Labour Day Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certified Network Defender (CND) Question and Answers

Certified Network Defender (CND)

Last Update Apr 23, 2024
Total Questions : 345

We are offering FREE 312-38 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 312-38 free exam questions and then go for complete pool of Certified Network Defender (CND) test questions that will help you more.

312-38 pdf

312-38 PDF

$35  $99.99
312-38 Engine

312-38 Testing Engine

$42  $119.99
312-38 PDF + Engine

312-38 PDF + Testing Engine

$56  $159.99
Questions 1

Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized

traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching

through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts

administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

Options:

A.  

Snort is the best tool for their situation

B.  

They can implement Wireshark

C.  

They could use Tripwire

D.  

They need to use Nessus

Discussion 0
Questions 2

-----------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

Options:

A.  

802.15.4

B.  

802.15

C.  

802.12

D.  

802.16

Discussion 0
Questions 3

What should a network administrator perform to execute/test the untrusted or untested programs or code from untrusted or unverified third-parties without risking the host system or OS?

Options:

A.  

Application Whitelisting

B.  

Application Blacklisting

C.  

Deployment of WAFs

D.  

Application Sandboxing

Discussion 0
Questions 4

Which of the following is a drawback of traditional perimeter security?

Options:

A.  

Traditional firewalls are static in nature

B.  

Traditional VPNs follow identity centric instead of trust based network centric approach

C.  

Traditional perimeter security is identity-centric

D.  

Traditional firewalls are dynamic in nature

Discussion 0
Questions 5

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend

them against this allegation.

Options:

A.  

PR Specialist

B.  

Attorney

C.  

Incident Handler

D.  

Evidence Manager

Discussion 0
Questions 6

An US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that require a minimum of six drives but will meet high fault tolerance and with a

high speed for the data read and write operations. What RAID level is John considering to meet this requirement?

Options:

A.  

RAID level 1

B.  

RAID level 10

C.  

RAID level 5

D.  

RAID level 50

Discussion 0
Questions 7

How can a WAF validate traffic before it reaches a web application?

Options:

A.  

It uses a role-based filtering technique

B.  

It uses an access-based filtering technique

C.  

It uses a sandboxing filtering technique

D.  

It uses a rule-based filtering technique

Discussion 0
Questions 8

Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when

deciding on the appropriate backup medium?

Options:

A.  

Capability

B.  

Accountability

C.  

Extensibility

D.  

Reliability

Discussion 0
Questions 9

What represents the ability of an organization to respond under emergency in order to minimize the damage to its brand name, business operation, and profit?

Options:

A.  

Disaster recovery

B.  

Incident management

C.  

Emergency management

D.  

Crisis management

Discussion 0
Questions 10

An administrator wants to monitor and inspect large amounts of traffic and detect unauthorized attempts from inside the organization, with the help of an IDS. They are not able to

recognize the exact location to deploy the IDS sensor. Can you help him spot the location where the IDS sensor should be placed?

Options:

A.  

Location 2

B.  

Location 3

C.  

Location 4

D.  

Location 1

Discussion 0
Questions 11

The network administrator wants to strengthen physical security in the organization. Specifically, to

implement a solution stopping people from entering certain restricted zones without proper credentials.

Which of following physical security measures should the administrator use?

Options:

A.  

Video surveillance

B.  

Fence

C.  

Mantrap

D.  

Bollards

Discussion 0
Questions 12

Harry has successfully completed the vulnerability scanning process and found serious vulnerabilities exist in the organization's network. Identify the vulnerability management phases through which he will proceed to

ensure all the detected vulnerabilities are addressed and eradicated. (Select all that apply)

Options:

A.  

Mitigation

B.  

Assessment

C.  

Verification

D.  

Remediation

Discussion 0
Questions 13

Which OSI layer does a Network Interface Card (NIC) work on?

Options:

A.  

Physical layer

B.  

Presentation layer

C.  

Network layer

D.  

Session layer

Discussion 0
Questions 14

Identity the correct order for a successful black hat operation.

Options:

A.  

Reconnaissance. Scanning, Gaining Access. Maintaining Access, and Covering Tracks

B.  

Scanning, Reconnaissance, Gaining Access. Maintaining Access and Covering Tracks

C.  

