Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which information security property is supported by encryption?
A. sustainability
B. integrity
C. confidentiality
D. availability
Answer: A
Q2. For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
Answer: D
Q3. Which definition of a fork in Linux is true?
A. daemon to execute scheduled commands
B. parent directory name of a file pathname
C. macros for manipulating CPU sets
D. new process created by a parent process
Answer: C
Q4. Refer to the exhibit.
During an analysis this list of email attachments is found. Which files contain the same content?
A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2
Answer: B
Q5. Which two activities are examples of social engineering? (Choose two)
A. receiving call from the IT department asking you to verify your username/password to maintain the account
B. receiving an invite to your department's weekly WebEx meeting
C. sending a verbal request to an administrator to change the password to the account of a user the administrator does know
D. receiving an email from MR requesting that you visit the secure HR website and update your contract information
E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company
Answer: A,D
Q6. Which security monitoring data type is associated with application server logs?
A. alert data
B. statistical data
C. session data
D. transaction data
Answer: A
Q7. Which encryption algorithm is the strongest?
A. AES
B. CES
C. DES
D. 3DES
Answer: A
Q8. Where is a host-based intrusion detection system located?
A. on a particular end-point as an agent or a desktop application
B. on a dedicated proxy server monitoring egress traffic
C. on a span switch port
D. on a tap switch port
Answer: D
Q9. A firewall requires deep packet inspection to evaluate which layer?
A. application
B. Internet
C. link
D. transport
Answer: A
Q10. Which definition of the virtual address space for a Windows process is true?
A. actual physical location of an object in memory
B. set of virtual memory addresses that it can use
C. set of pages that are currently resident in physical memory
D. system-level memory protection feature that is built into the operating system
Answer: A
Q11. In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall, before it could be built fully?
A. ACK
B. SYN ACK
C. RST
D. PSH, ACK
Answer: B
Q12. Which concern is important when monitoring NTP servers for abnormal levels of traffic?
A. Being the cause of a distributed reflection denial of service attack.
B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.
Answer: C
Q13. Which two terms are types of cross site scripting attacks? (Choose two )
A. directed
B. encoded
C. stored
D. reflected
E. cascaded
Answer: C,D
Q14. Which two actions are valid uses of public key infrastructure? (Choose two )
A. ensuring the privacy of a certificate
B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate
Answer: A,C
Q15. Which term represents a weakness in a system that could lead to the system being compromised?
A. vulnerability
B. threat
C. exploit
D. risk
Answer: A
Q16. Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS
Answer: D
Q17. DRAG DROP
Drag the technology on the left to the data type the technology provides on the right.
Answer:
Explanation: Tcpdump = transaction data netflow = session data
Traditional stateful firwall = connection event Web content filtering = full packet capture
Q18. Which tool is commonly used by threat actors on a webpage to take advantage of the software vulner abilities of a system to spread malware?
A. exploit kit
B. root kit
C. vulnerability kit
D. script kiddie kit
Answer: A
Q19. Based on which statement does the discretionary access control security model grant or restrict access ?
A. discretion of the system administrator
B. security policy defined by the owner of an object
C. security policy defined by the system administrator
D. role of a user within an organization
Answer: A
Q20. According to RFC 1035 which transport protocol is recommended for use with DNS queries?
A. Transmission Control Protocol
B. Reliable Data Protocol
C. Hypertext Transfer Protocol
D. User Datagram Protocol
Answer: B
Q21. Which situation indicates application-level white listing?
A. Allow everything and deny specific executable files.
B. Allow specific executable files and deny specific executable files.
C. Writing current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.
Answer: C
Q22. Which definition of Windows Registry is true?
A. set of pages that are currently resident m physical memory
B. basic unit to which the operating system allocates processor time
C. set of virtual memory addresses
D. database that stores low-level settings for the operating system
Answer: C
Q23. Which two protocols are used for email (Choose two )
A. NTP
B. DNS
C. HTTP
D. IMAP
E. SMTP
Answer: C,E
Q24. Which definition describes the main purpose of a Security Information and Event Management solution ?
A. a database that collects and categorizes indicators of compromise to evaluate and search for potential security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall filtering
C. a relay server or device that collects then forwards event logs to another log collection device
D. a security product that collects, normalizes, and correlates event log data to provide holistic views of the security posture
Answer: D
Q25. Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log
Answer: A