Professional Documents
Culture Documents
What is
one probable purpose of the attack?
2.
What is cyberwarfare?
botnet
Trojan horse
worm
virus
4. What is a potential risk when using a free and open wireless hotspot in a public location?
Too many users trying to connect to the Internet may cause a network traffic jam.
Purchase of products from vendors might be required in exchange for the Internet access.
The Internet connection can become too slow when many users access the wireless hotspot.
5. At the request of investors, a company is proceeding with cyber attribution with a particular attack
that was conducted from an external source. Which security term is used to describe the person or
device responsible for the attack?
fragmenter
skeleton
tunneler
threat actor
6. What name is given to an amateur hacker?
script kiddie
blue team
black hat
red hat
7. What commonly motivates cybercriminals to attack networks as compared to hacktivists or state-
sponsored hackers?
political reasons
fame seeking
financial gain
8.
What is a botnet?
a group of web servers that provide load balancing and fault tolerance
It is a hotspot that appears to be from a legitimate business but was actually set up by someone
without the permission from the business.
Data that is collected from servers and websites for anonymous browsing.
11. What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?
DDoS
Stuxnet
PSYOPS
SQL injection
12. A company pays a significant sum of money to hackers in order to regain control of an email and
data server. Which type of security attack was used by the hackers?
DoS
Trojan horse
spyware
Ransomware
1. Which SOC job role manages all the resources of the SOC and serves as a point of contact for the
larger organization or customer?
SME/Threat Hunter
SOC Manager
Cybersecurity Analyst
Incident Responder
2. Which SOC job role processes security alerts and forwards tickets to Tier 2 if necessary?
SME/Threat Hunter
SOC Manager
Cybersecurity Analyst
Incident Responder
3. Which SOC job role is responsible for deep investigation of incidents?
SME/Threat Hunter
SOC Manager
Cybersecurity Analyst
Incident Responder
4. Which device integrates security information and event management into a single platform?
SIEM
SOAR
Threat Hunter
5. Which device integrates orchestration tools and resources to automatically respond to security
events?
SIEM
SOAR
Threat Hunter
1. Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring
software represents a true security incident?
Tier 2 personnel
Tier 3 personnel
SOC Manager
Tier 1 personnel
2. After a security incident is verified in a SOC, an incident responder reviews the incident but cannot
identify the source of the incident and form an effective mitigation procedure. To whom should the
incident ticket be escalated?
MTTR
Dwell Time
MTTC
MTTD
5. Which KPI metric does SOAR use to measure the length of time that threat actors have access to a
network before they are detected and the access of the threat actors stopped?
MTTC
Dwell Time
MTTR
MTTD
6. What is the role of SIEM?
to analyze any OS vulnerabilities and apply security patches to secure the operating systems
to analyze all the data that firewalls, network appliances, intrusion detection systems, and other
devices generate and institute preventive measures
to analyze all the network packets for any malware signatures and update the vulnerabilities
database
to analyze all the network packets for any malware signatures and synchronize the signatures with
the Federal Government databases
7. What is a characteristic of the SOAR security platform?
to provide a user friendly interface that uses the Python programming language to manage security
threats
to interact with the Federal Government security sites and update all vulnerability platforms
8. A network security professional has applied for a Tier 2 position in a SOC. What is a typical job
function that would be assigned to a new employee?
hunting for potential security threats and implementing threat detection tools
monitoring incoming alerts and verifying that a true security incident has occurred
48.25
50.38
60.56
52.56
10. Which organization offers the vendor-neutral CySA+ certification?
IEEE
GIAC
(ISC)²
CompTIA
11. In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool
to investigate?
syslog server
ticketing system
registration system
12. How can a security information and event management system in a SOC be used to help personnel
fight against security threats?
threat intelligence
VPN connection
security monitoring
vulnerability tracking
firewall appliance
1. Which Windows registry hive stores information about object linking and embedding (OLE)
registrations?
HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_CONFIG (HKCC)
HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM)
HKEY_USERS (HKU)
2. Which Windows registry hive stores information about the current hardware profile?
HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_CONFIG (HKCC)
HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM)
HKEY_USERS (HKU)
3. Which Windows registry hive stores information concerning all the user accounts on the host?
HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_CONFIG (HKCC)
HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM)
HKEY_USERS (HKU)
4. Which Windows registry hive stores information concerning the currently logged in user?
HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_CONFIG (HKCC)
HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM)
HKEY_USERS (HKU)
5. Which Windows registry hive stores system-related information?
HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_CONFIG (HKCC)
HKEY_CURRENT_USER (HKCU)
HKEY_LOCAL_MACHINE (HKLM)
HKEY_USERS (HKU)
Event Viewer
Resource Monitor
Task manager
Windows Defender
Windows Registry
2. Which Windows tool logs history, application, security, and system events?
Event Viewer
Resource Monitor
Task manager
Windows Defender
Windows Firewall
Windows Registry
3. Which windows tool or command can be used to look for inbound or outbound TCP connections on
a Windows host that are not authorized?
netstat
Regedit
Net
resource monitor
Nslookup
4. Which Windows tool provides resource information, such as memory, CPU, disk, and network?
Event Viewer
Resource Monitor
Task manager
Windows Defender
Windows Firewall
Windows Registry
5. Which Windows tool is the built-in virus and spyware protection?
Event Viewer
Resource Monitor
Task manager
Windows Defender
Windows Firewall
Windows Registry
6. Which command or tool finds the IP address of a server from a URL?
Net
Windows Registry
Nslookup
net session
Netstat
7. Which Windows tool provides information about applications, processes, and services running on
the computer?