Reconnaissance. Gaming Access, Scanning. Maintaining Access, and Covering Tracks

D.  

Reconnaissance, Scanning, Gaining Access, Covering Tracks, and Maintaining Access

Discussion 0
Questions 15

Docker provides Platforms-a-Service (PaaS) through __________ and deliver*; containerized software packages

Options:

A.  

Storage-level virtualization

B.  

Network level virtualization

C.  

OS level visualization

D.  

Server-level visualization

Discussion 0
Questions 16

In Public Key Infrastructure (PKI), which authority is responsible for issuing and verifying the certificates?

Options:

A.  

Registration authority

B.  

Certificate authority

C.  

Digital Certificate authority

D.  

Digital signature authority

Discussion 0
Questions 17

Which of the following technologies can be used to leverage zero-trust model security?

Options:

A.  

Software defined networking (SDN)

B.  

Network function visualization (NFV)

C.  

Network visualization (NV)

D.  

Software defined perimeter (SDP)

Discussion 0
Questions 18

John is working as a network defender at a well-reputed multinational company. He wanted to implement security that can help him identify any future attacks that can betargeted toward his organization and

take appropriate security measures and actions beforehand to defend against them. Which one of the following security defense techniques should be implement?

Options:

A.  

Reactive security approach

B.  

Retrospective security approach

C.  

Proactive security approach

D.  

Preventive security approach

Discussion 0
Questions 19

Which type of attack is used to hack an IoT device and direct large amounts of network traffic toward a web server, resulting in overloading the server with connections and preventing any new connections?

Options:

A.  

XSS

B.  

DDoS

C.  

XCRF

D.  

Sniffing

Discussion 0
Questions 20

Ryan is a network security administrator, who wants to implement local security policies for privileges granted to users and groups, system security audit settings, user authentication, and want to

send security audit messages to the Event Log. Which Windows security component fulfills Ryan’s requirement?

Options:

A.  

Security Reference Monitor (SRM)

B.  

The Security Account Manager (SAM)

C.  

The Local Security Authority Subsystem (LSASS)

D.  

WinLogon and NetLogon

Discussion 0
Questions 21

Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?

Options:

A.  

Indicators of attack

B.  

Key risk indicators

C.  

Indicators of exposure

D.  

Indicators of compromise

Discussion 0
Questions 22

An insider in Hexagon, a leading IT company in USA, was testing a packet crafting tool. This tool

generated a lot of malformed TCP/IP packets which crashed the main server’s operating system leading

to restricting the employees’ accesses. Which attack did the insider use in the above situation?

Options:

A.  

DoS attack

B.  

Session Hijacking

C.  

Man-in-the-Middle

D.  

Cross-Site-Scripting

Discussion 0
Questions 23

Which of the following connects the SDN application layer and SDN controller and allows communication between the network services and business applications?

Options:

A.  

Eastbound API

B.  

Westbound API

C.  

Northbound API

D.  

Southbound API

Discussion 0
Questions 24

Which of the following RAID storage techniques divides the data into multiple blocks, which are further written across the RAID system?

Options:

A.  

Mirroring

B.  

Striping

C.  

None of these

D.  

Parity

Discussion 0
Questions 25

Which among the following control and manage the communication between VNF with computing, storage, and network resources along with virtualization?

Options:

A.  

Orchestrator

B.  

VNF Manager(s)

C.  

Virtualized Infrastructure Manager(s)

D.  

Element Management System (EMS)

Discussion 0
Questions 26

During the recovery process, RTO and RPO should be the main parameters of your disaster

recovery plan. What does RPO refer to?

Options:

A.  

The hot plugging technique used to replace computer components

B.  

The interval after which the data quality is lost

C.  

The encryption feature, acting as add-on security to the data

D.  

The duration required to restore the data

Discussion 0
Questions 27

According to standard loT security practice, loT Gateway should be connected to a -------------

Options:

A.  

Border router

B.  

Secure router

C.  

Pouter that is connected to internal servers

D.  

Router that is connected to other subnets

Discussion 0
Questions 28

Which firewall technology can be implemented in all (application, session, transport, network, and presentation) layers of the OSl model?

Options:

A.  

Circuit-level gateway

B.  

Network address translation

C.  

VPN

D.  

Packet filtering

Discussion 0
Questions 29

Which of the Windows security component is responsible for controlling access of a user to Windows resources?

