New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil 312-38 Certified Network Defender (CND) Exam Practice Test

Page: 1 / 36
Total 362 questions

Certified Network Defender (CND) Questions and Answers

Question 1

What represents the ability of an organization to respond under emergency in order to minimize the damage to its brand name, business operation, and profit?

Options:

A.

Disaster recovery

B.

Incident management

C.

Emergency management

D.

Crisis management

Question 2

Which of the following filters car be applied to detect an ICMP ping sweep attempt using Wireshark?

Options:

A.

icmp.type==8

B.

icmp.type==13

C.

icmp.type==17

D.

icmp.type==15

Question 3

A company wants to implement a data backup method that allows them to encrypt the data ensuring its security as well as access it at any time and from any location. What is the appropriate backup method

that should be implemented?

Options:

A.

Cloud backup

B.

Offsite backup

C.

Hot site backup

D.

Onsite backup

Question 4

Identify the attack signature analysis technique carried out when attack signatures are contained in packet headers.

Options:

A.

Atomic signature-based analysis

B.

Context-based signature analysis

C.

Composite signature-based analysis

D.

Content-based signature analysis

Question 5

James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company

schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email

encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails. What should James use?

Options:

A.

James could use PGP as a free option for encrypting the company's emails.

B.

James should utilize the free OTP software package.

C.

James can use MD5 algorithm to encrypt all the emails

D.

James can enforce mandatory HTTPS in the email clients to encrypt emails

Question 6

Identify the network topology where each computer acts as a repeater and the data passes from one computer to the other in a single direction until it reaches the destination.

Options:

A.

Ring

B.

Mesh

C.

Bus

D.

Star

Question 7

Which RAID level does not provide data redundancy?

Options:

A.

RAID level 0

B.

RAID level 1

C.

RAID level 50

D.

RAID level 10

Question 8

Which of the following connects the SDN application layer and SDN controller and allows communication between the network services and business applications?

Options:

A.

Eastbound API

B.

Westbound API

C.

Northbound API

D.

Southbound API

Question 9

A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other f unction(s) of the device? (Select all that apply)

Options:

A.

Provides access memory, achieving high efficiency

B.

Assigns user addresses

C.

Enables input/output (I/O) operations

D.

Manages security keys

Question 10

The Circuit-level gateway firewall technology functions at which of the following OSI layer?

Options:

A.

Data-link layer

B.

Session layer

C.

Network layer

D.

Transport layer

Question 11

Which among the following tools can help in identifying IoEs to evaluate human attack surface?

Options:

A.

securiCAD

B.

Amass

C.

Skybox

D.

SET

Question 12

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for

disabling a service?

Options:

A.

$ sudo system-ctl disable [service]

B.

$ sudo systemctl disable [service]

C.

$ sudo system.ctl disable [service]

D.

$ sudo system ctl disable [service]

Question 13

Identity the method involved in purging technique of data destruction.

Options:

A.

Incineration

B.

Overwriting

C.

Degaussing

D.

Wiping

Question 14

Ryan works as a network security engineer at an organization the recently suffered an attack. As a countermeasure, Ryan would like to obtain more information about the attacker and chooses to deploy a honeypot into the organizations production environment called Kojoney. Using this honeypot, he would like to emulate the network vulnerability that was attacked previously. Which type of honeypot is he trying to implement?

Options:

A.

High-interaction honeypots

B.

Pure honeypots

C.

Research honeypot

D.

Low-interaction honeypots

Question 15

According to standard loT security practice, loT Gateway should be connected to a -------------

Options:

A.

Border router

B.

Secure router

C.

Pouter that is connected to internal servers

D.

Router that is connected to other subnets

Question 16

Wallcot, a retail chain in US and Canada, wants to improve the security of their administration

offices. They want to implement a mechanism with two doors. Only one of the doors can be opened at a

time. Once people enter from the first door, they have to be authorized to open the next one. Failing

the authorization, the person will be locked between the doors until an authorized person lets him or

her out. What is such a mechanism called?