Event Viewer
Resource Monitor
Task manager
Windows Defender
Windows Firewall
Windows Registry
8. Which Windows tool is the database that stores all the information about hardware, applications,
users, and system settings?
Event Viewer
Resource Monitor
Task manager
Windows Defender
Windows Firewall
Windows Registry
1. When a user makes changes to the settings of a Windows system, where are these changes
stored?
Registry
win.ini
boot.ini
Control Panel
2. Which user account should be used only to perform system management and not as the account for
regular use?
administrator
power user
guest
standard user
3. Which command is used to manually query a DNS server to resolve a specific host name?
tracert
ipconfig /displaydns
nslookup
net
4. For security reasons a network administrator needs to ensure that local computers cannot ping each
other. Which settings can accomplish this task?
smartcard settings
firewall settings
BOOTMGR
Windows Registry
CPU
MBR
6. What utility is used to show the system resources consumed by each user?
Device Manager
Event Viewer
Task Manager
User Accounts
7. What term is used to describe a logical drive that can be formatted to store data?
partition
volume
track
sector
cluster
8. How much RAM is addressable by a 32-bit version of Windows?
4 GB
8 GB
16 GB
32 GB
9. Which Windows version was the first to introduce a 64-bit Windows operating system?
Windows 7
Windows 10
Windows NT
Windows XP
10. Which net command is used on a Windows PC to establish a connection to a shared directory on a
remote server?
net share
net session
net start
net use
11. What is the purpose of the cd command?
all active TCP and UDP connections, their current state, and their associated process ID (PID)
13. A security incident has been filed and an employee believes that someone has been on the
computer since the employee left last night. The employee states that the computer was turned off
before the employee left for the evening. The computer is running slowly and applications are acting
strangely. Which Microsoft Windows tool would be used by the security analyst to determine if and
when someone logged on to the computer after working hours?
Event Viewer
Task Manager
Performance Monitor
PowerShell
1. Which type of tool is used by a Linux administrator to attack a computer or network to find
vulnerabilities?
malware analysis
PenTesting
firewall
Cisco IOS
Windows
Mac OS X
Linux
6. Which file system is the primary file system used by Apple in current Macintosh computers?
CDFS
APFS
HFS+
ext2
ext3
7. Consider the result of the ls -l command in the Linux output below. What are the group file
permissions assigned to the analyst.txt file?
ls –l analyst.txt
-rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
full access
read, write
read only
8. In the context of a Linux operating system, which command can be used to display the syntax and
parameters for a specific command?
man
cat
grep
crontab
9. What is a daemon?
a background process that runs without the need for user interaction
chmod
ps
sudo
pwd
11. An author is uploading one chapter document from a personal computer to a file server of a book
publisher. What role is the personal computer assuming in this network model?
transient
server
slave
client
master
12. A technician has captured packets on a network that has been running slowly when accessing the
internet. Which port number should the technician look for within the captured material to locate
HTTP packets?
21
20
110
53
80
13. A system administrator issues the apt-get upgrade command on a Linux operating system. What is
the purpose of this command?
The remote repository of applications and dependencies will be updated to the latest version.
14. Why would a rootkit be used by a hacker?
to do reconnaissance
sequencing
duplexing
multiplexing
segmentation
2. What is the PDU associated with the transport layer?
segment
packet
bits
frame
3. Which protocol stack layer encapsulates data into frames?
data link
transport
network
application
4. What is the name of the process of adding protocol information to data as it moves down the
protocol stack?
de-encapsulation
sequencing
segmentation
Encapsulation
A business can connect directly to the Internet without the use of an ISP.
Applications can be accessed over the Internet by individual users or businesses using any device,
anywhere in the world.
netstat
traceroute
telnet
ipconfig
4. Which OSI model layer contains protocols for process-to-process communication?
session
transport
network
application
5. At which OSI layer is a destination port number added to a PDU during the encapsulation process?
application layer
network layer
transport layer
6. What process involves placing one PDU inside of another PDU?
encoding
encapsulation
flow control
segmentation
7. Which statement accurately describes a TCP/IP encapsulation process when a PC is sending data
to the network?
Segments are sent from the transport layer to the internet layer.
Data is sent from the internet layer to the network access layer.
Packets are sent from the network access layer to the transport layer.
Frames are sent from the network access layer to the internet layer.
8. A web client is receiving a response for a web page from a web server. From the perspective of the
client, what is the correct order of the protocol stack that is used to decode the received
transmission?
BYOD users are responsible for their own network security, thus reducing the need for
organizational security policies.
BYOD provides flexibility in where and how users can access network resources.
BYOD devices are more expensive than devices that are purchased by an organization.
to interpret information
11. Which statement is true about the TCP/IP and OSI models?
The first three OSI layers describe general services that are also provided by the TCP/IP internet
layer.
The TCP/IP network access layer has similar functions to the OSI network layer.
The TCP/IP transport layer and OSI Layer 4 provide similar services and functions.
The OSI Layer 7 and the TCP/IP application layer provide identical functions.
12. What method can be used by two computers to ensure that packets are not dropped because too
much data is being sent too quickly?
encapsulation
response timeout
flow control
access method
1. Which Ethernet frame field assists a host in determining if the frame that is received is addressed to
it?
source address
preamble
destination address
preamble
type
destination address
data field
destination address
Type/Length
preamble
data field
1. What are the two most commonly referenced fields in an IPv4 packet header that indicate where the
packet is coming from and where it is going? (Choose two.)
destination IP address
protocol
Time to Live
source IP address
The source and destination IPv4 addresses remain the same while travelling from source to
destination.