Options:

A.  

Network Logon Service (Netlogon)

B.  

Security Accounts Manager (SAM)

C.  

Security Reference Monitor (SRM)

D.  

Local Security Authority Subsystem (LSASS)

Discussion 0
Questions 30

Maximus Tech Is a multinational company that uses Cisco ASA Firewalls for their systems. Jason is the one of the members of the team that checks the logs at Maximus Tech. As a part of his job. he is going through me logs and he came across a firewall log that looks like this:

May 06 2018 21:27:27 asa 1: % ASA -6-11008: User enable_16' executed the 'configure term' command

Based on the security level mentioned in the log, what did Jason understand about the description of this message?

Options:

A.  

Normal but significant message

B.  

Informational message

C.  

Critical condition message

D.  

Warning condition message

Discussion 0
Questions 31

The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and

you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all

currently installed packages?

Options:

A.  

You should run the up2date -d -f -u command

B.  

You should run the up2data -u command

C.  

You should run the WSUS -d -f -u command.

D.  

You should type the sysupdate -d command

Discussion 0
Questions 32

Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.

Options:

A.  

FHSS

B.  

DSSS

C.  

OFDM

D.  

ISM

Discussion 0
Questions 33

In ______ method, event logs are arranged in the form of a circular buffer.

Options:

A.  

Non-wrapping method

B.  

LIFO method

C.  

Wrapping method

D.  

FIFO method

Discussion 0
Questions 34

The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in

transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?

Options:

A.  

Hashing; hash code

B.  

Symmetric encryption; secret key

C.  

Hashing; public key

D.  

Asymmetric encryption; public key

Discussion 0
Questions 35

Timothy works as a network administrator in a multinational organization. He decides to implement a dedicated network for sharing storage resources. He uses a_______as itseperates the storage units from the

servers and the user network.

Options:

A.  

SAN

B.  

SCSA

C.  

NAS

D.  

SAS

Discussion 0
Questions 36

Jason works as a System Administrator for www.company.com Inc. The company has a Windows

based network. Sam, an employee of the company, accidentally changes some of the applications and

system settings. He complains to Jason that his system is not working properly. To troubleshoot the

problem, Jason diagnoses the internals of his computer and observes that some changes have been

made in Sam's computer registry. To rectify the issue, Jason has to restore the registry. Which of the

following utilities can Jason use to accomplish the task? Each correct answer represents a complete

solution. Choose all that apply.

Options:

A.  

Resplendent registrar

B.  

Reg.exe

C.  

Regedit.exe

D.  

EventCombMT

Discussion 0
Questions 37

Identify the network topology where each computer acts as a repeater and the data passes from one computer to the other in a single direction until it reaches the destination.

Options:

A.  

Ring

B.  

Mesh

C.  

Bus

D.  

Star

Discussion 0
Questions 38

Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted

publisher. Which of the following script execution policy setting this?

Options:

A.  

AllSigned

B.  

Restricted

C.  

RemoteSigned

D.  

Unrestricted

Discussion 0
Questions 39

Which of the following entities is responsible for cloud security?

Options:

A.  

Cloud provider

B.  

Cloud consumer

C.  

Cloud broker

D.  

Both cloud consumer and provider

Discussion 0
Questions 40

Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

Options:

A.  

Use firewalls in Network Address Transition (NAT) mode

B.  

Implement IPsec

C.  

Implement Simple Network Management Protocol (SNMP)

D.  

Use Network Time Protocol (NTP)

Discussion 0
Questions 41

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or

multiple fields?

Options:

A.  

Automated Field Correlation

B.  

Field-Based Approach

C.  

Rule-Based Approach

D.  

Graph-Based Approach

Discussion 0
Questions 42

Which wireless networking topology setup requires same channel name and SSID?

Options:

A.  

Ad-Hoc standalone network architecture

B.  

Infrastructure network topology

C.  

Hybrid topology

D.  

Mesh topology

Discussion 0
Questions 43

Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching. Which type of network-based IDS is Sam implementing?

Options:

A.  

Behavior-based IDS

B.  

Anomaly-based IDS

C.  

Stateful protocol analysis

D.  

Signature-based IDS

Discussion 0
Questions 44

How is the chip-level security of an loT device achieved?

Options:

A.  