Options:

A.

Mantrap

B.

Physical locks

C.

Concealed detection device

D.

Alarm system

Question 17

Which of the following is a windows in-built feature that provides filesystem-level encryption in the OS (starting from Windows 2000). except the Home version of Windows?

Options:

A.

Bit Locker

B.

EFS

C.

Disk Utility

D.

FileVault

Question 18

Based on which of the following registry key, the Windows Event log audit configurations are recorded?

Options:

A.

HKEY_LOCAL_MACHINE\SYSTEM\Services\EventLog\ < ErrDev >

B.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EventLog\ < EntAppsvc >

C.

HKEY_LOCAL_MACHINE\CurrentControlSet\Services\EventLog\< ESENT >

D.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ < Event Log >

Question 19

In ______ method, event logs are arranged in the form of a circular buffer.

Options:

A.

Non-wrapping method

B.

LIFO method

C.

Wrapping method

D.

FIFO method

Question 20

In Public Key Infrastructure (PKI), which authority is responsible for issuing and verifying the certificates?

Options:

A.

Registration authority

B.

Certificate authority

C.

Digital Certificate authority

D.

Digital signature authority

Question 21

------------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

Options:

A.

802.15

B.

802.16

C.

802.15.4

D.

802.12

Question 22

Which of the following can be used to suppress fire from Class K sources?

Options:

A.

Foam

B.

Carbon dioxide

C.

Water

D.

Dry Chemical

Question 23

Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

Options:

A.

Use firewalls in Network Address Transition (NAT) mode

B.

Implement IPsec

C.

Implement Simple Network Management Protocol (SNMP)

D.

Use Network Time Protocol (NTP)

Question 24

Jorge has developed a core program for a mobile application and saved it locally on his system. The

next day, when he tried to access the file to work on it further, he found it missing from his system.

Upon investigation, it was discovered that someone got into his system since he had not changed his

login credentials, and that they were the ones that were given to him by the admin when he had joined

the organization. Which of the following network security vulnerabilities can be attributed to Jorge’s

situation?

Options:

A.

System account vulnerabilities

B.

User account vulnerabilities

C.

Default password and settings

D.

Network device misconfiguration

Question 25

John has planned to update all Linux workstations in his network. The organization is using various Linux distributions including Red hat, Fedora and Debian. Which of following commands will he use to

update each respective Linux distribution?

XXQuestion # 25

Options:

A.

1-iii,2-iv,3-ii,4-v

B.

1-iv,2-v,3-iv,4-iii

C.

1-v,2-iii,3-i,4-iv

D.

1-ii,2-i,3-iv,4-iii

Question 26

Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.

Options:

A.

FHSS

B.

DSSS

C.

OFDM

D.

ISM

Question 27

John is a senior network security administrator working at a multinational company. He wants to block specific syscalls from being used by container binaries. Which Linux kernel feature restricts actions

within the container?

Options:

A.

Cgroups

B.

LSMs

C.

Seccomp

D.

Userns

Question 28

Byron, a new network administrator at FBI, would like to ensure that Windows PCs there are up-to-date and have less internal security flaws. What can he do?

Options:

A.

Install antivirus software and turn off unnecessary services

B.

Centrally assign Windows PC group policies

C.

Download and install latest patches and enable Windows Automatic Updates

D.

Dedicate a partition on HDD and format the disk using NTFS

Question 29

What is the correct order of activities that a IDS is supposed to attempt in order to detect an intrusion?

Options:

A.

Prevention, Intrusion Monitoring, Intrusion Detection, Response

B.

Intrusion Monitoring, Intrusion Detection, Response, Prevention

C.

Intrusion Detection, Response, Prevention, Intrusion Monitoring

D.

Prevention, Intrusion Detection, Response, Intrusion Monitoring

Question 30

Which antenna's characteristic refer to the calculation of radiated in a particular direction. It is generally the ratio of radiation intensity in a given direction to the average radiation intensity?

