210 250

Understanding Cisco Cybersecurity Fundamentals
Number: 210-250
Passing Score: 800
Time Limit: 120 min
File Version: 10.0
Exam A
QUESTION 1
What is PHI?
A. Protected HIPAA information

B. Protected health information
C. Personal health information
D. Personal human information
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The Health Insurance Portability and Accountability Act, a U.S. legislation, introduces the concept of
Protected Health Information. PHI and PII are closely related. Under U.S. law, PHI is any information
about health status, provision of health care, or payment for health care that is created or collected by a
"covered entity" (or a business associate of a covered entity), and can be linked to a specific individual. A
covered entity is any health plan, health care clearing house, or health care provider who transmits any
health information in electronic form in connection with a qualified transaction and their business
associates.
QUESTION 2
Which of the following are Cisco cloud security solutions?
A. CloudDLP
B. OpenDNS
C. CloudLock
D. CloudSLS
Correct Answer: BC
Section: (none)
Explanation
https://www.opendns.com/cisco-opendns/
August 2015 — Cisco completed its acquisition of OpenDNS. You can learn more about this exciting
announcement on this page. Please find an FAQ below, and links to Cisco’s press release, a letter from
our CEO, and other important resources.
https://www.cisco.com/c/en/us/products/security/cloudlock/index.html
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud
safely. It protects your cloud users, data, and apps. Cloudlock's simple, open, and automated approach
uses APIs to manage the risks in your cloud app ecosystem. With Cloudlock you can more easily combat
data breaches while meeting compliance regulations.
QUESTION 3
Which evasion method involves performing actions slower than normal to prevent detection?
A. traffic fragmentation
B. tunneling
C. timing attack
D. resource exhaustion
Correct Answer: C
Section: (none)
Explanation
If a port scan is done rapidly or in sequence, it is fairly easy to detect. By monitoring logs such as host-
based firewall logs, a security analyst may be able to see it as activity targeting many different ports on the
same host during a short time. However, attackers discovered long ago that they can avoid detection
by using slow, random scans, and other stealth techniques. Modern tools such as IPSs can help detect
these types of scans.
QUESTION 4
Wich encryption algorithm is the strongest?
A. AES
B. CES
C. DES
D. 3DES
Correct Answer: A
Section: (none)
Explanation
Existing technology and computing power has resulted in cracking machines that are able to crack DES in
just a few hours. It is estimated that it would take 149 trillion years to crack AES using the same method.
QUESTION 5
What is a trunk link used for?
A. To pass multiple virtual LANs