The Time to Live field is used to determine the priority of each packet.
The Total Length and Header Checksum fields are used to reorder a fragmented packet.
Header Checksum
Time to Live
Protocol
Header Checksum
Time to Live
Protocol
network layer
transport layer
session layer
2. Which layer is responsible for taking an IP packet and preparing it for transmission over the
communications medium?
physical layer
network layer
encapsulation
fragmentation
segmentation
serialization
4. Which delivery method does not guarantee that the packet will be delivered fully without errors?
connectionless
best effort
media independent
1. Which two statements are correct about an IPv4 address? (Choose two.)
It is 24 bits in length.
The information within the IPv4 address is sufficient for determining the network portion and host
portion of the address.
2. Which two statements are correct about an IPv4 subnet mask? (Choose two.)
It is 24 bits in length.
It differentiates the network portion from the host portion of an IPv4 address.
The 1 bits determine the network portion of an IPv4 address, and the 0 bits determine the host
portion.
3. Which three statements are correct about the AND operation? (Choose three.)
The AND operation is performed between an IPv4 address and subnet mask.
1 AND 1 results in a 0
1 AND 0 results in a 0
A remote destination host is on the same local network as the sending host.
Local hosts can reach each other without the need of a router.
A default gateway is required to send packets to other hosts on the local network.
The default gateway address is the IP address of the router on the local network.
Traffic can only be forwarded outside the local network if there is no default gateway.
3. Which two commands could be entered on a Windows host to view its IPv4 and IPv6 routing table?
(Choose two.)
netroute -l
netstat -r
print route
route print
print net
collision detection
3. How do hosts ensure that their packets are directed to the correct network destination?
They search in their own local routing table for a route to the network destination address and pass
this information to the default gateway.
They always direct their packets to the default gateway, which will be responsible for the packet
delivery.
They have to keep their own local routing table that contains a route to the loopback interface, a
local network route, and a remote default route.
They send a query packet to the default gateway asking for the best route.
4. A technician uses the ping 127.0.0.1 command. What is the technician testing?
2001:db8:eeff:a:::1
2001:db8:eeff:a:1
2001:db8:eeff:a::0001
2001:db8:eeff:a::1
6. Which function or operation is performed by the LLC sublayer?
16
30
254
256
32
8.
Refer to the exhibit. Consider the IP address configuration shown from PC1. What is a description of
the default gateway address?
It is the IP address of the Router1 interface that connects the PC1 LAN to Router1.
It is the IP address of Switch1 that connects PC1 to other devices on the same LAN.
It is the IP address of the Router1 interface that connects the company to the Internet.
9. What is the command netstat -r used for?
2001:0DB8
ba01
2001:0DB8:75a3
0607:1234:aa10:ba01
11. Which statement describes a MAC address?
It contains two portions, the network portion and the host portion.
It is 128-bits in length.
re-assembles out of order packets into the correct order at the receiver end
10.1.1.1
224.6.6.6
192.167.10.10
172.16.4.4
192.168.5.5
172.32.5.2
ARP
EUI-64
SLAAC
DAD
4. A network administrator can successfully ping the server at www.cisco.com, but cannot ping the
company web server located at an ISP in another city. Which tool or command would help identify
the specific router where the packet was lost or delayed?
telnet
traceroute
netstat
ipconfig
5. A user executes a traceroute over IPv6. At what point would a router in the path to the destination
device drop the packet?
when the target host responds with an ICMP echo reply message
time exceeded
protocol unreachable
network unreachable
port unreachable
7. What message is sent by a host to check the uniqueness of an IPv6 address before using that
address?
router solicitation
echo request
ARP request
neighbor solicitation
8. Which protocol is used by ping to test connectivity between network hosts?
ARP
TCP
DHCP
ICMP
9. A user issues a ping 2001:db8:3040:114::88 command and receives a response that includes a
code of 3. What does this code represent?
port unreachable
network unreachable
protocol unreachable
host unreachable
10. A user issues a ping 192.168.219.8 command and receives a response that includes a code of 0.
What does this code represent?
port unreachable
protocol unreachable
host unreachable
network unreachable
11. What characterizes a traceroute utility?
It identifies the routers in the path from a source host to a destination host.
It sends four Echo Request messages.
to display a list of the near-side router interfaces between the source device and the destination
device
to quickly verify connectivity by sending echo-request messages to the destination and receiving a
series of echo-reply messages from that destination
to query the Domain Name System (DNS) to get domain names and mapping information
DHCPv6
UDP
ICMPv6
ARPv6
1. A host is transmitting a broadcast. Which host or hosts will receive it?
A business can connect directly to the Internet without the use of an ISP.
Applications can be accessed over the Internet by individual users or businesses using any device,
anywhere in the world.
3. A network administrator can successfully ping the server at www.cisco.com, but cannot ping the
company web server located at an ISP in another city. Which tool or command would help identify
the specific router where the packet was lost or delayed?
ipconfig
traceroute
netstat
telnet
4. Which OSI model layer contains protocols for process-to-process communication?
session
network
application
transport
5. At which OSI layer is a destination port number added to a PDU during the encapsulation process?
transport layer
application layer
network layer
6. What process involves placing one PDU inside of another PDU?
encoding
flow control
encapsulation
segmentation
7. Which statement accurately describes a TCP/IP encapsulation process when a PC is sending data
to the network?
Segments are sent from the transport layer to the internet layer.
Data is sent from the internet layer to the network access layer.
Packets are sent from the network access layer to the transport layer.
Frames are sent from the network access layer to the internet layer.
