Modules 24-25

Question 1

Which ICMP message type should be stopped inbound?

• source quench
• echo-reply
• echo
• unreachable

Answer 1

Echo

The echo ICMP packet should not be allowed inbound on an interface. The echo-reply should be allowed so that when an internal device pings an external device, the reply is allowed to return.

Question 2

How can IMAP be a security threat to a company?

• Someone inadvertently clicks on a hidden iFrame.
• Encrypted data is decrypted.
• An email can be used to bring malware to a host.
• It can be used to encode stolen data and send to a threat actor.

Answer 2

An email can be used to bring malware to a host.

Question 3

Which two technologies are primarily used on peer-to-peer networks? (Choose two.)

• Bitcoin
• BitTorrent
• Wireshark
• Darknet
• Snort

Answer 3

Bitcoin
BitTorrent

Question 4

Which protocol is exploited by cybercriminals who create malicious iFrames?

• HTTP
• ARP
• DHCP
• DNS

Answer 4

HTTP

Question 5

Which method is used by some malware to transfer files from infected hosts to a threat actor host?

• UDP infiltration
• ICMP tunneling
• HTTPS traffic encryption
• iFrame injection

Answer 5

ICMP tunneling

Question 6

Why does HTTPS technology add complexity to network security monitoring?

• HTTPS dynamically changes the port number on the web server.
• HTTPS uses tunneling technology for confidentiality.
• HTTPS hides the true source IP address using NAT/PAT.
• HTTPS conceals data traffic through end-to-end encryption.

Answer 6

HTTPS conceals data traffic through end-to-end encryption.

Question 7

Which approach is intended to prevent exploits that target syslog?

• Use a Linux-based server.
• Use syslog-ng.
• Create an ACL that permits only TCP traffic to the syslog server.
• Use a VPN between a syslog client and the syslog server.

Answer 7

Use syslog-ng

Question 8

Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?

• phishing
• denial of service
• reconnaissance
• social engineering

Answer 8

reconnaissance

Question 9

Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)

• HTTP
• HTTPS
• DNS
• DHCP
• HTML

Answer 9

HTTP
HTTPS

Question 10

What is Tor?

• a rule created in order to match a signature of a known exploit
• a software platform and network of P2P hosts that function as Internet routers
• a way to share processors between network devices across the Internet
• a type of Instant Messaging (IM) software used on the darknet

Answer 10

a software platform and network of P2P hosts that function as Internet routers

Question 11

Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?

• IMAP
• DNS
• HTTPS
• ICMP

Answer 11

DNS

Question 12

Which technique is necessary to ensure a private transfer of data using a VPN?

• authorization
• scalability
• encryption
• virtualization

Answer 12

encryption

Question 13

Which technology would be used to create the server logs generated by network devices and reviewed by an entry level network person who works the night shift at a data center?

• syslog
• NAT
• ACL
• VPN

Answer 13

syslog

Question 14

Which two tools have a GUI interface and can be used to view and analyze full packet captures? (Choose two.)

• nfdump
• Wireshark
• Cisco Prime Network Analysis Module
• tcpdump
• Splunk

Answer 14

Wireshark
Cisco Prime Network Analysis Module

Question 15

Which statement describes statistical data in network security monitoring processes?

• It is created through an analysis of other forms of network data.
• It contains conversations between network hosts.
• It shows the results of network activities between network hosts.
• It lists each alert message along with statistical information.

Answer 15

It is created through an analysis of other forms of network data.

Question 16

Which Windows log contains information about installations of software, including Windows updates?

• system logs
• application logs
• setup logs
• security logs

Answer 16

setup logs

Question 17

Which function is provided by the Sguil application?

• It reports conversations between hosts on the network.
• It makes Snort-generated alerts readable and searchable.
• It detects potential network intrusions.
• It prevents malware from attacking a host.

Answer 17

It makes Snort-generated alerts readable and searchable.

Question 18

Which statement describes a Cisco Web Security Appliance (WSA)?

• It protects a web server by preventing security threats from accessing the server.
• It provides high performance web services.
• It acts as an SSL-based VPN server for an enterprise.
• It functions as a web proxy.

Answer 18

It functions as a web proxy.

Question 19

Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?

• WSA
• AVC
• ASA
• ESA

Answer 19

WSA

Question 20

What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?

• There is a problem associated with NTP.
• The timestamp represents the round trip duration value.
• The syslog message should be treated with high priority.
• The syslog message indicates the time an email is received.

Answer 20

There is a problem associated with NTP

Question 21

Which information can be provided by the Cisco NetFlow utility?

• peak usage times and traffic routing
• security and user account restrictions
• IDS and IPS capabilities
• source and destination UDP port mapping

Answer 21

peak usage times and traffic routing

Question 22

How does a web proxy device provide data loss prevention (DLP) for an enterprise?

• by functioning as a firewall
• by inspecting incoming traffic for potential exploits
• by scanning and logging outgoing traffic
• by checking the reputation of external web servers

Answer 22

by scanning and logging outgoing traffic

Question 23

A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?

• Delete the file because it is probably malware.
• Move it to Program Files (x86) because it is a 32bit application.
• Uninstall the lsass application because it is a legacy application and no longer required by Windows.
• Open the Task Manager, right-click on the lsass process and choose End Task .

Answer 23

Delete the file because it is probably malware

Question 24

Which technique would a threat actor use to disguise traces of an ongoing exploit?

• Create an invisible iFrame on a web page.
• Corrupt time information by attacking the NTP infrastructure.
• Encapsulate other protocols within DNS to evade security measures.
• Use SSL to encapsulate malware.

Answer 24

Corrupt time information by attacking the NTP infrastructure

Question 25

Which technique is necessary to ensure a private transfer of data using a VPN? * authorization * scalability * encryption * virtualization

Answer 25

encryption

Question 26

Refer to the exhibit. A network administrator is viewing some output on the Netflow collector. What can be determined from the output of the traffic flow shown? * This is a UDP DNS request to a DNS server. * This is a UDP DNS response to a client machine. * This is a TCP DNS request to a DNS server. * This is a TCP DNS response to a client machine.

Answer 26

This is a UDP DNS response to a client machine.