Page: 1
/ 13
Total 192 questions
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
What is the impact of this traffic?
- A. ransomware communicating after infection
- B. users downloading copyrighted content
- C. data exfiltration
- D. user circumvention of the firewall
Answer : D
What is an example of social engineering attacks?
- A. receiving an unexpected email from an unknown person with an attachment from someone in the same company
- B. receiving an email from human resources requesting a visit to their secure website to update contact information
- C. sending a verbal request to an administrator who knows how to change an account password
- D. receiving an invitation to the departmentג€™s weekly WebEx meeting
Answer : B
Refer to the exhibit. What is occurring in this network?
- A. ARP cache poisoning
- B. DNS cache poisoning
- C. MAC address table overflow
- D. MAC flooding attack
Answer : A
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
- A. syslog messages
- B. full packet capture
- C. NetFlow
- D. firewall event logs
Answer : C
Which action prevents buffer overflow attacks?
- A. variable randomization
- B. using web based applications
- C. input validation
- D. using a Linux operating system
Answer : C
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
- A. known-plaintext
- B. replay
- C. dictionary
- D. man-in-the-middle
Answer : D
Refer to the exhibit. What should be interpreted from this packet capture?
- A. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
- B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
- C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
- D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.
Answer : B
What are the two characteristics of the full packet captures? (Choose two.)
- A. Identifying network loops and collision domains.
- B. Troubleshooting the cause of security and performance issues.
- C. Reassembling fragmented traffic from raw data.
- D. Detecting common hardware faults and identify faulty assets.
- E. Providing a historical record of a network transaction.
Answer : CE
Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
- A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
- B. The file has an embedded non-Windows executable but no suspicious features are identified.
- C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
- D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
Answer : C
DRAG DROP -
Drag and drop the technology on the left onto the data type the technology provides on the right.
Select and Place:
Answer :
Refer to the exhibit. What is occurring in this network traffic?
- A. High rate of SYN packets being sent from a multiple source towards a single destination IP.
- B. High rate of ACK packets being sent from a single source IP towards multiple destination IPs.
- C. Flood of ACK packets coming from a single source IP to multiple destination IPs.
- D. Flood of SYN packets coming from a single source IP to a single destination IP.
Answer : D
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow. Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)
- A. management and reporting
- B. traffic filtering
- C. adaptive AVC
- D. metrics collection and exporting
- E. application recognition
Answer : DE
Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?
- A. Hypertext Transfer Protocol
- B. SSL Certificate
- C. Tunneling
- D. VPN
Answer : B
An engineer is investigating a case of the unauthorized usage of the ג€Tcpdumpג€ tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
- A. tagged protocols being used on the network
- B. all firewall alerts and resulting mitigations
- C. tagged ports being used on the network
- D. all information and data within the datagram
Answer : A