Options:

A.

Radiation pattern

B.

Polarization

C.

Directivity

D.

Typical gain

Question 31

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

Options:

A.

Proactive approach

B.

Retrospective approach

C.

Preventive approach

D.

Reactive approach

Question 32

Who acts as an intermediary to provide connectivity and transport services between cloud consumers and providers?

Options:

A.

Cloud Auditor

B.

Cloud Broker

C.

Cloud Carrier

D.

Cloud Consultant

Question 33

John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of

implementing?

Options:

A.

Application level gateway

B.

Stateful Multilayer Inspection

C.

Circuit level gateway

D.

Packet Filtering

Question 34

Identify the correct statements regarding a DMZ zone:

Options:

A.

It is a file integrity monitoring mechanism

B.

It is a Neutral zone between a trusted network and an untrusted network

C.

It serves as a proxy

D.

It includes sensitive internal servers such as database servers

Question 35

Which Internet access policy starts with all services blocked and the administrator enables safe and necessary services individually, which provides maximum security and logs everything, such as system

and network activities?

Options:

A.

Internet access policy

B.

Permissive policy

C.

Prudent policy

D.

Paranoid policy

Question 36

Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?

Options:

A.

System Specific Security Policy (SSSP)

B.

Incident Response Policy (IRP)

C.

Enterprise Information Security Policy (EISP)

D.

Issue Specific Security Policy (ISSP)

Question 37

Identify the network topology in which the network devices are connected such that every device has a point-to-point link to all the other devices.

Options:

A.

Star Topology

B.

Hybrid Topology

C.

Mesh Topology

D.

Bus Topology

Question 38

David is working in a mid-sized IT company. Management asks him to suggest a framework that can be used effectively to align the IT goals to the business goals of the company. David suggests the______framework,

as it provides a set of controls over IT and consolidates them to form a framework.

Options:

A.

RMIS

B.

ITIL

C.

ISO 27007

D.

COBIT

Question 39

Bryson is the IT manager and sole IT employee working for a federal agency in California. The agency was just given a grant and was able to hire on 30 more employees for a new extended project. Because of this,

Bryson has hired on two more IT employees to train up and work. Both of his new hires are straight out of college and do not have any practical IT experience. Bryson has spent the last two weeks teaching the new

employees the basics of computers, networking, troubleshooting techniques etc. To see how these two new hires are doing, he asks them at what layer of the OSI model do Network Interface Cards (NIC) work on. What

should the new employees answer?

Options:

A.

NICs work on the Session layer of the OSI model.

B.

The new employees should say that NICs perform on the Network layer.

C.

They should tell Bryson that NICs perform on the Physical layer

D.

They should answer with the Presentation layer.

Question 40

What is the best way to describe a mesh network topology?

Options:

A.

A network the is extremely cost efficient, offering the best option for allowing computers to communicate amongst each other.

B.

A network in which every computer in the network can communicate with a single central computer.

C.

A network in which every computer in the network has a connection to each and every computer in the network.

D.

A network in which every computer meshes together to form a hybrid between a star and bus topology.

Question 41

Which among the following control and manage the communication between VNF with computing, storage, and network resources along with virtualization?

Options:

A.

Orchestrator

B.

VNF Manager(s)

C.

Virtualized Infrastructure Manager(s)

D.

Element Management System (EMS)

Question 42

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your

first reaction as a first responder?

Options:

A.

Avoid Fear, Uncertainty and Doubt

B.

Communicate the incident

C.

Make an initial assessment

D.

Disable Virus Protection

Question 43

John is working as a network defender at a well-reputed multinational company. He wanted to implement security that can help him identify any future attacks that can be targeted toward his organization and

take appropriate security measures and actions beforehand to defend against them. Which one of the following security defense techniques should be implement?

Options:

A.

Reactive security approach

B.

Retrospective security approach

C.

Proactive security approach

D.

