Endpoint Security (ESec) Final Exam Answers (Course Final Exam)
1. Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.)
- ping cisco.com
- net cisco.com
- ipconfig /flushdns
- nslookup cisco.com
- nbtstat cisco.com
2. A technician notices that an application is not responding to commands and that the computer seems to respond slowly when applications are opened. What is the best administrative tool to force the release of system resources from the unresponsive application?
- Event Viewer
- Add or Remove Programs
- System Restore
- Task Manager
3. What is required in order to connect a Wi-Fi enabled laptop to a WPA secured wireless network?
- a MAC address
- a username and password
- a security encryption key
- an updated wireless driver
4. Why would an attacker want to spoof a MAC address?
- so that the attacker can launch another type of attack in order to gain access to the switch
- so that the attacker can capture traffic from multiple VLANs rather than from just the VLAN that is assigned to the port to which the attacker device is attached
- so that a switch on the LAN will start forwarding frames to the attacker instead of to the legitimate host
- so that a switch on the LAN will start forwarding all frames toward the device that is under control of the attacker (that can then capture the LAN traffic)
5. What is a wireless security mode that requires a RADIUS server to authenticate wireless users?
- shared key
6. What are three functions provided by the syslog service? (Choose three.)
- to select the type of logging information that is captured
- to provide traffic analysis
- to specify the destinations of captured messages
- to provide statistics on packets that are flowing through a Cisco device
- to gather logging information for monitoring and troubleshooting
- to periodically poll agents for data
7. A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate?
- denial of service
- information theft
8. A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem?
- Set the application registry key value to one.
- Use the Add or Remove Programs utility to set program access and defaults.
- Change the startup type for the utility to Automatic in Services.
- Uninstall the program and then choose Add New Programs in the Add or Remove Programs utility to install the application.
9. What is the motivation of a white hat attacker?
- discovering weaknesses of networks and systems to improve the security level of these systems
- studying operating systems of various platforms to develop a new system
- fine tuning network devices to improve their performance and efficiency
- taking advantage of any vulnerability for illegal personal gain
10. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
- cyber criminals
- state-sponsored hackers
- script kiddies
- vulnerability brokers
11. What are two shared characteristics of the IDS and the IPS? (Choose two.)
- Both have minimal impact on network performance.
- Both analyze copies of network traffic.
- Both are deployed as sensors.
- Both rely on an additional network device to respond to malicious traffic.
- Both use signatures to detect malicious traffic.
12. An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
- RF jamming
13. An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
14. A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done?
- Turn off the firewall.
- Remove unnecessary programs and services.
- Disconnect the computer from the network.
- Give the computer a nonroutable address.
- Install a hardware firewall.
- Remove the administrator account.
15. Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?
- wired networks
- virtual networks
- wireless networks
- sneaker net
16. What are two types of attacks used on DNS open resolvers? (Choose two.)
- ARP poisoning
- resource utilization
- amplification and reflection
- fast flux
17. What would be the target of an SQL injection attack?
18. A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?
- Implement a VLAN.
- Implement intrusion detection systems.
- Implement RAID.
- Implement a firewall.
19. Match the network service with the description.
20. Which method can be used to harden a device?
- allow USB auto-detection
- use SSH and disable the root account access over SSH
- allow default services to remain enabled
- maintain use of the same passwords
21. Which user can override file permissions on a Linux computer?
- root user
- any user that has ‘group’ permission to the file
- only the creator of the file
- any user that has ‘other’ permission to the file
22. Which wireless parameter is used by an access point to broadcast frames that include the SSID?
- passive mode
- channel setting
- active mode
- security mode
23. What is the outcome when a Linux administrator enters the man man command?
- The man man command provides documentation about the man command
- The man man command provides a list of commands available at the current prompt
- The man man command opens the most recent log file
- The man man command configures the network interface with a manual address
24. Which technique could be used by security personnel to analyze a suspicious file in a safe environment?
25. What are three benefits of using symbolic links over hard links in Linux? (Choose three.)
- Symbolic links can be exported.
- They can be compressed.
- They can link to a file in a different file system.
- They can link to a directory.
- They can be encrypted.
- They can show the location of the original file.
26. Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?
- traffic class
- flow label
- next header
27. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
28. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?
- website filtering and blacklisting
- threat intelligence
- network admission control
- network profiling
29. After host A receives a web page from server B, host A terminates the connection with server B. Match each option to its correct step in the normal termination proccess for a TCP connection.
30. A flood of packets with invalid source IP addresses requests a connection on the network. The server busily tries to respond, resulting in valid requests being ignored. What type of attack has occurred?
- TCP session hijacking
- TCP reset
- TCP SYN flood
- UDP flood
31. Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?
- Windows Defender
- Local Security Policy
- Windows Firewall
32. Match the correct sequence of steps typically taken by a threat actor carrying out a domain shadowing attack.
33. What is a feature of distributed firewalls?
- They combine the feature of host-based firewalls with centralized management.
- They all use an open sharing standard platform.
- They use only TCP wrappers to configure rule-based access control and logging systems.
- They use only iptables to configure network rules.
34. What does the telemetry function provide in host-based security software?
- It updates the heuristic antivirus signature database.
- It enables host-based security programs to have comprehensive logging functions.
- It blocks the passage of zero-day attacks.
- It enables updates of malware signatures.
35. What is an attack vector as it relates to network security?
- a path by which a threat actor can gain access to an internal network device
- a defense-in-depth approach to security
- a particular section of a network design where security is applied
- a method of reverse engineering binary files
36. What occurs when a rogue access point is added to a WLAN?
- Authorized access points can transmit excess traffic to rogue access points to help alleviate congestion.
- Unauthorized users can gain access to internal servers, thus causing a security hole.
- All traffic that uses the same channel as the rogue access point will be encrypted.
- All traffic that uses the same channel as the rogue access point will be required to authenticate.