Q1. Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS
Answer: D
Q2. Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple
B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP addresses
E. Identify the malware variant carried by ^n SMTP connection
Answer: B,E
Q3. Which definition of a fork in Linux is true?
A. daemon to execute scheduled commands
B. parent directory name of a file pathname
C. macros for manipulating CPU sets
D. new process created by a parent process
Answer: C
Q4. Which definition of the IIS Log Parser tool is true?
A. a logging module for IIS that allows you to log to a database
B. a data source control to connect to your data source
C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
D. a powerful versatile tool that verifies the integrity of the log files
Answer: A
Q5. Where is a host-based intrusion detection system located?
A. on a particular end-point as an agent or a desktop application
B. on a dedicated proxy server monitoring egress traffic
C. on a span switch port
D. on a tap switch port
Answer: D
Q6. Which option is a purpose of port scanning?
A. Identify the Internet Protocol of the target system.
B. Determine if the network is up or down
C. Identify which ports and services are open on the target host.
D. Identify legitimate users of a system.
Answer: A
Q7. Which encryption algorithm is the strongest?
A. AES
B. CES
C. DES
D. 3DES
Answer: A
Q8. DRAG DROP
Drag the technology on the left to the data type the technology provides on the right.
Answer:
Explanation: Tcpdump = transaction data netflow = session data
Traditional stateful firwall = connection event Web content filtering = full packet capture
Q9. Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log
Answer: A
Q10. For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
Answer: D