Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A firewall requires deep packet inspection to evaluate which layer?
A. application
B. Internet
C. link
D. transport
Answer: A
Q2. Which concern is important when monitoring NTP servers for abnormal levels of traffic?
A. Being the cause of a distributed reflection denial of service attack.
B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.
Answer: C
Q3. Which definition describes the main purpose of a Security Information and Event Management solution ?
A. a database that collects and categorizes indicators of compromise to evaluate and search for potential security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall filtering
C. a relay server or device that collects then forwards event logs to another log collection device
D. a security product that collects, normalizes, and correlates event log data to provide holistic views of the security posture
Answer: D
Q4. Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple
B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP addresses
E. Identify the malware variant carried by ^n SMTP connection
Answer: B,E
Q5. Where is a host-based intrusion detection system located?
A. on a particular end-point as an agent or a desktop application
B. on a dedicated proxy server monitoring egress traffic
C. on a span switch port
D. on a tap switch port
Answer: D
Q6. In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall, before it could be built fully?
A. ACK
B. SYN ACK
C. RST
D. PSH, ACK
Answer: B
Q7. For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
Answer: D
Q8. Which cryptographic key is contained in an X.509 certificate?
A. symmetric
B. public
C. private
D. asymmetric
Answer: D
Q9. Which option is a purpose of port scanning?
A. Identify the Internet Protocol of the target system.
B. Determine if the network is up or down
C. Identify which ports and services are open on the target host.
D. Identify legitimate users of a system.
Answer: A
Q10. Which security monitoring data type is associated with application server logs?
A. alert data
B. statistical data
C. session data
D. transaction data
Answer: A
Q11. Which statement about digitally signing a document is true?
A. The document is hashed and then the document is encrypted with the private key.
B. The document is hashed and then the hash is encrypted with the private key.
C. The document is encrypted and then the document is hashed with the public key
D. The document is hashed and then the document is encrypted with the public key.
Answer: C
Q12. Refer to the exhibit.
During an analysis this list of email attachments is found. Which files contain the same content?
A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2
Answer: B
Q13. Which hash algorithm is the weakest?
A. SHA-512
B. RSA 4096
C. SHA-1
D. SHA-256
Answer: D
Q14. Which definition of a process in Windows is true?
A. running program
B. unit of execution that must be manually scheduled by the application
C. database that stores low-level settings for the OS and for certain applications
D. basic unit to which the operating system allocates processor time
Answer: C
Q15. Which term represents the practice of giving employees only those permissions necessary to perform their specific role within an organization?
A. integrity validation
B. due diligence
C. need to know
D. least privilege
Answer: D
Q16. DRAG DROP
Drag the technology on the left to the data type the technology provides on the right.
Answer:
Explanation: Tcpdump = transaction data netflow = session data
Traditional stateful firwall = connection event Web content filtering = full packet capture
Q17. Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS
Answer: D
Q18. Which two protocols are used for email (Choose two )
A. NTP
B. DNS
C. HTTP
D. IMAP
E. SMTP
Answer: C,E
Q19. Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks?
A. Internet Control Message Protocol
B. Address Resolution Protocol
C. Session Initiation Protocol
D. Transmission Control Protocol/Internet Protocol
Answer: A
Q20. Based on which statement does the discretionary access control security model grant or restrict access ?
A. discretion of the system administrator
B. security policy defined by the owner of an object
C. security policy defined by the system administrator
D. role of a user within an organization
Answer: A
Q21. Which situation indicates application-level white listing?
A. Allow everything and deny specific executable files.
B. Allow specific executable files and deny specific executable files.
C. Writing current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.
Answer: C
Q22. Which definition of the IIS Log Parser tool is true?
A. a logging module for IIS that allows you to log to a database
B. a data source control to connect to your data source
C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
D. a powerful versatile tool that verifies the integrity of the log files
Answer: A
Q23. Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
Answer: C
Q24. Which two actions are valid uses of public key infrastructure? (Choose two )
A. ensuring the privacy of a certificate
B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate
Answer: A,C
Q25. According to RFC 1035 which transport protocol is recommended for use with DNS queries?
A. Transmission Control Protocol
B. Reliable Data Protocol
C. Hypertext Transfer Protocol
D. User Datagram Protocol
Answer: B