B. To connect more than two switches
C. To enable Spanning Tree Protocol
D. To encapsulate Layer 2 frames
Correct Answer: A
Section: (none)
Explanation
A port normally carries only the traffic for the single VLAN to which it belongs. For a VLAN to span across
multiple switches, a trunk must be configured to connect the two switches together. A trunk can carry
traffic for multiple VLANs as shown in the following figure. A trunk allows multiple VLANs to share the
port connection.
QUESTION 6
Which type of exploit normally requires the culprit to have prior access to the target system?
A. local exploit
B. denial of service
C. system vulnerability
D. remote exploit
Correct Answer: A
Section: (none)
Explanation
Remote Exploits vs. Local Exploits
A remote exploit is one that works over the network without any prior access to the target system. The
threat actor does not need an account on the vulnerable system to exploit the vulnerability.
A local exploit requires prior access to the vulnerable system. Generally, the threat actor has access
to an account on the system. Using their access to that account, they implement the local exploit. Most
commonly, local exploits lead to privilege escalation. Either the account is given privileges beyond the
intended policy for the account, or other access methods are enabled and those methods allow privileges
beyond the intended policy for the account. Note that a local exploit does not necessarily require physical
access to the system. Also, an attacker may use social engineering techniques to trick an authorized user
into performing the local exploit.
QUESTION 7
Which security monitoring data type is associated with application server logs?
A. alert data
B. statistical data
C. session data
D. transaction data
Correct Answer: D
Section: (none)
Explanation
13.3 Describing Security Data Collection
Network Security Monitoring Data Types
Transaction Data
Transaction data highlights operations that occur as a result of network sessions and system activities. For
example, an HTTP daemon may produce log files that document all the client requests it receives along
with its own responses to those requests. An SMTP daemon may produce log files to document
connections from other SMTP systems, the forwarding of email messages to other SMTP systems, and the
storage of email messages in local mail boxes. A Linux system may produce a log file that documents all
OS login and logoff activities. Each of these log files contain transaction data. Note that there is not a one-
to-one relationship between session data and transaction data. An individual network session may not
produce any transactions or it may be associated with several transactions. Transactions may also
document local activities on a system which do not involve network communications.
QUESTION 8
Which network device is used to separate broadcast domains?
A. router
B. repeater
C. switch
D. bridge
Correct Answer: A
Section: (none)
Explanation
2.8 Understanding the Network Infrastructure
Routers
Routing is the process that routers, OSI network layer devices, use to forward data packets between
networks or subnetworks. The routing process uses network routing tables, protocols, and algorithms to
determine the most efficient path for forwarding an IP packet. Routers gather routing information and
update other routers about changes in the network. Routers greatly expand the scalability of networks
by terminating Layer 2 collisions and broadcast domains.
QUESTION 9
Which term represents a weakness in a system that could lead to the system being compromised?
A. vulnerability
B. threat
C. exploit
D. risk
Correct Answer: A
Section: (none)
Explanation
5.4 Describing Information Security Concepts
Risk
A vulnerability is the weakness that makes the resource susceptible to the threat. An attack surface is the
total sum of the vulnerabilities in a given system that is accessible to an attacker. The attack surface
describes different points where an attacker could get into a system, and where they could get data out of
the system.
QUESTION 10
Which option is an advantage to using network-based anti-virus versus host-based anti-virus?
A. Network-based has the ability to protect unmanaged devices and unsupported operating systems.
B. here are no advantages compared to host-based antivirus.
C. Host-based antivirus does not have the ability to collect newly created signatures.
D. Network-based can protect against infection from malicious files at rest.
Correct Answer: D
Section: (none)
Explanation
REVISAR
QUESTION 11
Which two protocols are used for email (Choose two)
A. NTP
B. DNS
C. HTTP
D. IMAP
E. SMTP
Correct Answer: DE
Section: (none)
Explanation
QUESTION 12
At which OSI layer does a router typically operate?
A. Transport
B. Network
C. Data link
D. Application
Correct Answer: B
Section: (none)
Explanation
QUESTION 13
While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple
devices by modifying the IP header,
Which option is making this behaivior possible?
A. TOR
B. NAT
C. encapsulation
D. tunneling
Correct Answer: B
Section: (none)
Explanation
QUESTION 14
Which option is a purpose of port scanning?
A. Identify the Internet Protocol of the target system.

B. Determine if the network is up or down
C. Identify which ports and services are open on the target host.
D. Identify legitimate users of a system.
Correct Answer: C
Section: (none)
Explanation
QUESTION 15
An intrusion detection system begins receiving an abnormally high volume of scanning from numerous
sources.
Which evasion technique does this attempt indicate?
A. traffic fragmentation
B. resource exhaustion
C. timing attack
D. tunneling
Correct Answer: B
Section: (none)
Explanation
QUESTION 16
Which two activities are examples of social engineering? (Choose two)
A. receiving call from the IT department asking you to verify your username/password to maintain the
account
B. receiving an invite to your department's weekly WebEx meeting
C. sending a verbal request to an administrator to change the password to the account of a user the
administratos does know
D. receiving an email form MR requesting that you visit the secure HR resource website and update your
contract information
E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from
someone in the same company
Correct Answer: AC
Section: (none)
Explanation
QUESTION 17
Cisco pxGrid has unified framework with an open API designed in hub-and-spoke
architecture. pxGrid is used to enable the sharing of contextual-based information from which devices?
A. From a Cisco ASA to the CIsco OpenDNS service

