Endpoint Security (ESec)

Prévia do material em texto

Endpoint Security (ESec)
https://itexamanswers.net/?s=Endpoint+Security
1. The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?
It is a DDoS attack.
It is an impersonation attack.
It is a hoax.*
It is a piggy-back attack.
Explanation: Social engineering uses several different tactics to gain information from victims.
2. What type of attack targets an SQL database using the input field of a user?
XML injection
buffer overflow
Cross-site scripting
SQL injection*
3. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches?
SQL injection
packet Injection
man-in-the-middle
DoS*
4. What three best practices can help defend against social engineering attacks? (Choose three.)
Resist the urge to click on enticing web links.*
Add more security guards.
Deploy well-designed firewall appliances.
Educate employees regarding policies.*
Enable a policy that states that the IT department should supply information over the phone only to managers.
Do not provide password resets in a chat window.*
5. Match the type of cyberattackers to the description.
Explanation: Place the options in the following order:
Hacktivists			Make political statements in order to create an awareness of issues that 					are important to them
Vulnerability brokers		discover exploits and report them to vendors
State-sponsored attackers	Gather intelligence or commit sabotage on specific goals on behalf of 					their government
6. What is the first line of defense to protect a device from improper access control?
end user license agreement (EULA)
encryption
passwords*
shredding
7. A security service company is conducting an audit in several risk areas within a major corporate client. What attack or data loss vector term would be used to describe providing access to corporate data by gaining access to stolen or weak passwords?
an internal threat
hard copy
improper access control*
unencrypted devices
8. A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term?
The likelihood that a particular threat will exploit a vulnerability of an asset and result in an undesirable consequence.
A weakness in a system or its design that could be exploited by a threat.*
The actions that are taken to protect assets by mitigating a threat or reducing risk.
The potential damage to the organization that is caused by the threat.
9. Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.)
TTL
fragment offset*
version
identification*
protocol
flag*
10. What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?
ICMP redirects*
ICMP unreachable
ICMP echo request
ICMP mask reply
11. Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
version
header checksum*
protocol
destination IPv4 address
12. Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?
man-in-the-middle
spoofing
SYN flooding*
DNS poisoning
13. Match the attack to the definition.
Explanation: Place the options in the following order:
Resource utilization attack	Attacker sends multiple packets that consume server resources
Cache poisoning		Attacker sends falsified information to redirect users to malicious sites
Amplification and reflection	Attacker uses open resolvers to increase the volume of attacks and mask 					the true source of the attack
14. How do cybercriminals make use of a malicious iFrame?
The attacker embeds malicious content in business appropriate files.
The iFrame allows the browser to load a web page from another source.*
The attacker redirects traffic to an incorrect DNS server.
The iFrame allows multiple DNS subdomains to be used.
15. Which risk management plan involves discontinuing an activity that creates a risk?
risk retention
risk avoidance*
risk sharing
risk reduction
16. Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?
Implement encryption for sensitive traffic.*
Implement restrictions on the use of ICMP echo-reply messages.
Implement access lists on the border router.
Implement a firewall at the edge of the network.
17. What are the two methods that a wireless NIC can use to discover an AP? (Choose two.)
sending a multicast frame
initiating a three-way handshake
receiving a broadcast beacon frame*
sending an ARP request broadcast
transmitting a probe request*
18. A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?
the company username and password through Active Directory service
a user passphrase
a username and password configured on the AP
a key that matches the key on the AP*
19. Which combination of WLAN authentication and encryption is recommended as a best practice for home users?
WEP and RC4
WPA and PSK
WPA2 and AES*
EAP and AES
WEP and TKIP
20. A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?
rogue access point*
user laptop
user error
password policy
weak password
21. Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
An administrator can assign interfaces to zones, regardless of whether the zone has been configured.
An administrator can assign an interface to multiple security zones.
By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.
By default, traffic is allowed to flow among interfaces that are members of the same zone.*
22. What is an IPS signature?
It is a security script that is used to detect unknown threats.
It is the timestamp that is applied to logged security events and alarms.
