Modules 24 - 25: Protocols and Log Files Group Exam

1. Question

1 points

Which ICMP message type should be stopped inbound?

source quench
echo-reply
echo
unreachable

2. Question

1 points

How can IMAP be a security threat to a company?

Someone inadvertently clicks on a hidden iFrame.
Encrypted data is decrypted.
An email can be used to bring malware to a host.
It can be used to encode stolen data and send to a threat actor.

3. Question

1 points

Which two technologies are primarily used on peer-to-peer networks? (Choose two.)

Bitcoin
BitTorrent
Wireshark
Darknet
Snort

4. Question

1 points

Which protocol is exploited by cybercriminals who create malicious iFrames?

HTTP
ARP
DHCP
DNS

5. Question

1 points

Which method is used by some malware to transfer files from infected hosts to a threat actor host?

UDP infiltration
ICMP tunneling
HTTPS traffic encryption
iFrame injection

6. Question

1 points

Why does HTTPS technology add complexity to network security monitoring?

HTTPS dynamically changes the port number on the web server.
HTTPS uses tunneling technology for confidentiality.
HTTPS hides the true source IP address using NAT/PAT.
HTTPS conceals data traffic through end-to-end encryption.

7. Question

1 points

Which approach is intended to prevent exploits that target syslog?

Use a Linux-based server.
Use syslog-ng.
Create an ACL that permits only TCP traffic to the syslog server.
Use a VPN between a syslog client and the syslog server.

8. Question

1 points

Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?

phishing
denial of service
reconnaissance
social engineering

9. Question

1 points

Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)

HTTP
HTTPS
DNS
DHCP
HTML

10. Question

1 points

What is Tor?

a rule created in order to match a signature of a known exploit
a software platform and network of P2P hosts that function as Internet routers
a way to share processors between network devices across the Internet
a type of Instant Messaging (IM) software used on the darknet

11. Question

1 points

Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?

IMAP
DNS
HTTPS
ICMP

12. Question

1 points

Which technique is necessary to ensure a private transfer of data using a VPN?

authorization
scalability
encryption
virtualization

13. Question

1 points

Which technology would be used to create the server logs generated by network devices and reviewed by an entry level network person who works the night shift at a data center?

syslog
NAT
ACL
VPN

14. Question

1 points

Which function is provided by the Sguil application?

It reports conversations between hosts on the network.
It makes Snort-generated alerts readable and searchable.
It detects potential network intrusions.
It prevents malware from attacking a host.

15. Question

1 points

Which statement describes a Cisco Web Security Appliance (WSA)?

It protects a web server by preventing security threats from accessing the server.
It provides high performance web services.
It acts as an SSL-based VPN server for an enterprise.
It functions as a web proxy.

16. Question

1 points

Which statement describes session data in security logs?

It can be used to describe or predict network behavior.
It shows the result of network sessions.
It is a record of a conversation between network hosts.
It reports detailed network activities between network hosts.

17. Question

1 points

Which two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data? (Choose two.)

NBAD
Sguil
NetFlow
IPFIX
Snorby
NBA

18. Question

1 points

How does a web proxy device provide data loss prevention (DLP) for an enterprise?

by functioning as a firewall
by inspecting incoming traffic for potential exploits
by scanning and logging outgoing traffic
by checking the reputation of external web servers

19. Question

1 points

Which information can be provided by the Cisco NetFlow utility?

security and user account restrictions
IDS and IPS capabilities
peak usage times and traffic routing
source and destination UDP port mapping

20. Question

1 points

Which statement describes statistical data in network security monitoring processes?

It is created through an analysis of other forms of network data.
It contains conversations between network hosts.
It shows the results of network activities between network hosts.
It lists each alert message along with statistical information.

21. Question

1 points

Match the SIEM function with the description.

22. Question

1 points

Which two tools have a GUI interface and can be used to view and analyze full packet captures? (Choose two.)

nfdump
Wireshark
Cisco Prime Network Analysis Module
tcpdump
Splunk

23. Question

1 points

Which Windows log contains information about installations of software, including Windows updates?

system logs
application logs
setup logs
security logs

24. Question

1 points

Match the Windows host log to the messages contained in it. (Not all options are used.)

25. Question

1 points

Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?

WSA
AVC
ASA
ESA

26. Question

1 points

Which technique would a threat actor use to disguise traces of an ongoing exploit?

Create an invisible iFrame on a web page.
Corrupt time information by attacking the NTP infrastructure.
Encapsulate other protocols within DNS to evade security measures.
Use SSL to encapsulate malware.

27. Question

1 points

A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?

Delete the file because it is probably malware.
Move it to Program Files (x86) because it is a 32bit application.
Uninstall the lsass application because it is a legacy application and no longer required by Windows.
Open the Task Manager, right-click on the lsass process and choose End Task .

28. Question

1 points

Refer to the exhibit. A network administrator is viewing some output on the Netflow collector. What can be determined from the output of the traffic flow shown? Modules 24 - 25: Protocols and Log Files Group Exam (Answers) 3

Modules 24 - 25: Protocols and Log Files Group Exam (Answers) 3

This is a UDP DNS request to a DNS server.
This is a UDP DNS response to a client machine.
This is a TCP DNS request to a DNS server.
This is a TCP DNS response to a client machine.

29. Question

1 points

In a Cisco AVC system, in which module is NetFlow deployed?

Management and Reporting
Control
Application Recognition
Metrics Collection

30. Question

1 points

What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?

There is a problem associated with NTP.
The timestamp represents the round trip duration value.
The syslog message should be treated with high priority.
The syslog message indicates the time an email is received.

Modules 24 – 25: Protocols and Log Files Group Exam – Test online

Quiz-summary

Information

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

Average score
Your score