B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Ciso ISE session directory to other policy network systems, such as Cisco IOS devices and the
ASA
Correct Answer: D
Section: (none)
Explanation
Stop any attack, anywhere in the network, immediately and automatically. With pxGrid, any connected
technology can instruct the Cisco Identity Services Engine (ISE) to contain a threat.
https://www.cisco.com/c/en/us/products/security/pxgrid.html
QUESTION 18
Which definition of daemon on Linux is true?
A. error check right after the call to fork a process

B. new process created by duplicating the calling process
C. program that runs unobtrusively in the background
D. set of basic CPU instructions
Correct Answer: C
Section: (none)
Explanation
QUESTION 19
A user reports difficulties accessing certain external web pages, When examining traffic to and from the
external domain
in full packet captures,
you notice many SYNs that have the same sequence number, source, and destination IP address,
but have different payloads. Which problem is a possible explanation of this situation?
A. in sufficient network resources

B. failure of full packet capture solution
C. missconfiguration of web filter
D. TCP injection
Correct Answer: D
Section: (none)
Explanation
QUESTION 20
Which definition describes the main purpose of a Security Information and Event Management solution?
A. a database that collects and categorizes indicators of compromise to evaluate and search for potential
security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall filtering
C. a relay server or device collects then forward event log to another log collection device
D. a security product that collects, normalizes and correlates event log data to provide holistic views of the
security posture
Correct Answer: D
Section: (none)
Explanation
REVISAR, no veo en ningun lado que pueda normalizar el trafico ni que tome desiciones
me gusta mas la A
Why SIEM?
Security monitoring and incident response
Anomaly detection
Real-time rules-based alerts
Data correlation
Compliance or regulatory mandated logging and reporting
Automated reports
QUESTION 21
Which information security property is supported by encryption?
A. sustainability
B. integrity
C. confidentiality
D. availability
Correct Answer: C
Section: (none)
Explanation
QUESTION 22
Which term describes the act of a user, without authority or permission, obtaining rights on a system,
beyond what were assigned?
A. authentication tunneling
B. administrative abuse
C. rights explotation
D. privilege escalation
Correct Answer: D
Section: (none)
Explanation
QUESTION 23
Wich definition of the IIS Log Parser tool is true?
A. a logging module for IIS that allows you to log to a database

B. a data source control to connect to your data source
C. a powerfull, versatile tool that makes it possible to run SQL-Like queries against log files
D. a powerful versatile tool that verifies the integrity of the log files
Correct Answer: C
Section: (none)
Explanation
QUESTION 24
What are the advantages of a full-duplex transmission mode compared to half-duplex mode?
(Select all that apply.)
A. Each station can transmit and receive at the same time.

B. It avoids collisions.
C. It makes use of backoff time.
D. It uses a collision avoidance algorithm to transmit
Correct Answer: AB
Section: (none)
Explanation
QUESTION 25
Where is a host-bassed intrusion detection system located?
A. on a particular end-point as an agent or a dektop application

B. on a dedicated proxy server monitoring egress traffic
C. on a span switch port
D. on a tap switch port
Correct Answer: A
Section: (none)
Explanation
QUESTION 26
According to RFC 1035 which transport protocol is recommended for use with DNS queries
A. Transmision Control Protocol

B. Reliable Data Protocol
C. Hpertext Transfer Protocol
D. User Datagram Protocol
Correct Answer: D
Section: (none)
Explanation
https://www.ietf.org/rfc/rfc1035.txt
4.2. Transport
The DNS assumes that messages will be transmitted as datagrams or in a

byte stream carried by a virtual circuit. While virtual circuits can be
used for any DNS activity, datagrams are preferred for queries due to
their lower overhead and better performance. Zone refresh activities
must use virtual circuits because of the need for reliable transfer.
The Internet supports name server access using TCP [RFC-793] on server
port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
port 53 (decimal).
QUESTION 27
Which cryptographic key is contained in a X.509 certificate?
A. symmetruc
B. public
C. private
D. asymmetruc
Correct Answer: B
Section: (none)
Explanation
4.12 Understanding Basic Cryptography Concepts
PKI Overview
Entities enroll with a PKI and receive identity certificates that are signed by a certificate authority. Among
the identity information included in the certificate is the entity's public key.
QUESTION 28
Which concern is important when monitoring NTP server for abnormal level of traffic?
A. Being the cause of a distributed reflection denial of service attack.