8. A web client is receiving a response for a web page from a web server. From the perspective of the
client, what is the correct order of the protocol stack that is used to decode the received
transmission?
Ethernet, IP, TCP, HTTP
BYOD devices are more expensive than devices that are purchased by an organization.
BYOD provides flexibility in where and how users can access network resources.
BYOD users are responsible for their own network security, thus reducing the need for
organizational security policies.
10. In computer communication, what is the purpose of message encoding?
to interpret information
The OSI Layer 7 and the TCP/IP application layer provide identical functions.
The first three OSI layers describe general services that are also provided by the TCP/IP internet
layer.
The TCP/IP network access layer has similar functions to the OSI network layer.
The TCP/IP transport layer and OSI Layer 4 provide similar services and functions.
12. What method can be used by two computers to ensure that packets are not dropped because too
much data is being sent too quickly?
flow control
response timeout
access method
Encapsulation
1. What field is used by the destination host to reassemble segments into the original order?
Control Bits
Destination Port
Sequence Number
Source Port
Window Size
2. What field is used to provide flow control?
Control Bits
Destination Port
Sequence Number
Source Port
Window Size
3. What happens when a sending host senses there is congestion?
The receiving host increases the number of bytes it sends before receiving an acknowledgment
from the sending host.
The receiving host reduces the number of bytes it sends before receiving an acknowledgment from
the sending host.
The sending host increases the number of bytes it sends before receiving an acknowledgment from
the destination host.
The sending host reduces the number of bytes it sends before receiving an acknowledgment from
the destination host.
1. What are two roles of the transport layer in data communication on a network? (Choose two.)
providing the interface between applications and the underlying network over which messages are
transmitted
tracking the individual communication between applications on the source and destination hosts
HTTP
FTP
VoIP
POP3
DNS
4. Which transport layer feature is used to guarantee session establishment?
The TCP process running on the PC randomly selects the destination port when establishing a
session with the server.
The TCP source port number identifies the sending host on the network.
UDP segments are encapsulated within IP packets for transport across the network.
TCP is the preferred protocol when a function requires lower network overhead.
The UDP destination port number identifies the application or service on the server which will
handle the data.
The source port field identifies the running application or service that will handle data returning to
the PC.
6. What is the purpose of the TCP sliding window?
The message is lost because FTP does not use a reliable delivery method.
8. Which two flags in the TCP header are used in a TCP three-way handshake to establish connectivity
between two network devices? (Choose two.)
RST
URG
SYN
PSH
FIN
ACK
9. Which tool is used to provide a list of open ports on network devices?
Tracert
Nmap
Whois
Ping
10. Which two fields are included in the TCP header but not in the UDP header? (Choose two.)
destination port
checksum
source port
window
sequence number
11.
Refer to the exhibit. Which three lines represent the TCP three-way handshake?
lines 1, 2, and 3
lines 4, 5, and 6
lines 6, 7, and 8
lines 2, 8, and 9
lines 2, 3, and 4
12. What is a characteristic of a TCP server process?
There can be many ports open simultaneously on a server, one for each active server application.
Every application process running on the server has to be configured to use a dynamic port
number.
An individual server can have two services assigned to the same port number within the same
transport layer services.
A host running two different applications can have both configured to use the same server port.
MAC address
subnet mask
True
False
3. In large networks, static IPv4 addresses are usually assigned to which devices? (Choose two.)
personal computers
gateway routers
printers
laptops
4. Which DHCP message is sent from a client when the client starts up and requires an IP address?
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
5. When client sends a DHCPDISCOVER message, how is the message sent?
1. Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a
DHCP server?
DHCPDISCOVER
DHCPREQUEST
DHCPACK
DHCPOFFER
2. On a home network, which device is most likely to provide dynamic IP addressing to clients on the
home network?
a home router
a DNS server
3. Which protocol automates assignment of IP addresses on a network, and which port number does it
use? (Choose two.)
67
DNS
DHCP
53
80
SMB
4. A particular website does not appear to be responding on a Windows 7 computer. What command
could the technician use to show any cached DNS entries for this web page?
ipconfig /all
ipconfig /displaydns
arp -a
nslookup
5. What type of server would use IMAP?
Telnet
email
DHCP
FTP
DNS
6. What is a benefit of using DDNS?
DDNS has a service called ICANN Lookup used to obtain the registration record of a URL.
The DDNS provider detects a change to the client IP address and immediately updates the
mapping change.
DDNS is a more secure version of DNS and has a robust security profile.
DDNS is a starting point for identifying potentially dangerous internet locations that may have been
reached through the network.
7. What application layer protocol describes the services that are used for file sharing in Microsoft
networks?
DHCP
Telnet
DNS
SMB
SMTP
8. Which application layer protocol uses message types such as GET, PUT, and POST?
DHCP
POP3
SMTP
HTTP
DNS
9. Which protocol enables mail to be downloaded from an email server to a client and then deletes the
email from the server?
IMAP
HTTP
SMTP
POP3
10. Which website is considered secure because it encrypts the communication between the website
and visitors?
http://www.secureaccess.com:8080/
ftp://download.openproject.net/
http://www.thebanks.com/
https://www.ourblogs.info/
11.
Refer to the exhibit. NAT is configured on Remote and Main. The PC is sending a request to the web
server. What IPv4 address is the source IP address in the packet between Main and the web
server?
10.130.5.76
192.0.2.1
172.16.1.10
209.165.200.245
203.0.113.5
209.165.200.226
12. Which statement best describes the operation of the File Transfer Protocol?
An FTP server uses a source port number of 21 and a randomly generated destination port number
during the establishment of control traffic with an FTP client.