It is a set of rules used to detect typical intrusive activity.*
It is the authorization that is required to implement a security policy.
23. Which statement describes a VPN?
VPNs use open source virtualization software to create the tunnel through the Internet.
VPNs use dedicated physical connections to transfer data between remote users.
VPNs use logical connections to create public networks through the Internet.
VPNs use virtual connections to create a private network through a public network.*
24. What is a function of SNMP?
provides statistical analysis on packets flowing through a Cisco router or multilayer switch
synchronizes the time across all devices on the network
captures packets entering and exiting the network interface card
provides a message format for communication between network device managers and agents*
Endpoint Security (ESec) Module 7 – 10 Group Exam Answers
1. What principle prevents the disclosure of information to unauthorized people, resources, and processes?
confidentiality*
integrity
accounting
availability
nonrepudiation
2. A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.)
Administrators can approve or deny patches.*
Updates can be forced on systems immediately.*
Patches can be chosen by the user.
Computers require a connection to the Internet to receive patches.
Updates cannot be circumvented.*
Patches can be written quickly.
3. What are two advantagesof the NTFS file system compared with FAT32? (Choose two.)
NTFS allows faster access to external peripherals such as a USB drive.
NTFS supports larger files.*
NTFS provides more security features.*
NTFS allows faster formatting of drives.
NTFS is easier to configure.
NTFS allows the automatic detection of bad sectors.
4. What are three access control security services? (Choose three.)
access
availability
accounting*
authentication*
repudiation
authorization*
5. What three tasks are accomplished by a comprehensive security policy? (Choose three.)
is not legally binding
gives security staff the backing of management*
vagueness
defines legal consequences of violations*
useful for management
sets rules for expected behavior*
6. In the Linux shell, which character is used between two commands to instruct the shell to combine and execute these two commands in sequence?
$
#
%
| *
7. A PC user issues the netstat command without any options. What is displayed as the result of this command?
a list of all established active TCP connections*
a local routing table
a historical list of successful pings that have been sent
a network connection and usage report
8. Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
More network applications are created for this environment.
It is easier to use than other operating systems.
The administrator has more control over the operating system.*
It is more secure than other server operating systems.
9. What are three states of data during which data is vulnerable? (Choose three.)
data in-transit*
data decrypted
data in-process*
data encrypted
purged data
stored data*
10. Which two options are window managers for Linux? (Choose two.)
PenTesting
KDE*
File Explorer
Kali
Gnome*
11. What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed?
package manager
rootkit
penetration testing
compiler
12. What is the difference between an HIDS and a firewall?
An HIDS blocks intrusions, whereas a firewall filters them.
An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.*
A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions.
An HIDS works like an IPS, whereas a firewall just monitors traffic.
13. Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file?
ls –l analyst.txt
-rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
read, write, execute*
read only
read, write
write only
14. Match the Linux command to the function. (Not all options are used.)
Explanation: Place the options in the following order:
Displays the name of the current working directory		pwd
Runs a command as another user				sudo
Modifies file permissions					chmod
Shuts down the system					No answer available
Lists the processes that are currently running		ps
15. Which statement describes the term iptables?
It is a file used by a DHCP server to store current active IP addresses.
It is a DHCP application in Windows.
It is a rule-based firewall application in Linux.*
It is a DNS daemon in Linux.
16. On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
Group Policy Editor*
Local Users and Groups
Task Manager
Computer Management
17. Match the network-based anti-malware solution to the function. (Not all options are used.)
Explanation: Place the options in the following order:
Provides filtering of SPAM and potentially malicious emails before they reach the endpoint	Email security appliance
Provides filtering of websites and blacklisting before they reach the endpoint	Web security appliance
Permits only authorized and compliant systems to connect to the network	Network admission control
Provides dynamic IP addresses to authenticated endpoints	No answer available
Provides endpoint protection from viruses and malware	Advanced malware protection
18. Match typical Linux log files to the function.
Explanation: Place the options in the following order:
Used by RedHat and CentOS computers and tracks authentication-related events	/var/log/secure
Contains generic computer activity logs, and is used to store informational and noncritical system messages								/var/log/messages
Stores information related to hardware devices and their drivers	/var/log/dmesg
Used by Debian and Ubuntu computers and stores all authentication-related events												/var/log/auth.log
19. Match the antimalware approach to the description.
Explanation: Place the options in the following order:
Recognizes characteristics of known malware files			signature-based
Recognizes general features shared by types of malware		heuristics-based
Recognizes malware through analysis of suspicious actions	behavior-based
20. A client device has initiated a secure HTTP request to a web browser. Which well-known port address number is associated with the destination address?