Preventive security approach

Question 44

Which of the following indicators are discovered through an attacker's intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?

Options:

A.

Key risk indicators

B.

Indicators of compromise

C.

Indicators of attack

D.

Indicators of exposure

Question 45

How can organizations obtain information about threats through human intelligence?

Options:

A.

By extracting information from security blogs and forums

B.

By discovering vulnerabilities through exploration, understanding malware behavior through malware processing, etc.

C.

From the data of past incidents and network monitoring

D.

From attackers through the dark web and honeypots

Question 46

Which of the following characteristics represents a normal TCP packet?

Options:

A.

SYN and FIN bits are set

B.

Source or destination port b zero

C.

FIN ACK and ACK are used in terminating the connection

D.

The destination address is a broadcast address

Question 47

Alex is administrating the firewall in the organization's network. What command will he use to check the ports applications open?

Options:

A.

Netstat -an

B.

Netstat -o

C.

Netstat -a

D.

Netstat -ao

Question 48

Which of the following is a best practice for wireless network security?

Options:

A.

Enabling the remote router login

B.

Do not changing the default SSID

C.

Do not placing packet filter between the AP and the corporate intranet

D.

Using SSID cloaking

Question 49

Identify the Password Attack Technique in which the adversary attacks cryptographic hash functions based on the probability, that if a hashing process is used for creating a key, then the same is

used for other keys?

Options:

A.

Dictionary Attack

B.

Brute Forcing Attack

C.

Hybrid Attack

D.

Birthday Attack

Question 50

Which of the following examines Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) for a disaster recovery strategy?

Options:

A.

Risk Assessment

B.

Risk Management

C.

Business Continuity Plan

D.

Business Impact Analysis

Question 51

Which authentication technique involves mathematical pattern-recognition of the colored part of the eye behind the cornea?

Options:

A.

Iris Scanning

B.

Retinal Scanning

C.

Facial Recognition

D.

Vein Scanning

Question 52

Which of the following network monitoring techniques requires extra monitoring software or hardware?

Options:

A.

Non-router based

B.

Switch based

C.

Hub based

D.

Router based

Question 53

James, a network admin in a large US based IT firm, was asked to audit and implement security

controls over all network layers to achieve Defense-in-Depth. While working on this assignment, James

has implemented both blacklisting and whitelisting ACLs. Which layer of defense-in-depth architecture is

Jason working on currently?

Options:

A.

Application Layer

B.

Host Layer

C.

Internal Network Layer

D.

Perimeter Layer

Question 54

The network administrator wants to strengthen physical security in the organization. Specifically, to

implement a solution stopping people from entering certain restricted zones without proper credentials.

Which of following physical security measures should the administrator use?

Options:

A.

Video surveillance

B.

Fence

C.

Mantrap

D.

Bollards

Question 55

Which type of antenna is based on the principle of a satellite dish and can pick up Wi-Fi signals from a distance of ten miles of more?

Options:

A.

Yagi antenna

B.

Directional antenna

C.

Omnidirectional antenna

D.

Parabolic Grid antenna

Question 56

Which of the following data security technology can ensure information protection by obscuring specific areas of information?

Options:

A.

Data encryption

B.

Data hashing

C.

Data masking

D.

Data retention

Question 57

Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?

Options:

A.

Hash rule

B.

Path rule

C.

Internet zone rule

D.

Certificate rule

Question 58

Which type of attack is used to hack an IoT device and direct large amounts of network traffic toward a web server, resulting in overloading the server with connections and preventing any new connections?

Options:

A.

XSS

B.

DDoS

C.

XCRF

D.

Sniffing

Question 59

Which type of firewall consists of three interfaces and allows further subdivision of the systems based on specific security objectives of the organization?

Options:

A.

Screened subnet

B.

Bastion host

C.

Unscreened subnet

D.

Multi-homed firewall

Question 60

Ivan needs to pick an encryption method that is scalable even though it might be slower. He has settled on a method that works where one key is public and the other is private. What encryption method did Ivan settle

on?