An FTP server uses a source port number of 20 and a randomly generated destination port number
during the establishment of control traffic with an FTP client.
An FTP client uses a source port number of 21 and a randomly generated destination port number
during the establishment of control traffic with an FTP Server.
An FTP client uses a source port number of 20 and a randomly generated destination port number
during the establishment of data traffic with an FTP Server.
13. In NAT translation for internal hosts, what address would be used by external users to reach internal
hosts?
inside global
outside local
outside global
inside local
14. What is an example of a top-level domain?
www.cisco.com
cisco.com
.com
root.cisco.com
1. Which device must connect to another device to gain access to the network?
end devices
switch
router
2. Which device connects wireless clients to the network?
switch
router
end device
3. Which device uses MAC addresses to determine the exit port?
switch
router
end device
1. For which discovery mode will an AP generate the most traffic on a WLAN?
open mode
active mode
mixed mode
passive mode
2. Which parameter is commonly used to identify a wireless network name when a home wireless AP is
being configured?
ad hoc
SSID
ESS
BESS
3. Which two protocols are considered distance vector routing protocols? (Choose two.)
RIP
OSPF
BGP
EIGRP
ISIS
4. What information does an Ethernet switch examine and use to build its address table?
source IP address
destination IP address
5. Which OSI layer header is rewritten with new addressing information by a router when forwarding
between LAN segments?
Layer 7
Layer 3
Layer 4
Layer 2
6. At what layer of the OSI model do routers operate?
Layer 4
Layer 5
Layer 2
Layer 3
7. Which wireless parameter refers to the frequency bands used to transmit data to a wireless access
point?
security mode
SSID
scanning mode
channel settings
8. What is a role of an intermediary device on a network?
determines the path and directs data along the way to its final destination
forms the interface between the human network and the underlying communication network
9. What information does an Ethernet switch examine and use to forward a frame?
source IP address
destination IP address
10. Which device can control and manage a large number of corporate APs?
LWAP
router
WLC
switch
11. Which two roles are typically performed by a wireless router that is used in a home or small
business? (Choose two.)
Ethernet switch
repeater
WLAN controller
access point
12. What technology is used to prevent Layer 2 loops?
VTP
ARP
NTP
STP
13. Which sentence correctly describes the SVI inter-VLAN routing method?
1. Which network design layer provides endpoints and users with a connection to the network?
Access layer
Core layer
Distribution layer
Hierarchical layer
2. Which network design layer provides connectivity between distribution layers for large LAN
environments?
Access layer
Core layer
Distribution layer
Hierarchical layer
3. Which network design groups interfaces into zones with similar functions or features?
layered
private
self-zone
ZPF
4. Which layer aggregates traffic and provides connectivity to services?
Access layer
Core layer
Distribution layer
Hierarchical layer
1. Which type of firewall filters information at Layers 3, 4, 5, and 7 of the OSI reference model?
Host-based
Hybrid
Application gateway
Packet filtering
Stateful
2. Which type of firewall is a combination of various firewall types?
Host-based
Hybrid
Next generation
Packet filtering
Proxy
Stateful
Transparent
3. Which type of firewall is part of a router firewall, permitting or denying traffic based on Layer 3 and
Layer 4 information?
Host-based
Hybrid
Next generation
Packet filtering
Proxy
Stateful
Transparent
4. Which type of firewall is a PC or server with firewall software running on it?
Host-based
Hybrid
Next generation
Packet filtering
Proxy
Stateful
Transparent
5. Which type of firewall filters IP traffic between a pair of bridged interfaces?
Host-based
Hybrid
Next generation
Packet filtering
Proxy
Stateful
Transparent
1. What allows a switch to make duplicate copies of traffic passing through it, and then send it out a
port with a network monitor attached?
AAA Server
ACL
Port Mirroring
VPN
2. What is a series of commands that control whether a device forwards or drops packets based on
information found in the packet header?
AAA Server
ACL
Port Mirroring
VPN
3. What provides statistics on packet flows passing through a networking device?
NetFlow
NTP
SNMP
Syslog Servers
4. What is a private network that is created over a public network?
AAA Server
ACL
Port Mirroring
VPN
5. What sets the date and time on network devices?
NetFlow
NTP
SNMP
Syslog Servers
6. What gathers a variety of statistics for devices that are configured to send and log status messages?
NetFlow
NTP
SNMP
Syslog
7. Which option allows administrators to monitor and manage network devices?
NetFlow
NTP
SNMP
Syslog Servers
8. What authenticates users to allow access to specific network resources and records what the user
does while connected to the resource?
AAA Server
ACL
Port Mirroring
VPN
An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it
immediately.
An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-
based technology.
An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall.
An IDS can negatively impact the packet flow, whereas an IPS can not.
3. Which two pieces of information should be included in a logical topology diagram of a network?
(Choose two.)
device type
connection type
interface identifier
OS/IOS version
cable specification
4. What is a characteristic of a WAN?
network tap
SNMP
port mirroring
NetFlow
6. What is a function of a proxy firewall?
threat intelligence
network profiling
It is the address to be used by a router to determine the best path to forward packets.
It is used to determine the default gateway of the router that has the ACL applied.
It is the address that is unknown, so the ACL must be placed on the interface closest to the source
address.
9. Which statement describes the Cisco Cloud Web Security?
It is a security appliance that provides an all-in-one solution for securing and controlling web traffic.
It is a cloud-based security service to scan traffic for malware and policy enforcement.
10.
Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts
from the Internet for information about the corporation. What term is used to describe the network
marked as "A"?