Encrypting JTAC interface

B.  

Keeping the device on a that network

C.  

Closing insecure network services

D.  

Changing the password of the router

Discussion 0
Questions 45

Which scan attempt can penetrate through a router and a firewall that filter incoming packets with particular flags set and is not supported by Windows?

Options:

A.  

ARP scan attempt

B.  

TCP full connect scan attempt

C.  

TCP null scan attempt

D.  

PINC sweep attempt

Discussion 0
Questions 46

John has been working a* a network administrator at an IT company. He wants to prevent misuse of accounts by unauthorized users. He wants to ensure that no accounts have empty passwords. Which of the following commands does John use to list all the accounts with an empty password?

Options:

A.  

B.  

C.  

D.  

Discussion 0
Questions 47

A popular e-commerce company has recently received a lot of complaints from its customers. Most

of the complaints are about the customers being redirected to some other website when trying to

access the e-com site, leading to all their systems being compromised and corrupted. Upon

investigation, the network admin of the firm discovered that some adversary had manipulated the

company’s IP address in the domain name server’s cache. What is such an attack called?

Options:

A.  

DNS Poisoning

B.  

DNS Application

C.  

DNS Attacked by DDoS

D.  

DNS Hijacking

Discussion 0
Questions 48

Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and Hateful inspection?

Options:

A.  

Circuit-level gateway firewall

B.  

Next generation firewall

C.  

Network address translation

D.  

Stateful muIti-layer inspection firewall

Discussion 0
Questions 49

Which of the following standards does a cloud service provider has to comply with, to protect the privacy of its customer’s personal information?

Options:

A.  

ISO/IEC 27018

B.  

ISO/IEC 27019

C.  

ISO/IEC 27020

D.  

ISO/IEC 27021

Discussion 0
Questions 50

What is the name of the authority that verifies the certificate authority in digital certificates?

Options:

A.  

Directory management system

B.  

Certificate authority

C.  

Registration authority

D.  

Certificate Management system

Discussion 0
Questions 51

Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

Options:

A.  

Pipe Model

B.  

AAA model

C.  

Hub-and-Spoke VPN model

D.  

Hose mode

Discussion 0
Questions 52

Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?

Options:

A.  

Response

B.  

Recovery

C.  

Resumption

D.  

Restoration

Discussion 0
Questions 53

A company has the right to monitor the activities of their employees on different information systems according to the _______policy.

Options:

A.  

Information system

B.  

User access control

C.  

Internet usage

D.  

Confidential data

Discussion 0
Questions 54

_______________ is a structured and continuous process which integrates information security

and risk management activities into the system development life cycle (SDLC).

Options:

A.  

COBIT Framework

B.  

NIST Risk Management Framework

C.  

ERM Framework

D.  

COSO ERM Framework

Discussion 0
Questions 55

The SOC manager is reviewing logs in AlienVault USM to investigate an intrusion on the network.

Which CND approach is being used?

Options:

A.  

Preventive

B.  

Reactive

C.  

Retrospective

D.  

Deterrent

Discussion 0
Questions 56

As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's _________integrity check mechanism provides security against a replay attack

Options:

A.  

CRC-32

B.  

CRC-MAC

C.  

CBC-MAC

D.  

CBC-32

Discussion 0
Questions 57

Which of the following interfaces uses hot plugging technique to replace computer components without the need to shut down the system?

Options:

A.  

SCSI

B.  

SATA

C.  

SDRAM

D.  

IDE

Discussion 0
Questions 58

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

Options:

A.  

Proactive approach

B.  

Retrospective approach

C.  

Preventive approach

D.  

Reactive approach

Discussion 0
Questions 59

Geon Solutions INC., had only 10 employees when it started. But as business grew, the organization had to increase the amount of staff. The network administrator is finding it difficult to accommodate an increasing

number of employees in the existing network topology. So the organization is planning to implement a new topology where it will be easy to accommodate an increasingnumber of employees. Which network topology

will help the administrator solve the problem of needing to add new employees and expand?

Options:

A.  

Bus

B.  

Star

C.  

Ring

D.  

Mesh

Discussion 0
Questions 60

A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other f unction(s) of the device? (Select all that apply)

Options:

A.  

Provides access memory, achieving high efficiency

B.  

Assigns user addresses

C.  