Options:

A.

Ivan settled on the private encryption method.

B.

Ivan settled on the symmetric encryption method.

C.

Ivan settled on the asymmetric encryption method

D.

Ivan settled on the hashing encryption method

Question 61

Match the following NIST security life cycle components with their activities:

Question # 61

Options:

A.

1-ii, 2-i, 3-v, 4-iv

B.

1-iii, 2-iv, 3-v, 4-i

C.

1-iv, 2-iii, 3-v, 4-i

D.

1-i, 2-v, 3-iii, 4-ii

Question 62

Which OSI layer does a Network Interface Card (NIC) work on?

Options:

A.

Physical layer

B.

Presentation layer

C.

Network layer

D.

Session layer

Question 63

Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With

suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic

normally recorded by the IDS. What type of detection is this network-based IDS system using?

Options:

A.

This network-based IDS system is using anomaly detection.

B.

This network-based IDS system is using dissimilarity algorithms.

C.

This system is using misuse detection.

D.

This network-based IDS is utilizing definition-based detection.

Question 64

Docker provides Platforms-a-Service (PaaS) through __________ and deliver*; containerized software packages

Options:

A.

Storage-level virtualization

B.

Network level virtualization

C.

OS level visualization

D.

Server-level visualization

Question 65

Which type of wireless network attack is characterized by an attacker using a high gain amplifier from a nearby location to drown out the legitimate access point signal?

Options:

A.

Jamming signal attack

B.

Ad Hoc Connection attack

C.

Rogue access point attack

D.

Unauthorized association

Question 66

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal

advice to defend them against this allegation.

Options:

A.

Evidence Manager

B.

Incident Handler

C.

Attorney

D.

PR Specialist

Question 67

How can a WAF validate traffic before it reaches a web application?

Options:

A.

It uses a role-based filtering technique

B.

It uses an access-based filtering technique

C.

It uses a sandboxing filtering technique

D.

It uses a rule-based filtering technique

Question 68

John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which

of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?

Options:

A.

Tcp.flags==0x2b

B.

Tcp.flags=0x00

C.

Tcp.options.mss_val<1460

D.

Tcp.options.wscale_val==20

Question 69

Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works.

The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred's supervisor wants to implement

tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred's boss wants a solution that will be placed on all computers throughout the company and

monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. What type of solution does Fred's boss want to implement?

Options:

A.

Fred's boss wants a NIDS implementation.

B.

Fred's boss wants Fred to monitor a NIPS system.

C.

Fred's boss wants to implement a HIPS solution.

D.

Fred's boss wants to implement a HIDS solution.

Question 70

Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main

nodes fail?

Options:

A.

Failure of the main node affects all other child nodes at the same level irrespective of the main node.

B.

Does not cause any disturbance to the child nodes or its tranmission

C.

Failure of the main node will affect all related child nodes connected to the main node

D.

Affects the root node only

Question 71

An US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that require a minimum of six drives but will meet high fault tolerance and with a

high speed for the data read and write operations. What RAID level is John considering to meet this requirement?

Options:

A.

RAID level 1

B.

RAID level 10

C.

RAID level 5

D.

RAID level 50

Question 72

Michael decides to view the-----------------to track employee actions on the organization's network.

Options:

A.

Firewall policy

B.

Firewall log

C.

Firewall settings

D.

Firewall rule set

Question 73

As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's _________integrity check mechanism provides security against a replay attack

Options:

A.

CRC-32

B.

CRC-MAC

C.

CBC-MAC

D.

CBC-32

Question 74

The agency Jacob works for stores and transmits vast amounts of sensitive government data that cannot be compromised. Jacob has implemented Encapsulating Security Payload (ESP) to encrypt IP traffic. Jacob

wants to encrypt the IP traffic by inserting the ESP header in the IP datagram before the transport layer protocol header. What mode of ESP does Jacob need to use to encrypt the IP traffic?