DMZ
untrusted network
internal network
NTP
NetFlow
syslog
SNMP
12. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
MD5
ESP
IPsec
AES
13. What is a feature of the TACACS+ protocol?
It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
It encrypts the entire body of the packet for more secure communications.
14. Which layer of the hierarchical design model is a control boundary between the other layers?
network
core
distribution
access
1. Hackers have gained access to account information and can now login into a system with the same
rights as authorized users. What type of attack is this?
compromised key
password-based
DoS
social engineering
2. In what type of attack can threat actors change the data in packets without the knowledge of the
sender or receiver?
eavesdropping
denial of service
data modification
IP address spoofing
3. Threat actors have positioned themselves between a source and destination to monitor, capture,
and control communications without the knowledge of network users. What type of attack is this?
MiTM
eavesdropping
DoS
IP address spoofing
4. A threat actor has gained access to encryption keys that will permit them to read confidential
information. What type of attack is this?
eavesdropping
man-in-the-middle
password-based
compromised key
5. In what type of attack does a threat attacker attach to the network and read communications from
network users?
data modification
eavesdropping
denial of service
password-based
6. A threat actor constructs IP packets that appear to come from a valid source within the corporate
network. What type of attack is this?
eavesdropping
password-based
MiTM
IP address spoofing
7. What type of attack prevents the normal use of a computer or network by valid users?
DoS
password-based
MiTM
IP address spoofing
Criminals use the Internet to attempt to steal money from a banking company.
A country tries to steal defense secrets from another country by infiltrating government networks.
A group of environmentalists launch a denial of service attack against an oil company that is
responsible for a large oil spill.
A teenager breaks into the web server of a local newspaper and posts a picture of a favorite cartoon
character.
2. Which statement describes cybersecurity?
It is an ongoing effort to protect Internet-connected systems and the data associated with those
systems from unauthorized use or harm.
It is the name of a comprehensive security application for end users to protect workstations from
being attacked.
3. What focus describes a characteristic of an indicator of attack (IOA)?
It focuses more on the risk management strategies after an attack and compromise of systems.
It focuses more on the mitigation after an attack and the potential compromised vulnerabilities.
It focuses more on the motivation behind an attack and the means used to compromise
vulnerabilities to gain access to assets.
It focuses more on threat avoidance after an attack and the potential cost implications.
4. What is the motivation of a white hat attacker?
discovering weaknesses of networks and systems to improve the security level of these systems
risk avoidance
risk retention
risk sharing
risk reduction
6. Which type of network threat is intended to prevent authorized users from accessing resources?
reconnaissance attacks
access attacks
DoS attacks
trust exploitation
7. What security tool allows a threat actor to hack into a wireless network and detect security
vulnerabilities?
KisMac
NMap
SuperScan
Click fuzzers
8. Which statement describes the term attack surface?
risk reduction
risk avoidance
risk transfer
risk acceptance
10. What characteristic describes script kiddies?
threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign
governments, terrorist groups, and corporations
hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or
rewards
inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically
not for profit
hackers who rally and protest against different political and social ideals
11. What characteristic describes a gray hat hacker?
individuals who use programming skills for good, ethical, and legal purposes
individuals who commit cyber crimes but not for personal gain or to cause damage
unethical criminals who violate computer and network security for personal gain or for malicious
reasons
12. A company has contracted with a network security firm to help identify the vulnerabilities of the
corporate network. The firm sends a team to perform penetration tests to the company network. Why
would the team use forensic tools?
to reverse engineer binary files when writing exploits and when analyzing malware
to obtain specially designed operating systems preloaded with tools optimized for hacking
to detect installed tools within files and directories that provide threat actors remote access and
control over a computer or network
to probe network devices, servers, and hosts for open TCP or UDP ports
to detect installed tools within files and directories that provide threat actors remote access and
control over a computer or network
to detect any evidence of a hack or malware in a computer or network
to reverse engineer binary files when writing exploits and when analyzing malware
1. What type of malware executes arbitrary code and installs copies of itself in the memory of the
infected computer? The main purpose of this malware is to automatically replicate from system to
system across the network.
trojan horse
adware
ransomware
worm
2. What type of malware typically displays annoying pop-ups to generate revenue for its author?
adware
ransomware
scareware
phishing
3. What type of malware encrypts all data on a drive and demands payment in Bitcoin cryptocurrence
to unencrypt the files?
phishing
scareware
ransomware
virus
4. What type of malware attempts to convince people to divulge their personally identifable information
(PII)?
phishing
rootkit
ransomware
trojan horse
reconnaissance
access
DoS
social engineering
2. What type of attack is tailgating?
reconnaissance
access
DoS
social engineering
3. What type of attack is port scanning?
reconnaissance
access
DoS
social engineering
4. What is the weakest link in network security?
routers
people
TCP/IP
Once installed on a host system, a virus will automatically propagate itself to other systems.
A virus is triggered by an event on the host system.
IP spoofing attack
brute-force attack
reconnaissance
access
social engineering
DoS
6. What is the term used when a malicious party sends a fraudulent email disguised as being from a
legitimate, trusted source?
backdoor
Trojan
vishing
phishing
7. What is the primary goal of a DoS attack?
to prevent the target server from being able to handle additional requests
8. What is the best description of Trojan horse malware?
Tracert
Whois
Ping
Nmap
10.
A virus focuses on gaining privileged access to a device, whereas a worm does not.
A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch
both DoS and DDoS attacks.
A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
A virus replicates itself by attaching to another file, whereas a worm can replicate itself
independently.
11. What is the main goal of using different evasion techniques by threat actors?
They probe a group of machines for open ports to learn which services are running.