80
404
443*
110
21. Which statement describes the Cisco Threat Grid Glovebox?
It is a host-based intrusion detection system (HIDS) solution to fight against malware.
It is a firewall appliance.
It is a sandbox product for analyzing malware behaviors.*
It is a network-based IDS/IPS.
Explanation: Cisco ThreatGrid Glovebox is a sandbox product for analyzing malware behaviors.
22. Why is Kali Linux a popular choice in testing the network security of an organization?
It is a network scanning tool that prioritizes security risks.
It can be used to test weaknesses by using only malicious software.
It is an open source Linux security distribution containing many penetration tools.*
It can be used to intercept and log network traffic.
23. Match the Windows system tool with the description. (Not all options are used.)
Explanation: Place the options in the following order:
Provides virus and spyware protection				No answer available
A hierarchical database of all system and user information		Regristry
Selectively denies traffic on specified interfaces			Windows Firewall
A CLI environment used to run scripts and automate tasks		PowerShell
Maintains system logs						Event Viewer
Provides information on system resources and processes		No answer available
24. What three methods help to ensure system availability? (Choose three.)
system backups*
system resiliency
equipment maintenance*
fire extinguishers
up-to-date operating systems*
integrity checking
Endpoint Security (ESec) Final Exam Answers (Course Final)
1. Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.)
ping cisco.com*
net cisco.com
ipconfig /flushdns
nslookup cisco.com*
nbtstat cisco.com
2. A technician notices that an application is not responding to commands and that the computer seems to respond slowly when applications are opened. What is the best administrative tool to force the release of system resources from the unresponsive application?
Event Viewer
Add or Remove Programs
System Restore
Task Manager*
3. What is required in order to connect a Wi-Fi enabled laptop to a WPA secured wireless network?
a MAC address
a username and password
a security encryption key*
an updated wireless driver
4. Why would an attacker want to spoof a MAC address?
so that the attacker can launch another type of attack in order to gain access to the switch
so that the attacker can capture traffic from multiple VLANs rather than from just the VLAN that is assigned to the port to which the attacker device is attached
so that a switch on the LAN will start forwarding frames to the attacker instead of to the legitimate host*
so that a switch on the LAN will start forwarding all frames toward the device thatis under control of the attacker (that can then capture the LAN traffic)
5. What is a wireless security mode that requires a RADIUS server to authenticate wireless users?
personal
enterprise*
shared key
WEP
6. What are three functions provided by the syslog service? (Choose three.)
to select the type of logging information that is captured*
to provide traffic analysis
to specify the destinations of captured messages*
to provide statistics on packets that are flowing through a Cisco device
to gather logging information for monitoring and troubleshooting*
to periodically poll agents for data
7. A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate?
access
denial of service
reconnaissance*
information theft
8. A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem?
Set the application registry key value to one.
Use the Add or Remove Programs utility to set program access and defaults.
Change the startup type for the utility to Automatic in Services.*
Uninstall the program and then choose Add New Programs in the Add or Remove Programs utility to install the application.
9. What is the motivation of a white hat attacker?
discovering weaknesses of networks and systems to improve the security level of these systems*
studying operating systems of various platforms to develop a new system
fine tuning network devices to improve their performance and efficiency
taking advantage of any vulnerability for illegal personal gain
10. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
hacktivists*
cyber criminals
state-sponsored hackers
script kiddies
vulnerability brokers*
11. What are two shared characteristics of the IDS and the IPS? (Choose two.)
Both have minimal impact on network performance.
Both analyze copies of network traffic.