B. Users changing the time settings on their systems.
C. A critical server may not hace the correct time synchronized.
D. Watching for rogue devices that have been added to the network.
Correct Answer: A
Section: (none)
Explanation
QUESTION 29
Which definition of permissions in Linux is true?
A. rules that allow network traffic to go in anda out

B. table maintenance program
C. written affidavit that you have to sign before using the system
D. attributes of ownership and control of an object
Correct Answer: D
Section: (none)
Explanation
QUESTION 30
Which type of attack occurs when an attacker utilizes a botnet reflect requests of an NTP server to
overwhelm their target?
A. man in the middle
B. denial of service
C. distributed denial of service
D. replay
Correct Answer: C
Section: (none)
Explanation
QUESTION 31
In computer security, which information is the term PHI used to describe?
A. privete host information

B. protected helth information
C. personal health information
D. protected host information
Correct Answer: B
Section: (none)
Explanation
https://www.hipaa.com/hipaa-protected-health-information-what-does-phi-include/
HIPAA ‘Protected Health Information’: What Does PHI Include?

[...]
QUESTION 32
Which hash algotithm is the weakest?
A. SHA-512
B. RSA-4096
C. SHA-1
D. SHA-256
Correct Answer: C
Section: (none)
Explanation
RSA se descarta por tratarse de un sistema de cifrado.
Del resto de los listados SHA-1 es el que utiliza una cantidad menor de bits para representar el digest y se
han encontrado colisiones en el mismo.
QUESTION 33
For witch reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer
D. SSL interception
Correct Answer: D
Section: (none)
Explanation
REVISAR
A. encryption
SSL interception lo conozco como una herramienta en los proxys para revisar el trafico
QUESTION 34
Which two options are recognized forms of phishing? (Choose two)
A. spear
B. whaling
C. mailbomb
D. hooking
E. mailnet
Correct Answer: AB
Section: (none)
Explanation
10.8 Understanding Common Endpoint Attacks
Social Engineering Example: Phishing
Spear phishing: Emails are sent to smaller, more targeted groups. Spear phishing may even target a
single individual. Knowing more about the target community allows the attacker to craft an email that is
more likely to successfully deceive the target.
Whaling: Like spear phishing, whaling uses the concept of targeted emails; however, it increases the
profile of the target. The target of a whaling attack is often one or more of the top executives of an
organization. The content of the whaling email is something that is designed to get an executive’s
attention, such as a subpoena request or a complaint from an important customer.
QUESTION 35
Which protocol is expected to have NTP a user agent, host, and referrer headers in a packet capture?
A. NTP
B. HTTP
C. DNS
D. SSH
Correct Answer: B
Section: (none)
Explanation
No entiendo que cosa pregunta pero supongo que hace referencia al header referer de HTTP
QUESTION 36
Refer to the exhibiti. A TFTP server has recently been installed in the Altanta office.
The network administrator is located in the NY office and has attempted to make a connection to the TFTP
server.
They are unable to backup the configuration file and Cisco IOS of the NY router to the TFTP server.
Which cause of this problem is true?
A. The TFTP server cannot obtain an address from a DHCP Server.

B. The TFTP server has an incorrect IP address.
C. The network administrator computer has an incorrect IP address.
D. The TFTP server has an incorrect subnet mask
Correct Answer: A
Section: (none)
Explanation
Abstract
To participate in wide-area IP networking, a host needs to be

configured with IP addresses for its interfaces, either manually by
the user or automatically from a source on the network such as a
Dynamic Host Configuration Protocol (DHCP) server. Unfortunately,
such address configuration information may not always be available.
It is therefore beneficial for a host to be able to depend on a
useful subset of IP networking functions even when no address
configuration is available. This document describes how a host may
automatically configure an interface with an IPv4 address within the
169.254/16 prefix that is valid for communication with other devices
connected to the same physical (or logical) link.
https://tools.ietf.org/html/rfc3927
QUESTION 37
Which data can be obtained using NetFlow?
A. session data
B. application logs
C. network downtime
D. report full packet capture
Correct Answer: A
Section: (none)
Explanation
NetFlow
From a network security monitoring perspective, NetFlow provides session data. NetFlow captures basic
information about every IP conversation that takes place through the monitored network device, including
the identities of the systems involved in the conversation, the time of the communication, and the amount
of data transferred.
QUESTION 38
Drag the technology on the left to the data type technology provides on the right.
Exhibit:
Select and Place:

Correct Answer:
Section: (none)
Explanation
netflow = sesion data
tcpdump = full packet capture
web content filtering = transaction data
traditional statefull firewall = connection event
QUESTION 39
Which protocol is primarily supported by the third layer of the Open System Intercomunication reference
model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/MPLS
Correct Answer: B
Section: (none)
Explanation
QUESTION 40
Drag the data source on the left to the correct data type on the right.
Select and Place:
Correct Answer:
Section: (none)
Explanation
netflow = session data
ips = alert data
Wireshark = full packet capture
server log = transaction data
QUESTION 41
Which directory is commonly used on Linux systems to store log files, including syslog and apache logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log
Correct Answer: D
Section: (none)
Explanation
QUESTION 42
Which security monitoring data type requires the most storage space?
A. full packet capture

B. transaction data
C. statical data
D. session data
Correct Answer: A
Section: (none)
Explanation
QUESTION 43
Stateful and traditional firewalls can analyze packets and judge them against a set of
predetermined rules called access control lists (ACLs). They inspect which of the following
elements within packet? (Choose Two)
A. Session header
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information
Correct Answer: CD
Section: (none)
Explanation
11.6 Understanding Network Security Technologies
Stateful Firewall
Where a stateless packet filter, such as an ACL, accesses on a packet-by-packet basis, a stateful firewall
allows or blocks traffic based on the connection state, port, and protocol. Stateful firewalls inspect all
activity from the opening of a connection until the connection is closed. Data that is associated with each
connection is stored in the firewall connection's state table.
Stateful firewalls can also provide stateful inspection of applications that use a control channel to facilitate
the dynamically negotiated data connection. The FTP protocol is an example that uses a control and data
channel.
QUESTION 44
Which definition of a fork in Linux is true?
A. daemon to execute scheduled commands

B. parent directory name of a file pathname
C. macros for manipulating CPU sets
D. new process created by a parent process
Correct Answer: D
Section: (none)
Explanation
QUESTION 45
Which definition of Windows Registry is true?
A. set of pages that are currently resident in physical memory

B. basic unit to which the operationg system allocates processor time
C. set of virtual memory addresses
D. database that stores low-level settings for the operating system
Correct Answer: D
Section: (none)
Explanation
QUESTION 46
Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple

B. Audit the applications used within a social network web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dinamically translated external public IP addresses
E. Identify the malware variant carried by an SMTP connection
Correct Answer: AD
Section: (none)
Explanation
QUESTION 47
Which two terms are types of cross site scripting attacks? (Choose two)
A. directed
B. encoded
C. stored
D. reflected
E. cascaded
Correct Answer: CD
Section: (none)
Explanation
7.12 Understanding Common Network Application Attacks
Cross-Site Scripting and Request Forgery
Types of XSS attacks include:
Stored (persistent): Stored XSS is the most damaging type because it is permanently stored in the
XSS-infected server. The victim receives the malicious script from the server whenever they visit the
infected web page.
Reflected (non-persistent): Reflected XSS is the most common type of XSS attack. Unlike the stored
XSS, where the attacker must find a web site that allows for permanent injection of the malicious
scripts, reflected XSS attacks only require that the malicious script is embedded in a link. In order for
the attack to succeed, the victim needs to click the infected link. Reflected XSS attacks are typically
delivered to the victims via an email message, or through some other web site. When the victim is
tricked into clicking the infected link, the malicious script is reflected back to the victim's browser, where
it is executed. Vigilant users can avoid reflected attacks.
QUESTION 48
Which term represents the practice of giving employees only those permissions necessary to perform their
specific role within an organization?
A. integrity validation
B. due diligence
C. need to know
D. least privilege
Correct Answer: D
Section: (none)
Explanation
QUESTION 49
Which identifier is used to describe the application or process that submitted a log message?
A. action
B. selector
C. priority
D. facility
Correct Answer: D
Section: (none)
Explanation
Network Security Monitoring Data Types
System logs are displayed in a standard format that allow you to easily navigate through the logs for
pertinent information. All information that is provided in the syslog can be valuable to someone. Analysts
can use the severity levels and facilities to quickly narrow down events. The facility field in the syslog
messages roughly defines the source of the message. From those results, they can look at the mnemonic
and description to get valuable information such as IP addresses, MAC addresses, and protocols.
QUESTION 50
Which term represents the chronological record of how evidence was collected- analyzed, preserved, and
transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
Correct Answer: C
Section: (none)
Explanation
14.8 Describing Security Event Analysis
Chain of Custody
Chain of custody, in legal contexts, refers to the chronological documentation or paper trail, showing the
seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.
QUESTION 51
Refer to the exhibit. During an analysis this list of email attachments is found. Which files contain the same
content?
A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2
Correct Answer: C
Section: (none)
Explanation
Al pasarlo por SHA-1 devuelven el mismo resultado.
QUESTION 52
In wich case should an employee return his laptop to the organization?
A. When moving to a different role