They are maliciously formed code segments used to replace legitimate applications.
1. What allows analysts to request and receive information about the operation of network devices?
NetFlow
SIEM
SNMP
Tcpdump
Wireshark
2. What application captures frames that are saved in a file that contains the frame information,
interface information, packet length, and time stamps?
NetFlow
SIEM
SNMP
Tcpdump
Wireshark
3. Which tool can be used for network and security monitoring, network planning, and traffic analysis?
NetFlow
SIEM
SNMP
Tcpdump
Wireshark
4. Which tool is used in enterprise organizations to provide real time reporting and long-term analysis
of security events?
NetFlow
SIEM
SNMP
Tcpdump
Wireshark
5. Which utility provides numerous command-line options for capturing packets?
NetFlow
SIEM
SNMP
Tcpdump
Wireshark
1. What network monitoring tool can be used to copy packets moving through one port, and send those
copies to another port for analysis?
NAC
syslog
SNMP
SPAN
2. What is the purpose of the Cisco NetFlow IOS technology?
NetFlow
network tap
IDS
SNMP
4. Which network monitoring tool can provide a complete audit trail of basic information of all IP flows
on a Cisco router and forward the data to a device?
SIEM
Wireshark
SPAN
NetFlow
5. What is a monitoring tool used for capturing traffic statistics?
SNMP
NetFlow
syslog
SPAN
6. Which capability is provided by the aggregation function in SIEM?
increasing speed of detection and reaction to security threats by examining logs from many systems
and applications
searching logs and event records of multiple sources for more complete forensic analysis
7. What is an essential function of SIEM?
providing 24x7 statistics on packets flowing through a Cisco router or multilayer switch
correlation
retention
aggregation
forensic analysis
9. Which network monitoring capability is provided by using SPAN?
Traffic exiting and entering a switch is copied to a network monitoring device.
Network analysts are able to access network device log files and to monitor network behavior.
Statistics on packets flowing through Cisco routers and multilayer switches can be captured.
10. Which network tool uses artificial intelligence to detect incidents and aid in incident analysis and
response?
Wireshark
SOAR
NetFlow
SIEM
11. Which network monitoring tool allows an administrator to capture real-time network traffic and
analyze the entire contents of packets?
nmap
SIEM
SOAR
Wireshark
12. Which technology is an open source SIEM system?
ELK
Wireshark
Splunk
StealthWatch
1. Which attack is being used when threat actors position themselves between a source and
destination to transparently monitor, capture, and control the communication?
ICMP Attack
MiTM Attack
Session Hijacking
2. Which attack is being used when threat actors gain access to the physical network, and then use an
MiTM attack to capture and manipulate a legitimate user’s traffic?
ICMP Attack
MiTM Attack
Session Hijacking
3. Which attack is being used when threat actors initiate a simultaneous, coordinated attack from
multiple source machines?
Address Spoofing Attack
ICMP Attack
MiTM Attack
Session Hijacking
4. Which attack is being used when threat actors use pings to discover subnets and hosts on a
protected network, to generate flood attacks, and to alter host routing tables?
ICMP Attack
MiTM Attack
Session Hijacking
5. Which attack being used is when a threat actor creates packets with false source IP address
information to either hide the identity of the sender, or to pose as another legitimate user?
ICMP Attack
MiTM Attack
Session Hijacking
DoS attack
DoS attack
DoS attack
DoS attack
1. Users in a company have complained about network performance. After investigation, the IT staff
has determined that an attacker has used a specific technique that affects the TCP three-way
handshake. What is the name of this type of network attack?
DDoS
SYN flood
session hijacking
DNS poisoning
2. Which type of attack involves the unauthorized discovery and mapping of network systems and
services?
trust exploitation
reconnaissance
DoS
access
3. In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP
connections?
reset attack
ICMP redirects
A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP
server.
A rogue node replies to an ARP request with its own MAC address indicated for the target IP
address.
6. How is optional network layer information carried by IPv6 packets?
buffer overflow
trust exploitation
port redirection
8. A disgruntled employee is using some free wireless networking tools to determine information about
the enterprise wireless networks. This person is planning on using this information to hack the
wireless network. What type of attack is this?
reconnaissance
DoS
Trojan horse
access
9. Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
protocol
header checksum
TTL
10. Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly?
Sequence Number
Acknowledgment Number
Differentiated Services
Time-to-Live
11. Which field in an IPv6 packet is used by the router to determine if a packet has expired and should
be dropped?
Hop Limit
No Route to Destination
Address Unreachable
TTL
12. A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on
the network. The program sweeps through all of the known ports trying to find closed ports. It causes
the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which
two programs could be used by the threat actor to launch the attack? (Choose two.)
WireShark
UDP Unicorn
Smurf
ping
13. A threat actor wants to interrupt a normal TCP communication between two hosts by sending a
spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed
packet?
SYN
FIN
RST
ACK
1. What enables a threat actor to impersonate the default gateway and receive all traffic that is sent to
hosts that are not on the local LAN segment?
DNS tunneling
cross-site scripting
ARP cache poisoning
iFrame attacks
2. What should a cybersecurity analyst look for to detect DNS tunneling?
cross-site scripting
client-side scripting
iFrame attack
SQL injection
4. In what type of attack are HTTP redirect messages used to send users to malicious websites?
domain shadowing
iFrame attacks
cross-site scripting
1. Which action best describes a MAC address spoofing attack?
altering the MAC address of an attacking host to match that of a legitimate host
The attacker provides incorrect DNS and default gateway information to clients.