Options:

A.

He should use ESP in transport mode.

B.

Jacob should utilize ESP in tunnel mode.

C.

Jacob should use ESP in pass-through mode.

D.

He should use ESP in gateway mode

Question 75

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. Which step should Malone list as the last step in the incident response methodology?

Options:

A.

Malone should list a follow-up as the last step in the methodology

B.

Recovery would be the correct choice for the last step in the incident response methodology

C.

He should assign eradication to the last step.

D.

Containment should be listed on Malone's plan for incident response.

Question 76

Which of the following manages the Docker images, containers, networks, and storage volume and processes the request of Docker API?

Options:

A.

Docker CLI

B.

Docker Engine REST API

C.

Docker Daemon

D.

Docker Registries

Question 77

Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is

encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.

Options:

A.

Full Mesh Mode

B.

Point-to-Point Mode

C.

Transport Mode

D.

Tunnel Mode

Question 78

Jeanne is working as a network administrator in an IT company. She wants to control/limit container

access to CPU, memory, swap, block IO (rates), network. Which Linux kernel feature allows Jeanne to

manage, restrict, and audit groups of the process?

Options:

A.

Cgroups

B.

LSMs

C.

Seccomp

D.

Userns

Question 79

Which of the following is consumed into SIEM solutions to take control of chaos, gain in-depth knowledge of threats, eliminate false positives, and implement proactive intelligence-driven defense?

Options:

A.

Threat intelligence sources

B.

Threat intelligence feeds

C.

Threat intelligence platform

D.

Threat intelligence professional services

Question 80

The SNMP contains various commands that reduce the burden on the network administrators.

Which of the following commands is used by SNMP agents to notify SNMP managers about an event occurring in the network?

Options:

A.

SET

B.

TRAPS

C.

INFORM

D.

RESPONSE

Question 81

Which of the following VPN topologies establishes a persistent connection between an organization's main office and its branch offices using a third-party network or the Internet?

Options:

A.

Star

B.

Point-to-Point

C.

Full Mesh

D.

Hub-and-Spoke

Question 82

James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep

attack. Which of the following Wireshark filters will he use?

Options:

A.

lcmp.type==0 and icmp.type==16

B.

lcmp.type==8 or icmp.type==16

C.

lcmp.type==8 and icmp.type==0

D.

lcmp.type==8 or icmp.type==0

Question 83

Chris is a senior network administrator. Chris wants to measure the Key Risk Indicator (KRI) to assess the organization. Why is Chris calculating the KRI for his organization? It helps Chris to:

Options:

A.

Identifies adverse events

B.

Facilitates backward

C.

Facilitates post Incident management

D.

Notifies when risk has reached threshold levels

Question 84

Which of the following RAID storage techniques divides the data into multiple blocks, which are further written across the RAID system?

Options:

A.

Mirroring

B.

Striping

C.

None of these

D.

Parity

Question 85

USB ports enabled on a laptop is an example of____

Options:

A.

System Attack Surface

B.

Network Attack Surface

C.

Physical Attack Surface

D.

Software attack Surface

Question 86

Mark is monitoring the network traffic on his organization's network. He wants to detect a TCP and UDP ping sweep on his network. Which type of filter will be used to detect this on the network?

Options:

A.

Tcp.srcport==7 and udp.srcport==7

B.

Tcp.srcport==7 and udp.dstport==7

C.

Tcp.dstport==7 and udp.srcport==7

D.

Tcp.dstport==7 and udp.dstport==7

Question 87

If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company’s Linux systems, which directory should he access?

Options:

A.

/etc/logrotate.conf

B.

/etc/hosts.allow

C.

/etc/crontab

D.

/etc/login.defs

Question 88

Which of the following is true regarding any attack surface?

Options:

A.

Decrease in vulnerabilities decreases the attack surface

B.

Increase in vulnerabilities decreases the attack surface

C.

Decrease in risk exposures increases the attack surface

D.