Enables input/output (I/O) operations

D.  

Manages security keys

Discussion 0
Questions 61

Which IEEE standard does wireless network use?

Options:

A.  

802.11

B.  

802.18

C.  

802.9

D.  

802.10

Discussion 0
Questions 62

An employee of a medical service company clicked a malicious link in an email sent by an attacker. Suddenly, employees of the company are not able to access billing information or client record as it is

encrypted. The attacker asked the company to pay money for gaining access to their data. Which type of malware attack is described above?

Options:

A.  

Logic bomb

B.  

Rootkits

C.  

Trojan

D.  

Ransomware

Discussion 0
Questions 63

Michelle is a network security administrator working in an MNC company. She wants to set a

resource limit for CPU in a container. Which command-line allows Michelle to limit a container to 2

CPUs?

Options:

A.  

--cpu=“2”

B.  

$cpu=“2”

C.  

--cpus=“2”

D.  

$cpus=“2”

Discussion 0
Questions 64

Choose the correct order of steps to analyze the attack surface.

Options:

A.  

Identify the indicators of exposure->visualize the attack surface->simulate the attack->reduce the attack surface

B.  

Visualize the attack surface->simulate the attack->identify the indicators of exposure->reduce the attack surface

C.  

Identify the indicators of exposure->simulate the attack->visualize the attack surface->reduce the attack surface

D.  

Visualize the attack surface->identify the indicators of exposure->simulate the attack->reduce the attack surface

Discussion 0
Questions 65

A stateful multilayer inspection firewall combines the aspects of Application level gateway, Circuit level gateway and Packet filtering firewall. On which layers of the OSI model, does the Stateful

multilayer inspection firewall works?

Options:

A.  

Network, Session & Application

B.  

Physical & application

C.  

Session & network

D.  

Physical, session & application

Discussion 0
Questions 66

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what

command should he execute?

Options:

A.  

# update-rc.d -f [service name] remove

B.  

# service [service name] stop

C.  

# ps ax | grep [Target Process]

D.  

# kill -9 [PID]

Discussion 0
Questions 67

Which of the following includes examining the probability, impact status, and exposure of risk?

Options:

A.  

Risk Review

B.  

Risk Tracking

C.  

Risk Identification

D.  

Risk Assessment

Discussion 0
Questions 68

James, a network admin in a large US based IT firm, was asked to audit and implement security

controls over all network layers to achieve Defense-in-Depth. While working on this assignment, James

has implemented both blacklisting and whitelisting ACLs. Which layer of defense-in-depth architecture is

Jason working on currently?

Options:

A.  

Application Layer

B.  

Host Layer

C.  

Internal Network Layer

D.  

Perimeter Layer

Discussion 0
Questions 69

Which of the following Layers of IoT Architecture provides dashboards to monitor, analyze, and implement proactive decisions?

Options:

A.  

Device Layer

B.  

Communication Layer

C.  

Cloud Layer

D.  

Process Layer

Discussion 0
Questions 70

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. Which step should Malone list as the last step in the incident response methodology?

Options:

A.  

Malone should list a follow-up as the last step in the methodology

B.  

Recovery would be the correct choice for the last step in the incident response methodology

C.  

He should assign eradication to the last step.

D.  

Containment should be listed on Malone's plan for incident response.

Discussion 0
Questions 71

On which layer of the OSI model does the packet filtering firewalls work?

Options:

A.  

Network Layer

B.  

Application Layer

C.  

Session Layer

D.  

Physical Layer

Discussion 0
Questions 72

If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company’s Linux systems, which directory should he access?

Options:

A.  

/etc/logrotate.conf

B.  

/etc/hosts.allow

C.  

/etc/crontab

D.  

/etc/login.defs

Discussion 0
Questions 73

Riya bought some clothes and a watch from an online shopping site a few days back. Since then,

whenever she accesses any other application (games, browser, etc.) on her mobile, she is spammed with

advertisements for clothes and watches similar to the ones she bought. What can be the underlying

reason for Riya’s situation?

Options:

A.  

Ria’s system was infected by Adware

B.  

Ria’s system was infected by Spyware

C.  

Ria’s system was infected by Backdoor

D.  

Ria’s system was infected by Rootkit

Discussion 0
Questions 74

Which of the following Wireshark filters can a network administrator use to view the packets without any flags set in order to detect TCP Null Scan attempts?