B. Upon termination of the employment
C. As described in the asset return policy
D. When the laptop is end of lease
Correct Answer: C
Section: (none)
Explanation
QUESTION 53
A firewall requires deep packet inspection to evaluate which layer?
A. application
B. Internet
C. link
D. transport
Correct Answer: A
Section: (none)
Explanation
QUESTION 54
Which event occurs when a signature-based IDS encounters network traffic that triggers an alert?
A. connection event
B. endpoint event
C. NetFlow event
D. intrusion event
Correct Answer: D
Section: (none)
Explanation
QUESTION 55
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between
two IP phones?
A. replay
B. man-in-the-middle
C. dictionary
D. known-plaintext
Correct Answer: B
Section: (none)
Explanation
3.3 Understanding Common TCP/IP Attacks
IP Vulnerabilities
Man-in-the-middle attack: An MITM attack intercepts a communication between two systems.

Essentially, the attacker inserts a device into a network that grabs packets that are streaming past.
Those packets are then modified and placed back on the network for forwarding to their original
destination. An MITM attack can completely defeat sophisticated authentication mechanisms because
the attacker waits until after a communication session is established, which means that authentication
has been completed, before starting to intercept packets. An MITM attack does not directly threaten
your network's stability, but it is an exploit that can target a specific destination IP address. A form of
MITM is called "eavesdropping." Eavesdropping differs only in that the perpetrator just copies IP
packets off the network without modifying them in any way.
QUESTION 56
Which situation indicates application-level white listing?
A. Allow everithing and deny specific executable files.

B. Allow specific executable files and deny specific executable files.
C. Writting current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.
Correct Answer: B
Section: (none)
Explanation
REVISAR
PARA MI ES LA D(Allow specific files and deny everything else.)
12.5 Understanding Endpoint Security Technologies

Application Whitelists and Blacklists
Blacklisting allows all traffic that is not explicitly denied. Another technique, called whitelisting, does the
opposite. It denies all traffic that is not explicitly permitted (listed on the whitelist).
QUESTION 57
Which definition of an antivirus program is true?
A. program used to detect and remove unwanted malicious software from the system.
B. program that provides real time analysis of security alerts fenerated by network hardware and
application
C. program that scans a running application for vulnerabilities
D. rules that allow network traffic to go in and out
Correct Answer: A
Section: (none)
Explanation
12.3 Understanding Endpoint Security Technologies
Host-Based Anti-Virus
As the name suggests, antivirus software was originally developed to detect and remove computer viruses.
QUESTION 58
Which two features must a next generation firewall include? (Choose two.)
A. data minig
B. host-based-antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system
Correct Answer: CE
Section: (none)
Explanation
REVISAR
11.18 Understanding Network Security Technologies

