Baixe o app para aproveitar ainda mais
Prévia do material em texto
Endpoint Security (ESec) https://itexamanswers.net/?s=Endpoint+Security 1. The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? It is a DDoS attack. It is an impersonation attack. It is a hoax.* It is a piggy-back attack. Explanation: Social engineering uses several different tactics to gain information from victims. 2. What type of attack targets an SQL database using the input field of a user? XML injection buffer overflow Cross-site scripting SQL injection* 3. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches? SQL injection packet Injection man-in-the-middle DoS* 4. What three best practices can help defend against social engineering attacks? (Choose three.) Resist the urge to click on enticing web links.* Add more security guards. Deploy well-designed firewall appliances. Educate employees regarding policies.* Enable a policy that states that the IT department should supply information over the phone only to managers. Do not provide password resets in a chat window.* 5. Match the type of cyberattackers to the description. Explanation: Place the options in the following order: Hacktivists Make political statements in order to create an awareness of issues that are important to them Vulnerability brokers discover exploits and report them to vendors State-sponsored attackers Gather intelligence or commit sabotage on specific goals on behalf of their government 6. What is the first line of defense to protect a device from improper access control? end user license agreement (EULA) encryption passwords* shredding 7. A security service company is conducting an audit in several risk areas within a major corporate client. What attack or data loss vector term would be used to describe providing access to corporate data by gaining access to stolen or weak passwords? an internal threat hard copy improper access control* unencrypted devices 8. A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term? The likelihood that a particular threat will exploit a vulnerability of an asset and result in an undesirable consequence. A weakness in a system or its design that could be exploited by a threat.* The actions that are taken to protect assets by mitigating a threat or reducing risk. The potential damage to the organization that is caused by the threat. 9. Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.) TTL fragment offset* version identification* protocol flag* 10. What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack? ICMP redirects* ICMP unreachable ICMP echo request ICMP mask reply 11. Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header? version header checksum* protocol destination IPv4 address 12. Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device? man-in-the-middle spoofing SYN flooding* DNS poisoning 13. Match the attack to the definition. Explanation: Place the options in the following order: Resource utilization attack Attacker sends multiple packets that consume server resources Cache poisoning Attacker sends falsified information to redirect users to malicious sites Amplification and reflection Attacker uses open resolvers to increase the volume of attacks and mask the true source of the attack 14. How do cybercriminals make use of a malicious iFrame? The attacker embeds malicious content in business appropriate files. The iFrame allows the browser to load a web page from another source.* The attacker redirects traffic to an incorrect DNS server. The iFrame allows multiple DNS subdomains to be used. 15. Which risk management plan involves discontinuing an activity that creates a risk? risk retention risk avoidance* risk sharing risk reduction 16. Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network? Implement encryption for sensitive traffic.* Implement restrictions on the use of ICMP echo-reply messages. Implement access lists on the border router. Implement a firewall at the edge of the network. 17. What are the two methods that a wireless NIC can use to discover an AP? (Choose two.) sending a multicast frame initiating a three-way handshake receiving a broadcast beacon frame* sending an ARP request broadcast transmitting a probe request* 18. A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN? the company username and password through Active Directory service a user passphrase a username and password configured on the AP a key that matches the key on the AP* 19. Which combination of WLAN authentication and encryption is recommended as a best practice for home users? WEP and RC4 WPA and PSK WPA2 and AES* EAP and AES WEP and TKIP 20. A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation? rogue access point* user laptop user error password policy weak password 21. Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration? An administrator can assign interfaces to zones, regardless of whether the zone has been configured. An administrator can assign an interface to multiple security zones. By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member. By default, traffic is allowed to flow among interfaces that are members of the same zone.* 22. What is an IPS signature? It is a security script that is used to detect unknown threats. It is the timestamp that is applied to logged security events and alarms. It is a set of rules used to detect typical intrusive activity.