Options:

A.  

TCP.flags==0x000

B.  

tcp.flags==0X029

C.  

tcp.flags==0x003

D.  

tcp.dstport==7

Discussion 0
Questions 75

Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

Options:

A.  

IsEncrypted Enabled

B.  

NeverEncrypted disabled

C.  

Allow Encrypted

D.  

Always Encrypted

Discussion 0
Questions 76

How is the chip-level security of an IoT device achieved?

Options:

A.  

By closing insecure network services

B.  

By turning off the device when not needed or not in use

C.  

By encrypting the JTAG interface

D.  

By changing the password of the router

Discussion 0
Questions 77

During a security awareness program, management was explaining the various reasons which create threats to network security. Which could be a possible threat to network security?

Options:

A.  

Configuring automatic OS updates

B.  

Having a web server in the internal network

C.  

Implementing VPN

D.  

Patch management

Discussion 0
Questions 78

Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outliningthe level of severity for each type of

incident in the plan. Unsuccessful scans and probes are at what severity level?

Options:

A.  

High severity level

B.  

Extreme severity level

C.  

Mid severity level

D.  

Low severity level

Discussion 0
Questions 79

Which of the following creates passwords for individual administrator accounts and stores them in Windows AD?

Options:

A.  

LSASS

B.  

SRM

C.  

SAM

D.  

LAPS

Discussion 0
Questions 80

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for

disabling a service?

Options:

A.  

$ sudo system-ctl disable [service]

B.  

$ sudo systemctl disable [service]

C.  

$ sudo system.ctl disable [service]

D.  

$ sudo system ctl disable [service]

Discussion 0
Questions 81

You want to increase your network security implementing a technology that only allows certain MAC addresses in specific ports in the switches; which one of the above is the best choice?

Options:

A.  

Port Security

B.  

Port Detection

C.  

Port Authorization

D.  

Port Knocking

Discussion 0
Questions 82

Ryan, a network security engineer, after a recent attack, is trying to get information about the kind

of attack his users were facing. He has decided to put into production one honeypot called Kojoney. He

is interested in emulating the network vulnerability, rather than the real vulnerability system, making

this probe safer and more flexible. Which type of honeypot is he trying to implement?

Options:

A.  

Research honeypot

B.  

High interaction honeypots

C.  

Low interaction honeypots

D.  

Pure honeypots

Discussion 0
Questions 83

Which mobile-use approach allows an organization’s employees to use devices that they are comfortable with and best fits their preferences and work purposes?

Options:

A.  

BYOD

B.  

COPE

C.  

COBO

D.  

CYOD

Discussion 0
Questions 84

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your

first reaction as a first responder?

Options:

A.  

Avoid Fear, Uncertainty and Doubt

B.  

Communicate the incident

C.  

Make an initial assessment

D.  

Disable Virus Protection

Discussion 0
Questions 85

A network administrator is monitoring the network traffic with Wireshark. Which of the following filters will she use to view the packets moving without setting a flag to detect TCP Null Scan attempts?

Options:

A.  

TCRflags==0x000

B.  

Tcp.flags==0X029

C.  

Tcp.dstport==7

D.  

Tcp.flags==0x003

Discussion 0
Questions 86

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?

Options:

A.  

Containment

B.  

Assign eradication

C.  

A follow-up

D.  

Recovery

Discussion 0
Questions 87

Oliver is a Linux security administrator at an MNC. An employee named Alice has resigned from his organization and Oliver wants to disable this user in Ubuntu. Which of the following commands can be used to accomplish this?

Options:

A.  

usermod -3 alice

B.  

uscrmod- K alice

C.  

usermod- L alice

D.  

usermod- M alice

Discussion 0
Questions 88

Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented.

What is the correct hierarchy for a security policy implementation?

Options:

A.  

Laws, Policies, Regulations, Procedures and Standards

B.  

Regulations, Policies, Laws, Standards and Procedures

C.  

Laws, Regulations, Policies, Standards and Procedures

D.  

Procedures, Policies, Laws, Standards and Regulations

Discussion 0
Questions 89

Which of the following is an example of Indicators of Attack?

Options:

A.  

Malware

B.  

Signatures

C.  

Exploits

D.  