3. In which type of attack is falsified information used to redirect users to malicious Internet sites?
domain generation
tunneling
shadowing
cache poisoning
5. Which language is used to query a relational database?
SQL
Java
Python
C++
6. Which term is used for bulk advertising emails flooded to as many end users as possible?
adware
spam
phishing
brute force
7. Which protocol would be the target of a cushioning attack?
ARP
DHCP
DNS
HTTP
8. Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a
man-in-the-middle attack?
DNS
DHCP
ICMP
HTTP or HTTPS
9. What is an objective of a DHCP spoofing attack?
to attack a DHCP server and make it unable to provide valid IP addresses to DHCP clients
to intercept DHCP messages and alter the information before sending to DHCP clients
to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are
directed to a fake server
10. How do cybercriminals make use of a malicious iFrame?
The iFrame allows the browser to load a web page from another source.
11. What is a characteristic of a DNS amplification and reflection attack?
Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source
of an attack.
Threat actors use malware to randomly generate domain names to act as rendezvous points.
Threat actors hide their phishing and malware delivery sites behind a quickly-changing network of
compromised DNS hosts.
Threat actors use a DoS attack that consumes the resources of the DNS open resolvers.
12. Which two attacks target web servers through exploiting possible vulnerabilities of input functions
used by an application? (Choose two.)
port redirection
port scanning
trust exploitation
SQL injection
cross-site scripting
1. How does BYOD change the way in which businesses implement networks?
BYOD devices are more expensive than devices that are purchased by an organization.
BYOD provides flexibility in where and how users can access network resources.
BYOD users are responsible for their own network security, thus reducing the need for
organizational security policies.
BYOD requires organizations to purchase laptops rather than desktops.
2. Which device is usually the first line of defense in a layered defense-in-depth approach?
firewall
edge router
internal router
cabbage
artichoke
lettuce
onion
4. Which type of business policy establishes the rules of conduct and the responsibilities of employees
and employers?
employee
company
data
security
5. An administrator is concerned with restricting which network applications and uses are acceptable to
the organization. What security policy component does the administrator use to address these
concerns?
remote access policy
password policies
firewall
host
internal router
edge router
8.
Refer to the exhibit. The security policy of an organization allows employees to connect to the office
intranet from their homes. Which type of security policy is this?
incident handling
remote access
acceptable use
network maintenance
9. What is a characteristic of a layered defense-in-depth security approach?
The failure of one safeguard does not affect the effectiveness of the other safeguards.
The layers define a set of security objectives for a company and define the rules of behavior for
users and administrators.
10. Which is a BYOD security best practice?
have all users install an antivirus program of their choice on the BYOD device
11. What do security compliance regulations define?
what organizations are responsible for providing and the liability for failure to comply
which defense-in-depth mechanisms to adopt
edge router
switch
firewall
internal router
13. Which two areas must an IT security person understand in order to identify vulnerabilities on a
network? (Choose two.)
1. Which access control model is based on attributes of the object (resource) to be accessed, the
subject (user) accessing the resource, and environmental factors regarding how the object is to be
accessed, such as time of day?
attribute-based control
2. Which access control model is based on an individual’s roles and responsibilities within the
organization?
attribute-based control
1. Which component of AAA is used to determine which resources a user can access and which
operations the user is allowed to perform?
accounting
authorization
auditing
authentication
2. What is the biggest issue with local implementation of AAA?
integrity
confidentiality
availability
scalability
4. What is an example of privilege escalation attack?
A DDoS attack is launched against a government server and causes the server to crash.
A port scanning attack finds that the FTP service is running on a server that allows anonymous
access.
authentication
authorization
accessing
accounting
7. Which objective of secure communications is achieved by encrypting data?
authentication
confidentiality
availability
integrity
8. What are three access control security services? (Choose three.)
access
authentication
authorization
availability
repudiation
accounting
9. Which access control model allows users to control access to data as an owner of that data?
TACACS+
RADIUS
SNMP
SSH
802.1x
11. What three items are components of the CIA triad? (Choose three.)
integrity
confidentiality
intervention
scalability
availability
access
12. Which type of access control applies the strictest access control and is commonly used in military or
mission critical applications?
1. What is the free service that is offered by the U.S. Department of Homeland Security?
AIS
CVE
FireEye Helix
Talos
2. What is a world leading threat intelligence team with a goal to help protect enterprise users, data,
and infrastructure from active adversaries?
AIS
CVE
FireEye Helix
Talos
3. Which security operations platform integrates and enhances a range of security tools and threat
intelligence??
AIS
CVE
FireEye Helix
Talos
4. What are three threat intelligence information sharing specifications?
STIX
TAXII
FireEye Helix
CyberOX
CVE
TAXII
STIX
IOC
3. What is the primary function of (ISC2)?
to maintain a list of common vulnerabilities and exposures (CVE) used by prominent security
organizations
MISP
TAXII
CybOX
Talos
5. What is the Common Vulnerabilities and Exposures (CVE) used by the MITRE Corporation?
AIS
FireEye
STIX
CVE
7. What is the primary function of SANS?
to foster cooperation and coordination in information sharing, incident prevention, and rapid reaction
to enable the exchange of CTI in an automated, consistent, and machine readable format
to offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and
incident response
to provide vendor neutral education products and career services to industry professionals
worldwide
to enable a variety of computer security incident response teams to collaborate, cooperate, and
coordinate information sharing, incident prevention, and rapid reaction strategies
to provide a security news portal that aggregates the latest breaking news pertaining to alerts,
exploits, and vulnerabilities
10. What threat intelligence group provides blogs and podcasts to help network security professionals
remain effective and up-to-date?
Mitre
Talos
FireEye
CybOX