Which two numbers could you use in the numbered configuration method, or a number as a name in the named configuration method, to configure standard IPv4 access lists? (Choose two.)
150
100
305
2000
2300
75
1305
75 and 1305
The ACL statement has the matching criteria specified as 192.168.122.128 0.0.0.63. Which two IPv4 addresses would match the criteria? (Choose two.)
192.168.0.195
192.168.122.195
192.68.120.190
192.168.122.140
192.168.122.63
192.168.122.191
192.168.122.140 and 192.168.122.191
Which application of an ACL is indicated by the statement “ACLs can permit or deny user access to FTP or HTTP servers”?
selection of traffic for prioritization
selection of traffic for analyzing
filtering of traffic to control access to network services
restricting the delivery of routing updates
filtering of traffic to control access to network services.
Which range of addresses is included in the matching criteria 10.220.56.0 0.0.7.255?
10.220.56.0 to 10.255.255.255
10.220.56.0 to 10.220.67.255
10.220.56.0 to 10.220.56.255
10.220.56.0 to 10.220.63.255
10.220.56.0 to 10.220.63.255
Which three commands would enable you to enter extended ACL statements on a router? (Choose three.)
Router(config)# access-list 101
Router(config)# access-list 1300
Router(config)# ip access-list extended 1300
Router(config)# ip access-list extended 101
Router(config)# ip access-list extended EXT_ACL
Router(config)# access-list 101
Router(config)# ip access-list extended 101
Router(config)# ip access-list extended EXT_ACL
any circumstance or event with the potential to cause harm to an asset
weakness that compromises either the security or the functionality of a system
mechanism that is used to leverage a vulnerability to compromise the security or functionality of a system
likelihood that a particular threat using a specific attack will exploit particular vulnerability
methods and corrective actions that you can take to protect against threats, specific exploits, and so on
Options: risk, exploit, threat, vulnerability, and mitigation techniques
Any circumstance or event with the potential to cause harm to an asset → Threat
Weakness that compromises either the security or the functionality of a system → Vulnerability
Mechanism that is used to leverage a vulnerability to compromise the security or functionality of a system → Exploit
Likelihood that a particular threat using a specific attack will exploit a particular vulnerability → Risk
Methods and corrective actions that you can take to protect against threats, specific exploits, and so on → Mitigation techniques
You are working as IT security engineer and you are browsing through the sectools.org website to see the top network security tools, as well as find more details on each particular tool and read reviews for it. What is the initiative that runs this website?
IEEE
ITU-T
Nmap Project
Metasploit
Nmap Project
Attackers create false identities on social networks, building and exploiting friend relationships with others on the social network.
Attackers target operating systems on consumer devices, such as smartphones, tablets, and so on.
Attackers targeting virtual servers, virtual switches, and trust relationships at the hypervisor level.
Attackers try to exploit operating systems and applications that leave traces of data in memory, to fetch information directly from the volatile memory.
Attackers perform bus sniffing, altering firmware, memory dumping to find crypto keys, utilize hardware-based keyloggers, etc. hardware hacking, memory scraping, virtualization exploits, consumer electronics exploit and cognitive threats via social networkss
Options: cognitive threats via social networks, memory scraping, hardware hacking, virtualization exploits and consumer electronics exploits
Attackers create false identities on social networks, building and exploiting friend relationships with others on the social network.
cognitive threats via social networks
Attackers target operating systems on consumer devices, such as smartphones, tablets, and so on.
consumer electronics exploits
Attackers targeting virtual servers, virtual switches, and trust relationships at the hypervisor level.
virtualization exploits
Attackers try to exploit operating systems and applications that leave traces of data in memory, to fetch information directly from the volatile memory.
memory scraping
Attackers perform bus sniffing, altering firmware, memory dumping to find crypto keys, utilize hardware-based keyloggers, etc.
hardware hacking
You are asked to conduct a training session in your company to educate employees about social engineering attacks. What is a common social engineering technique?
phishing
password cracking
MAC address spoofing
UDP flood
phishing
ou want to display public information regarding your company’s domain from the public DNS registries so you can see what information can be gathered by a reconnaissance attack on the DNS. Which command-line tool can you use on a Microsoft Windows computer?
dig
nslookup
ns-lookup
whois
grep
whois
Which three options are important services that network security aims to provide to manage risk? (Choose three.)
confidentiality
availability
defense in depth
accounting
integrity
confidentiality, integrity, and availability
Which two options are examples of a DDoS attack? (Choose two.)