Next Generation Firewall
Let's look at some of the typical next generation requirements of a next-generation firewall.
Granular application visibility and control: Example, allowing IM but blocking file transfers over IM
<-- OK
Intrusion prevention system: Example, identify and potentially block malicious data that is carried in
network sessions. <-- palo y adentro?
Reputation-based filtering: Example, automatic blocking to suspected bad web sites
Enforce acceptable user policy: Example, blocking employees from browsing to unacceptable web
sites
SSL/TLS traffic decryption: Example, decrypting Facebook traffic so it can be inspected and
controlled
User- or user group-based policies: Example, allowing only the engineering employees to access the
development servers
Real-time contextual awareness: Example, automatic passive network, hosts, operating systems,
applications, and users discoveries
Intelligent security automation: Example, automatic correlation of different events data and impact
assessment
QUESTION 59
Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)

B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All the adobe
Correct Answer: D
Section: (none)
Explanation
14.6 Describing Security Event Analysis
SOC Runbook Automation
A runbook, also known as playbook, typically contains a combination of workflows, tools, and processes. A
runbook is a prescriptive collection of repeatable methods to detect and respond to security incidents.
The use of a runbook ensures that the responses by the security analysts can change and adapt in real
time to detect and resolve security events efficiently.
https://en.wikipedia.org/wiki/Runbook
According to Gartner, the growth of RBA has coincided with the need for IT operations executives to
enhance IT operations efficiency measures—including reducing mean time to repair (MTTR), increasing
mean time between failures (MTBF), and automating the provisioning of IT resources. In addition, it is
necessary to have the mechanisms to implement best practices (for example, implement and manage IT
operations processes in line with the ITIL, increase the effectiveness of IT personnel (for example,
automate repetitive tasks associated with IT operations processes), and have the tools to report on how
well the processes are executed in line with established policies and service levels.
QUESTION 60
Which of the following access control model use security labels to make access decisions?
A. Mandatory access control (MAC)

B. Role-based access control (RBAC)
C. Identity-based access control (IBAC)
Correct Answer: A
Section: (none)
Explanation
Access Control Models
QUESTION 61
One of the objectives of information security is to protect the CIA of information and systems. What does
CIA mean in this context?
A. Confidentiality, Integrity, and Availability.

B. Confidentiality, Identity, and Availability.
C. Confidentiality, Integrity, and Authorization
D. Confidentiality, Identity, and Authorization.
Correct Answer: A
Section: (none)
Explanation
Information Security Confidentiality, Integrity, and Availability
The confidentiality, integrity, and availability triad (also known as the CIA triad) is a fundamental
information security concept. It is these three elements of the information system that each organization is
trying to protect.
QUESTION 62
Where are configuration records stored?
A. In a CMDB
B. In a MySQL DB
C. In a XLS file
D. There is no need to store them
Correct Answer: A
Section: (none)
Explanation
REVISAR
Parece incompleta la pregunta pero sin ningún contexto tiene logica.

CMDB = Configuration Management DataBase (ITIL – ISO 20000)
QUESTION 63
Which two actions are valid uses of public key infrastructure? (Choose two)
A. ensuring the privacy of a certificate

B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate
Correct Answer: BC
Section: (none)
Explanation
QUESTION 64
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent
acreoss networks?
A. Internet Control Message Protocol

B. Address Resolution Protocol
C. Session Intimation Protocol
D. Transmission Control Protocol/Internet Protocol
Correct Answer: B
Section: (none)
Explanation
ARP, del inglés Address Resolution Protocol, es un protocolo responsable de encontrar la dirección de
hardware (Ethernet MAC) que corresponde a una determinada dirección IP.
QUESTION 65
Which if the following is true about heuristic-based algorithms?
A. Heuristic-based algorithms require fine tunning to adpat to network traffic and minimize
the possiblity of false positives.
B. Heuristic-based algorithms do not require fine tunning.
C. Heuristic-based algorithms support advanced malware protection.
D. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and
tunning.
Correct Answer: A
Section: (none)
Explanation
QUESTION 66
Which security priciple states that more than one person is required to perform a critical task?
A. due diligence
B. separation of duties
C. need to know
D. least privilege
Correct Answer: B
Section: (none)
Explanation
QUESTION 67
Which tool is commonly used by threat actors on a webpage to take advantage of the software
vulnerabilities of a system to spread malware?
A. exploit kit
B. root kit
C. vulnerability kit
D. script kiddie kit
Correct Answer: A
Section: (none)
Explanation
10.10 Understanding Common Endpoint Attacks
Exploit Kits
An exploit kit is an automated framework attackers use to discover and exploit vulnerabilities in an
endpoint, infect it with malware, and execute malicious code on it.
QUESTION 68
If a web server accepts input from the user and passes it to a bash shell, to which attack method is it
vulnerable?
A. input validation
B. hash collision
C. command injection
D. integer overflow
Correct Answer: C
Section: (none)
Explanation
7.10 Understanding Common Network Application Attacks
Command Injections
Command injection is an attack whereby an attacker's goal is to execute arbitrary commands on the web
server's OS via a vulnerable web application. Command injection vulnerability occurs when the web
application supplies vulnerable, unsafe input fields to the malicious users to input malicious data.
QUESTION 69
Based on wich statement does the discretionary access control security model grant or restrict access?
A. discretion of the system administrator