Both are deployed as sensors.*
Both rely on an additional network device to respond to malicious traffic.
Both use signatures to detect malicious traffic.*
12. An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
bluejacking
RF jamming
bluesnarfing*
smishing
13. An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
SHS
VLANS
RAID
VPN*
14. A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done?
Turn off the firewall.
Remove unnecessary programs and services.*
Disconnect the computer from the network.
Give the computer a nonroutable address.
Install a hardware firewall.
Remove the administrator account.
15. Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?
wired networks
virtual networks
wireless networks*
sneaker net
16. What are two types of attacks used on DNS open resolvers? (Choose two.)
ARP poisoning
resource utilization*
cushioning
amplification and reflection*
fast flux
17. What would be the target of an SQL injection attack?
database*
email
DHCP
DNS
18. A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?
Implement a VLAN.
Implement intrusion detection systems.
Implement RAID.
Implement a firewall.*
19. Match the network service with the description.
Explanation: Place the options in the following order:
Notifies the administrator with detailed system messages			Syslog
Provides statistics on IP packets flowing through network devices		NetFlow
Synchronizes the time across all devices on the network			NTP
Allows administrators to manage network nodes				SNMP
20. Which method can be used to harden a device?
allow USB auto-detection
use SSH and disable the root account access over SSH*
allow default services to remain enabled
maintain use of the same passwords
21. Which user can override file permissions on a Linux computer?
root user*
any user that has ‘group’ permission to the file
only the creator of the file
any user that has ‘other’ permission to the file
22. Which wireless parameter is used by an access point to broadcast frames that include the SSID?
passive mode*
channel setting
active mode
security mode
23. What is the outcome when a Linux administrator enters the man man command?
The man man command provides documentation about the man command*
The man man command provides a list of commands available at the current prompt
The man man command opens the most recent log file
The man man command configures the network interface with a manual address
24. Which technique could be used by security personnel to analyze a suspicious file in a safe environment?
whitelisting
baselining
blacklisting
sandboxing*
25. What are three benefits of using symbolic links over hard links in Linux? (Choose three.)
Symbolic links can be exported.
They can be compressed.
They can link to a file in a different file system.*
They can link to a directory.*
They can be encrypted.
They can show the location of the original file.*
26. Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?
traffic class
version
flow label
next header*
27. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
phishing*
backdoor
Trojan
vishing
28. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?
website filtering and blacklisting
threat intelligence*
network admission control
network profiling
29. After host A receives a web page from server B, host A terminates the connection with server B. Match each option to its correct step in the normal termination proccess for a TCP connection.
Explanation: Place the options in the following order:
Host A sends FIN to Server B	Step 1
Server B sends ACK to Host A	Step 2
Server B sends FIN to Host A	Step 3
Host A sends ACK to Server B	Step 4
30. A flood of packets with invalid source IP addresses requests a connection on the network. The server busily tries to respond, resulting in valid requests being ignored. What type of attack has occurred?
TCP session hijacking
TCP reset
TCP SYN flood*
UDP flood
31. Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?
Windows Defender
Local Security Policy*
Windows Firewall
PowerShell
32. Match the correct sequence of steps typically taken by a threat actor carrying out a domain shadowing attack.
Explanation: Place the options in the following order:
The website is compromised.			Step 1
HTTP 302 cushioning is used.		Step 2
Domain shadowing is used.			Step 3
An exploit kit landing page is created.	Step 4
Malware is spread through its payload.	Step 5
33. What is a feature of distributed firewalls?
They combine the feature of host-based firewalls with centralized management.*
They all use an open sharing standard platform.
They use only TCP wrappers to configure rule-based access control and logging systems.
They use only iptables to configure network rules.
34. What does the telemetry function provide in host-based security software?
It updates the heuristic antivirus signature database.
It enables host-based security programs to have comprehensive logging functions.*
It blocks the passage of zero-day attacks.
It enables updates of malware signatures.
35. What is an attack vector as it relates to network security?a path by which a threat actor can gain access to an internal network device*
a defense-in-depth approach to security
a particular section of a network design where security is applied
a method of reverse engineering binary files