Decrease in vulnerabilities increases the attack surface

Question 89

Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?

Options:

A.

Response

B.

Recovery

C.

Resumption

D.

Restoration

Question 90

Which encryption algorithm does S/MIME protocol implement for digital signatures in emails?

Options:

A.

Rivest-Shamir-Adleman encryption

B.

Digital Encryption Standard

C.

Triple Data Encryption Standard

D.

Advanced Encryption Standard

Question 91

If a network is at risk from unskilled individuals, what type of threat is this?

Options:

A.

External Threats

B.

Structured Threats

C.

Unstructured Threats

D.

Internal Threats

Question 92

Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities. What type of network security approach is Daniel adopting?

Options:

A.

Preventative

B.

Reactive

C.

Retrospective

D.

Defense-in-depth

Question 93

Henry needs to design a backup strategy for the organization with no service level downtime. Which backup method will he select?

Options:

A.

Normal backup

B.

Warm backup

C.

Hot backup

D.

Cold backup

Question 94

Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control

measures for their files and folders. Which access control did Ross implement?

Options:

A.

Discretionary access control

B.

Mandatory access control

C.

Non-discretionary access control

D.

Role-based access control

Question 95

George was conducting a recovery drill test as a part of his network operation. Recovery drill tests are conducted on the______________.

Options:

A.

Archived data

B.

Deleted data

C.

Data in transit

D.

Backup data

Question 96

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Options:

A.

tcp.flags==0x003

B.

tcp.flags==0X029

C.

TCP.flags==0x300

D.

tcp.dstport==7

Question 97

John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

Options:

A.

DMZ

B.

Proxies

C.

VPN

D.

NAT

Question 98

Which of the following standards does a cloud service provider has to comply with, to protect the privacy of its customer’s personal information?

Options:

A.

ISO/IEC 27018

B.

ISO/IEC 27019

C.

ISO/IEC 27020

D.

ISO/IEC 27021

Question 99

What is the IT security team responsible for effectively managing the security of the organization’s IT infrastructure, called?

Options:

A.

Grey Team

B.

Red Team

C.

Blue Team

D.

Yellow Team

Question 100

Michelle is a network security administrator working in an MNC company. She wants to set a

resource limit for CPU in a container. Which command-line allows Michelle to limit a container to 2

CPUs?

Options:

A.

--cpu=“2”

B.

$cpu=“2”

C.

--cpus=“2”

D.

$cpus=“2”

Question 101

James was inspecting ARP packets in his organization's network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are

originating. Which type of attack is James analyzing?

Options:

A.

ARP Sweep

B.

ARP misconfiguration

C.

ARP spoofinq

D.

ARP Poisioning

Question 102

A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0. What IP address class is the network range a part of?

Options:

A.

Class C

B.

Class A

C.

Class B

D.

Class D

Question 103

Which IEEE standard does wireless network use?

Options:

A.

802.11

B.

802.18

C.

802.9

D.

802.10

Question 104

Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another

network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

Options:

A.

Based on approval from management

B.

Based on a first come first served basis

C.

Based on a potential technical effect of the incident

D.

Based on the type of response needed for the incident

Question 105

Which of the following wireless encryption provides enhanced password protection, secured IoT connections, and encompasses stronger encryption techniques?

Options:

A.

WEP

B.

WPA

C.

WPA2

D.

WPA3

Question 106

Which type of information security policy addresses the implementation and configuration of technology and user behavior?

Options:

A.

Enterprise information security policy

B.

Acceptable use policy

C.

System specific security policy

D.

Issue-specific security policy

Question 107

Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

Options:

A.

tcp.dstport==7 and udp.srcport==7

B.

tcp.dstport==7 and udp.dstport==7

C.

tcp.dstport==7 and udp.dstport==7

D.

tcp.dstport==7 and udp.srcport==7

Question 108

Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?

Options:

A.

RPO

B.

RFO

C.

RSP

D.

RTO

Page: 1 / 36
Total 362 questions