sources?

Options:

A.  

Foam

B.  

Carbon dioxide

C.  

Water

D.  

Dry Chemical

Discussion 0
Questions 88

Under which of the following acts can an international financial institution be prosecuted if it fails to maintain the privacy of its customer’s information?

Options:

A.  

GLBA

B.  

FISMA

C.  

DMCA

D.  

SOX

Discussion 0
Questions 89

Identify the correct statements regarding a DMZ zone:

Options:

A.  

It is a file integrity monitoring mechanism

B.  

It is a Neutral zone between a trusted network and an untrusted network

C.  

It serves as a proxy

D.  

It includes sensitive internal servers such as database servers

Discussion 0
Questions 90

Individuals in the organization using system resources against acceptable usage policies indicates which of the following security incident:

Options:

A.  

Malicious Code

B.  

Denial-of-Service ( DoS )

C.  

Improper Usage

D.  

Unauthorized Access

Discussion 0
Questions 91

Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other. How will they ensure the authenticity of their emails?

Options:

A.  

Dan will use his public key to encrypt his mails while Alex will use Dan's digital signature to verify the authenticity of the mails.

B.  

Dan will use his private key to encrypt his mails while Alex will use his digital signature to verify the authenticity of the mails.

C.  

Dan will use his digital signature to sign his mails while Alex will use his private key to verify the authenticity of the mails.

D.  

Dan will use his digital signature to sign his mails while Alex will use Dan's public key to verify the authencity of the mails.

Discussion 0
Questions 92

Jeanne is working as a network administrator in an IT company. She wants to control/limit container

access to CPU, memory, swap, block IO (rates), network. Which Linux kernel feature allows Jeanne to

manage, restrict, and audit groups of the process?

Options:

A.  

Cgroups

B.  

LSMs

C.  

Seccomp

D.  

Userns

Discussion 0
Questions 93

Which filter to locate unusual ICMP request an Analyst can use in order to detect a ICMP probes

from the attacker to a target OS looking for the response to perform ICMP fingerprinting?

Options:

A.  

(icmp.type==9 && ((!(icmp.code==9))

B.  

(icmp.type==14) || (icmp.type==15 || (icmp.type==17)

C.  

(icmp.type==8 && ((!(icmp.code==8))

D.  

(icmp.type==12) || (icmp.type==15 || (icmp.type==17)

Discussion 0
Questions 94

You are using Wireshark to monitor your network traffic and you see a lot of packages with FIN,

PUSH and URG flags activated; what can you infer about this behavior?

Options:

A.  

The Layer 3 Controls are activated in the Switches

B.  

The Spanning Tree Protocol is activated in the Switches

C.  

One NIC is broadcasting erroneous traffic

D.  

An attacker is running a XMAS scan against the network

Discussion 0
Questions 95

Which subdirectory in /var/log directory stores information related to Apache web server?

Options:

A.  

/var/log/maillog/

B.  

/var/log/httpd/

C.  

/var/log/apachelog/

D.  

/var/log/lighttpd/

Discussion 0
Questions 96

Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?

Options:

A.  

Application sandboxing

B.  

Deployment of WAFS

C.  

Application whitelisting

D.  

Application blacklisting

Discussion 0
Questions 97

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for

disabling a service?

Options:

A.  

$ sudo system-ctl disable [service]

B.  

$ sudo systemctl disable [service]

C.  

$ sudo system.ctl disable [service]

D.  

$ sudo system ctl disable [service]

Discussion 0
Questions 98

Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication

before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?

Options:

A.  

Integrity

B.  

Non-repudiation

C.  

Confidentiality

D.  

Authentication

Discussion 0
Questions 99

A popular e-commerce company has recently received a lot of complaints from its customers. Most

of the complaints are about the customers being redirected to some other website when trying to

access the e-com site, leading to all their systems being compromised and corrupted. Upon

investigation, the network admin of the firm discovered that some adversary had manipulated the

company’s IP address in the domain name server’s cache. What is such an attack called?

Options:

A.  

DNS Poisoning

B.  

DNS Application

C.  

DNS Attacked by DDoS

D.  

DNS Hijacking

Discussion 0
Questions 100

How is an “attack” represented?

Options:

A.  

Motive (goal) + method

B.  

Motive (goal) + method + vulnerability

C.  

Asset + Threat + Vulnerability

D.  

Asset + Threat

Discussion 0
Questions 101

Which of the following is a best practice for wireless network security?

Options:

A.  

Enabling the remote router login

B.  

Do not changing the default SSID

C.  

Do not placing packet filter between the AP and the corporate intranet

D.  

Using SSID cloaking

Discussion 0
Questions 102

In ______ method, event logs are arranged in the form of a circular buffer.

Options:

A.  

Non-wrapping method

B.  

LIFO method

C.  

Wrapping method

D.  

FIFO method

Discussion 0
Questions 103

Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?

Options:

A.  

Scans/Probes/Attempted Access

B.  

Malicious code

C.  

Improper usage

D.  

Denial-of-Service

Discussion 0
Questions 104

Disaster Recovery is a _________.

Options:

A.  

Operation-centric strategy

B.  

Security-centric strategy

C.  

Data-centric strategy

D.  

Business-centric strategy

Discussion 0
Questions 105

Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With

suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic

normally recorded by the IDS. What type of detection is this network-based IDS system using?

Options:

A.  

This network-based IDS system is using anomaly detection.

B.  

This network-based IDS system is using dissimilarity algorithms.

C.  

This system is using misuse detection.

D.  

This network-based IDS is utilizing definition-based detection.

Discussion 0
Questions 106

Delta IT solutions suffered a substantial data loss translating into a huge monetary loss for them. While investigation, the network admin analyzed all the packets and traffic transmitted across the

network and identified that some user, within the organization, had leaked the data. Which of the following devices could have helped the network admin reach this conclusion?

Options:

A.  

Internet Content Filter

B.  

Network Access Control

C.  

Network Protocol Analyzer

D.  

Intrusion Detection System

Discussion 0
Questions 107

Which of the following filters car be applied to detect an ICMP ping sweep attempt using Wireshark?

Options:

A.  

icmp.type==8

B.  

icmp.type==13

C.  

icmp.type==17

D.  

icmp.type==15

Discussion 0
Questions 108

Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?

Options:

A.  

Full backup

B.  

Incremental backup

C.  

Differential Backup

D.  

Normal Backup

Discussion 0