email trying to entice users to access multiple malicious websites
attempts to crack username and password from different hosts
large amounts of traffic sent to a website from different hosts
large number of emails sent to an email service from a single host
large number of TCP connections to an email service from different hosts
large amounts of traffic sent to a website from different hosts and large number of TCP connections to an email service from different hosts
Match the IPsec component with its category.
confidentiality
authentication
key management
data integrity
Options: IKE, ECDSA, AES and SHA-2
Confidentiality → AES (used to encrypt data)
Authentication → ECDSA (used for verifying identity)
Key management → IKE (Internet Key Exchange, manages keys)
Data integrity → SHA-2 (hashing algorithm to ensure data hasn’t been altered)
Assume that you are traveling and are connected to a public wireless network. Your company uses multiple tunneling policies for a VPN session. To ensure that your internet traffic and traffic when accessing internal resources remains confidential, which policy must you use?
SSL-tunneling
split-tunneling
TLS-tunneling
full-tunneling
full-tunneling
In a WLAN, a common key can be used for which three things? (Choose three.)
authentication only
authorization only
accounting only
authentication and encryption
encryption only
authentication and encryption and encryption only
Which statement is correct regarding how ESP modes protect an IP packet?
In the transport mode, security is provided only for the transport layer and below.
In the tunnel mode, security is provided for the complete original IP packet.
In the tunnel mode, security is provided only for the transport layer and above.
In the transport mode, security is provided for the entire IP packet.
In the tunnel mode, security is provided for the complete original IP packet.
Which WPA3 feature uses 802.1X for authentication?
Open Networks
WPA3-Enterprise
IoT secure onboarding (DPP)
WPA3-Personal
WPA3-Enterprise
A network administrator is writing a standard IPv4 ACL that will deny traffic from the 172.16.0.0/16 network and permit all other traffic. Which two commands should be used? (Choose two.)
Router(config)# access-list 95 deny any
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
Router(config)# access-list 95 permit any
Router(config)# access-list 95 deny host 172.16.0.0
Router(config)# access-list 95 deny 172.16.0.0 255.255.255.255
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 and Router(config)# access-list 95 permit any
Which three ACL statements are written correctly? (Choose three.)
Router(config-ext-nacl)#10 permit tcp host 192.168.1.1 host 209.165.201.1 eq 22
Router(config-ext-nacl)# deny ip any any host 209.165.201.0 eq 10
Router(config-ext-nacl)# permit icmp any host 200.165.201.1
Router(config-ext-nacl)# deny tcp host 209.165.201.0 host 192.168.1.1 eq 22
Router(config-ext-nacl)# deny tcp any host 201.165.201.0 0.0.0.31 host 192.168.1.1 eq 22
Router(config-ext-nacl)# permit udp host any eq dns
Router(config-ext-nacl)# 10 permit tcp host 192.168.1.1 host 209.165.201.1 eq 22, Router(config-ext-nacl)# permit icmp any host 200.165.201.1 and Router(config-ext-nacl)# deny tcp any host 201.165.201.0 0.0.0.31 host 192.168.1.1 eq 22
Which two options represent man-in-the-middle attacks? (Choose two.)
DDoS
phishing
DHCP spoofing
brute force password attack
impersonating public Wi-Fi network, while redirecting connected users to internet
DHCP spoofing and impersonating public Wi-Fi network, while redirecting connected users to internet
You have detected that there is a rogue DHCP server in the local area network that replies to client DHCP requests before they reach the authentic DHCP server in the company. Which two options describe this type of attack? (Choose two.)
DHCP DoS attack
DHCP spoofing attack
DHCP authentication attack
IP address spoofing
application/service spoofing
DHCP spoofing attack and DHCP DoS attack
The anti-malware software in your company has discovered malicious software that replicated itself on several computers with functional copies that can cause the same type of damage. Which two malware types can compromise other systems? (Choose two.)
worm
virus
trojan horse
APT
ARP
Worm and viruss
Which two security measures can help block password brute force attacks? (Choose two.)
Use multiple authentication servers.
Implement account lockout after a number of bad guesses.
Specify a minimum length of a password, such as 8 to 12 characters.
Specify a maximum length of a password, such as 8 to 12 characters.
Implement password complexity, such as all upper case characters in the password.
Implement account lockout after a number of bad guesses and Specify a minimum length of a password, such as 8 to 12 characters
How does Unicast Reverse Path Forwarding help with DoS and DDoS attacks mitigation?
by distributing the footprint of DDoS attacks
by verifying the “reachability” of the source address in packets being forwarded
by monitoring connection states and maintaining a state table
by monitoring interface packet counters
by verifying the “reachability” of the source address in packets being forwarded