* It is the authorization that is required to implement a security policy. 23. Which statement describes a VPN? VPNs use open source virtualization software to create the tunnel through the Internet. VPNs use dedicated physical connections to transfer data between remote users. VPNs use logical connections to create public networks through the Internet. VPNs use virtual connections to create a private network through a public network.* 24. What is a function of SNMP? provides statistical analysis on packets flowing through a Cisco router or multilayer switch synchronizes the time across all devices on the network captures packets entering and exiting the network interface card provides a message format for communication between network device managers and agents* Endpoint Security (ESec) Module 7 – 10 Group Exam Answers 1. What principle prevents the disclosure of information to unauthorized people, resources, and processes? confidentiality* integrity accounting availability nonrepudiation 2. A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.) Administrators can approve or deny patches.* Updates can be forced on systems immediately.* Patches can be chosen by the user. Computers require a connection to the Internet to receive patches. Updates cannot be circumvented.* Patches can be written quickly. 3. What are two advantagesof the NTFS file system compared with FAT32? (Choose two.) NTFS allows faster access to external peripherals such as a USB drive. NTFS supports larger files.* NTFS provides more security features.* NTFS allows faster formatting of drives. NTFS is easier to configure. NTFS allows the automatic detection of bad sectors. 4. What are three access control security services? (Choose three.) access availability accounting* authentication* repudiation authorization* 5. What three tasks are accomplished by a comprehensive security policy? (Choose three.) is not legally binding gives security staff the backing of management* vagueness defines legal consequences of violations* useful for management sets rules for expected behavior* 6. In the Linux shell, which character is used between two commands to instruct the shell to combine and execute these two commands in sequence? $ # % | * 7. A PC user issues the netstat command without any options. What is displayed as the result of this command? a list of all established active TCP connections* a local routing table a historical list of successful pings that have been sent a network connection and usage report 8. Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)? More network applications are created for this environment. It is easier to use than other operating systems. The administrator has more control over the operating system.* It is more secure than other server operating systems. 9. What are three states of data during which data is vulnerable? (Choose three.) data in-transit* data decrypted data in-process* data encrypted purged data stored data* 10. Which two options are window managers for Linux? (Choose two.) PenTesting KDE* File Explorer Kali Gnome* 11. What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed? package manager rootkit penetration testing compiler 12. What is the difference between an HIDS and a firewall? An HIDS blocks intrusions, whereas a firewall filters them. An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.* A firewall allows and denies traffic based on rules and an HIDS monitors network traffic. A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions. An HIDS works like an IPS, whereas a firewall just monitors traffic. 13. Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file? ls –l analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt read, write, execute* read only read, write write only 14. Match the Linux command to the function. (Not all options are used.) Explanation: Place the options in the following order: Displays the name of the current working directory pwd Runs a command as another user sudo Modifies file permissions chmod Shuts down the system No answer available Lists the processes that are currently running ps 15. Which statement describes the term iptables? It is a file used by a DHCP server to store current active IP addresses. It is a DHCP application in Windows. It is a rule-based firewall application in Linux.* It is a DNS daemon in Linux. 16. On a Windows host, which tool can be used to create and maintain blacklists and whitelists? Group Policy Editor* Local Users and Groups Task Manager Computer Management 17. Match the network-based anti-malware solution to the function. (Not all options are used.) Explanation: Place the options in the following order: Provides filtering of SPAM and potentially malicious emails before they reach the endpoint Email security appliance Provides filtering of websites and blacklisting before they reach the endpoint Web security appliance Permits only authorized and compliant systems to connect to the network Network admission control Provides dynamic IP addresses to authenticated endpoints No answer available Provides endpoint protection from viruses and malware Advanced malware protection 18. Match typical Linux log files to the function. Explanation: Place the options in the following order: Used by RedHat and CentOS computers and tracks authentication-related events /var/log/secure Contains generic computer activity logs, and is used to store informational and noncritical system messages /var/log/messages Stores information related to hardware devices and their drivers /var/log/dmesg Used by Debian and Ubuntu computers and stores all authentication-related events /var/log/auth.log 19. Match the antimalware approach to the description. Explanation: Place the options in the following order: Recognizes characteristics of known malware files signature-based Recognizes general features shared by types of malware heuristics-based Recognizes malware through analysis of suspicious actions behavior-based 20. A client device has initiated a secure HTTP request to a web browser. Which well-known port address number is associated with the destination address? 80 404 443* 110 21. Which statement describes the Cisco Threat Grid Glovebox? It is a host-based intrusion detection system (HIDS) solution to fight against malware. It is a firewall appliance. It is a sandbox product for analyzing malware behaviors.* It is a network-based IDS/IPS. Explanation: Cisco ThreatGrid Glovebox is a sandbox product for analyzing malware behaviors. 22. Why is Kali Linux a popular choice in testing the network security of an organization? It is a network scanning tool that prioritizes security risks. It can be used to test weaknesses by using only malicious software. It is an open source Linux security distribution containing many penetration tools.* It can be used to intercept and log network traffic. 23. Match the Windows system tool with the description. (Not all options are used.) Explanation: Place the options in the following order: Provides virus and spyware protection No answer available A hierarchical database of all system and user information Regristry Selectively denies traffic on specified interfaces Windows Firewall A CLI environment used to run scripts and automate tasks PowerShell Maintains system logs Event Viewer Provides information on system resources and processes No answer available 24. What three methods help to ensure system availability? (Choose three.) system backups* system resiliency equipment maintenance* fire extinguishers up-to-date operating systems* integrity checking Endpoint Security (ESec) Final Exam Answers (Course Final) 1. Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.) ping cisco.com* net cisco.com ipconfig /flushdns nslookup cisco.com* nbtstat cisco.com 2. A technician notices that an application is not responding to commands and that the computer seems to respond slowly when applications are opened. What is the best administrative tool to force the release of system resources from the unresponsive application? Event Viewer Add or Remove Programs System Restore Task Manager* 3. What is required in order to connect a Wi-Fi enabled laptop to a WPA secured wireless network? a MAC address a username and password a security encryption key* an updated wireless driver 4. Why would an attacker want to spoof a MAC address? so that the attacker can launch another type of attack in order to gain access to the switch so that the attacker can capture traffic from multiple VLANs rather than from just the VLAN that is assigned to the port to which the attacker device is attached so that a switch on the LAN will start forwarding frames to the attacker instead of to the legitimate host* so that a switch on the LAN will start forwarding all frames toward the device thatis under control of the attacker (that can then capture the LAN traffic) 5. What is a wireless security mode that requires a RADIUS server to authenticate wireless users? personal enterprise* shared key WEP 6. What are three functions provided by the syslog service? (Choose three.) to select the type of logging information that is captured* to provide traffic analysis to specify the destinations of captured messages* to provide statistics on packets that are flowing through a Cisco device to gather logging information for monitoring and troubleshooting* to periodically poll agents for data 7. A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate? access denial of service reconnaissance* information theft 8. A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem? Set the application registry key value to one. Use the Add or Remove Programs utility to set program access and defaults. Change the startup type for the utility to Automatic in Services.* Uninstall the program and then choose Add New Programs in the Add or Remove Programs utility to install the application. 9. What is the motivation of a white hat attacker? discovering weaknesses of networks and systems to improve the security level of these systems* studying operating systems of various platforms to develop a new system fine tuning network devices to improve their performance and efficiency taking advantage of any vulnerability for illegal personal gain 10. Which two types of hackers are typically classified as grey hat hackers? (Choose two.) hacktivists* cyber criminals state-sponsored hackers script kiddies vulnerability brokers* 11. What are two shared characteristics of the IDS and the IPS? (Choose two.) Both have minimal impact on network performance. Both analyze copies of network traffic. Both are deployed as sensors.