Remote code execution

Discussion 0
Questions 90

Which of the following statements holds true in terms of virtual machines?

Options:

A.  

Hardware-level virtualization takes place in VMs

B.  

All VMs share the host OS

C.  

VMs are light weight than container

D.  

OS-level virtualization takes place in VMs

Discussion 0
Questions 91

Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of

incident in the plan. Unsuccessful scans and probes are at what severity level?

Options:

A.  

Extreme severity level

B.  

Low severity level

C.  

Mid severity level

D.  

High severity level

Discussion 0
Questions 92

Mark is monitoring the network traffic on his organization's network. He wants to detect a TCP and UDP ping sweep on his network. Which type of filter will be used to detect this on the network?

Options:

A.  

Tcp.srcport==7 and udp.srcport==7

B.  

Tcp.srcport==7 and udp.dstport==7

C.  

Tcp.dstport==7 and udp.srcport==7

D.  

Tcp.dstport==7 and udp.dstport==7

Discussion 0
Questions 93

An organization’s web server was recently compromised triggering its admin team into action to

defend the network. The admin team wants to place the web server in such a way that, even if it is

attacked, the other network resources will be unavailable to the attacker. Moreover, the network

monitoring will easily detect the future attacks. How can the admin team implement this plan?

Options:

A.  

They can place the web server outside of the organization in a remote place

B.  

They can remove the web server from their organization

C.  

They can place it in a separate DMZ area behind the firewall

D.  

They can place it beside the firewall

Discussion 0
Questions 94

James wants to implement certain control measures to prevent denial-of-service attacks against the organization. Which of the following control measures can help James?

Options:

A.  

Strong passwords

B.  

Reduce the sessions time-out duration for the connection attempts

C.  

A honeypot in DMZ

D.  

Provide network-based anti-virus

Discussion 0
Questions 95

Which of the following characteristics represents a normal TCP packet?

Options:

A.  

SYN and FIN bits are set

B.  

Source or destination port b zero

C.  

FIN ACK and ACK are used in terminating the connection

D.  

The destination address is a broadcast address

Discussion 0
Questions 96

Which of the following attack signature analysis techniques are implemented to examine the header information and conclude that a packet has been altered?

Options:

A.  

Context-based signature analysis

B.  

Content-based signature analysis

C.  

Atomic signature-based analysis

D.  

Composite signature-based analysis

Discussion 0
Questions 97

Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view

the traffic?

Options:

A.  

Tcp.flags==0x000

B.  

Tcp.flags==0000x

C.  

Tcp.flags==000x0

D.  

Tcp.flags==x0000

Discussion 0
Questions 98

Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?

Options:

A.  

Hash rule

B.  

Path rule

C.  

Internet zone rule

D.  

Certificate rule

Discussion 0
Questions 99

Arman transferred some money to his friend’s account using a net banking service. After a few hours, his friend informed him that he hadn’t received the money yet. Arman logged on to the bank’s website to investigate and discovered that the amount had been transferred to an unknown account instead. The bank, upon receiving Arman’s complaint, discovered that someone had established a station between Arman’s and the bank server’s communication system. The station intercepted the communication and inserted another account number replacing his friend’s account number. What is

such an attack called?

Options:

A.  

Privilege Escalation

B.  

DNS Poisoning

C.  

Man-in-the-Middle Attack

D.  

DNS Cache Poisoning

Discussion 0
Questions 100

Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another

network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

Options:

A.  

Based on approval from management

B.  

Based on a first come first served basis

C.  

Based on a potential technical effect of the incident

D.  

Based on the type of response needed for the incident

Discussion 0
Questions 101

Identify the correct statements regarding a DMZ zone:

Options:

A.  

It is a file integrity monitoring mechanism

B.  

It is a Neutral zone between a trusted network and an untrusted network

C.  

It serves as a proxy

D.  

It includes sensitive internal servers such as database servers

Discussion 0
Questions 102

Which of the following systems includes an independent NAS Head and multiple storage arrays?

Options:

A.  

Gateway NAS System

B.  

FreeNAS

C.  

Integrated NAS System

D.  

None of these

Discussion 0
Questions 103

What defines the maximum time period an organization is willing to lose data during a major IT outage event?

Options:

A.  

BC

B.  

RTO

C.  

DR

D.  

RPO

Discussion 0