1. Which monitoring technology mirrors traffic flowing through a switch to an analysis device connected to another switch port?
- NetFlow
- SNMP
- SIEM
- SPAN
2. Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
- NetFlow
- network tap
- SNMP
- IDS
3. What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts?
- reconnaissance attack
- DHCP spoofing
- DHCP snooping
- DHCP starvation
4. Which language is used to query a relational database?
- Python
- C++
- Java
- SQL
5. Which network monitoring technology collects IP operational data on packets flowing through Cisco routers and multilayer switches?
- Wireshark
- NetFlow
- SNMP
- SIEM
6. In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?
- DoS
- MITM
- session hijacking
- address spoofing
7. Which network monitoring tool saves captured network frames in PCAP files?
- Wireshark
- SNMP
- NetFlow
- SIEM
8. Which term is used to describe legitimate traffic that is mistaken for unauthorized traffic by firewalls and IPSs?
- false positive
- true positive
- false negative
- true negative
9. Which network monitoring tool is in the category of network protocol analyzers?
- SNMP
- SPAN
- Wireshark
- SIEM
10. Which technology is a proprietary SIEM system?
- StealthWatch
- SNMP agent
- NetFlow collector
- Splunk
11. A DNS tunnel attack is used to build botnets to bypass traditional security solutions.
12. Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?
- aggregation
- correlation
- forensic analysis
- retention
13. Which of the following offers a free service called Automated Indicator that enables the real-time exchange of cyberthreat indicators?
- Department of Homeland Security
14. Refer to the exhibit. The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
- remote access
15. Passwords, passphrases, and PINs are examples of which security term?
- authentication
16. Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
- Accounting
17. What is a characteristic of a layered defense-in-depth security approach?
- One safeguard failure does not affect the effectiveness of other safeguards.
18. Fill in the blank.
The acronym BYOD is about end users having the freedom to use their personal devices (laptops, tablets, smartphones) to access information and communicate across the corporate network.
19. During the AAA process, when will authorization be implemented?
- immediately after successful authentication against an AAA data source
20. With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
- artichoke
21. Fill in the blank.
The principle of least privilege specifies a limited, as-needed approach to granting users the minimum amount of access required to perform work.
22. Which type of business policy establishes the rules of conduct and the responsibilities of employees and employers?
- Company
23. What are two characteristics of the RADIUS protocol? (Choose two.)
- the use of UDP ports for authentication and accounting encryption of the password only
24. Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
- authorization
25. Fill in the blank.
A/An asset is anything within IT that is of value that needs protection including information, and infrastructure devices such as servers, routers, access points, switches, and firewalls.
26. What is privilege escalation?
- Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have.