* Both rely on an additional network device to respond to malicious traffic. Both use signatures to detect malicious traffic.* 12. An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this? bluejacking RF jamming bluesnarfing* smishing 13. An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted? SHS VLANS RAID VPN* 14. A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done? Turn off the firewall. Remove unnecessary programs and services.* Disconnect the computer from the network. Give the computer a nonroutable address. Install a hardware firewall. Remove the administrator account. 15. Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus? wired networks virtual networks wireless networks* sneaker net 16. What are two types of attacks used on DNS open resolvers? (Choose two.) ARP poisoning resource utilization* cushioning amplification and reflection* fast flux 17. What would be the target of an SQL injection attack? database* email DHCP DNS 18. A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective? Implement a VLAN. Implement intrusion detection systems. Implement RAID. Implement a firewall.* 19. Match the network service with the description. Explanation: Place the options in the following order: Notifies the administrator with detailed system messages Syslog Provides statistics on IP packets flowing through network devices NetFlow Synchronizes the time across all devices on the network NTP Allows administrators to manage network nodes SNMP 20. Which method can be used to harden a device? allow USB auto-detection use SSH and disable the root account access over SSH* allow default services to remain enabled maintain use of the same passwords 21. Which user can override file permissions on a Linux computer? root user* any user that has ‘group’ permission to the file only the creator of the file any user that has ‘other’ permission to the file 22. Which wireless parameter is used by an access point to broadcast frames that include the SSID? passive mode* channel setting active mode security mode 23. What is the outcome when a Linux administrator enters the man man command? The man man command provides documentation about the man command* The man man command provides a list of commands available at the current prompt The man man command opens the most recent log file The man man command configures the network interface with a manual address 24. Which technique could be used by security personnel to analyze a suspicious file in a safe environment? whitelisting baselining blacklisting sandboxing* 25. What are three benefits of using symbolic links over hard links in Linux? (Choose three.) Symbolic links can be exported. They can be compressed. They can link to a file in a different file system.* They can link to a directory.* They can be encrypted. They can show the location of the original file.* 26. Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet? traffic class version flow label next header* 27. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? phishing* backdoor Trojan vishing 28. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats? website filtering and blacklisting threat intelligence* network admission control network profiling 29. After host A receives a web page from server B, host A terminates the connection with server B. Match each option to its correct step in the normal termination proccess for a TCP connection. Explanation: Place the options in the following order: Host A sends FIN to Server B Step 1 Server B sends ACK to Host A Step 2 Server B sends FIN to Host A Step 3 Host A sends ACK to Server B Step 4 30. A flood of packets with invalid source IP addresses requests a connection on the network. The server busily tries to respond, resulting in valid requests being ignored. What type of attack has occurred? TCP session hijacking TCP reset TCP SYN flood* UDP flood 31. Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain? Windows Defender Local Security Policy* Windows Firewall PowerShell 32. Match the correct sequence of steps typically taken by a threat actor carrying out a domain shadowing attack. Explanation: Place the options in the following order: The website is compromised. Step 1 HTTP 302 cushioning is used. Step 2 Domain shadowing is used. Step 3 An exploit kit landing page is created. Step 4 Malware is spread through its payload. Step 5 33. What is a feature of distributed firewalls? They combine the feature of host-based firewalls with centralized management.* They all use an open sharing standard platform. They use only TCP wrappers to configure rule-based access control and logging systems. They use only iptables to configure network rules. 34. What does the telemetry function provide in host-based security software? It updates the heuristic antivirus signature database. It enables host-based security programs to have comprehensive logging functions.* It blocks the passage of zero-day attacks. It enables updates of malware signatures. 35. What is an attack vector as it relates to network security?a path by which a threat actor can gain access to an internal network device* a defense-in-depth approach to security a particular section of a network design where security is applied a method of reverse engineering binary files
Compartilhar