B. security policy defined by the owner of an object
C. security policy defined by the system administrator
D. role of a user within an organization
Correct Answer: B
Section: (none)
Explanation
QUESTION 70
Which definition of the virtual address space for a Windows process is true?
A. actual physical location of an object in memory

B. set of virtual memory addresses that it can use
C. set of pages that are currently resident in physical memory
D. system-level memory protection feature that is built into the operating system
Correct Answer: B
Section: (none)
Explanation
QUESTION 71
Which statement about digitally-signing a document is true?
A. The document is hashed and than the document is encrypted with the private key.
B. The document is hashed and than the hash is encrypted with the private key.
C. The document is encrypted and then the document is hashd with the public key
D. The document is hashed and than the document is encrypted with the public key.
Correct Answer: B
Section: (none)
Explanation
4.11 Understanding Basic Cryptography Concepts
Digital Signatures
QUESTION 72
You must create a vulnerability management framework. Which main purpose of this framework is true?
A. Conduct vulnerability scans on the network.

B. Manage a list of reported vulnerabilities.
C. Identify remove and mitigate system vulnerabilities.
D. Detect and remove vulenrabilities in source code.
Correct Answer: B
Section: (none)
Explanation
REVISAR
ME GUSTA LA C(Identify remove and mitigate system vulnerabilities.)

Information Security Management
The list below details some of the common security management systems/processes:
IT asset management entails collecting inventory, financial, and contractual data to manage the IT
asset throughout its life cycle. IT asset management depends on robust processes, with tools to
automate manual processes.
Configuration management is the process for establishing and maintaining consistency of a product's
performance, functional requirements, and design throughout the product's life cycle.
Patch management involves acquiring, testing, and the installing of patches or code changes to the IT
systems.
Vulnerability management is the practice of identifying, classifying, remediating, and mitigating
vulnerabilities in software, firmware, and hardware.
MDM is a type of security management software that is utilized by IT to monitor, manage, and secure
employees' mobile devices.
QUESTION 73
In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance,
like a firewall,
before it could be built fully?
A. ACK
B. SYN ACK
C. RST
D. PSH,ACK
Correct Answer: C
Section: (none)
Explanation
QUESTION 74
How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full-duplex
mode?
A. 4
B. 3
C. None
D. 1
Correct Answer: D
Section: (none)
Explanation
QUESTION 75
Which hashing algorithm is the least secure?
A. MD5
B. RC4
C. SHA-3
D. SHA-2
Correct Answer: A
Section: (none)
Explanation
Se los sistemas de hash listados solamente se conocen colisiones en MD5.
RC4, aunque es vulnerable, es un sistema de cifrado.
QUESTION 76
What is one of the advantafes of the mandatory access control (MAC) model?
A. Stricter control over the information access.

B. Easy and scalable.
C. The owner can decibe whom to grant access to.
Correct Answer: A
Section: (none)
Explanation
Access Control Models
Mandatory access control: MAC is the strictest control.
QUESTION 77
Which definition of vulnerability is true?
A. an exploitable unpatched and unmitigated weakness in software

B. an incompatible piece of software
C. software that does not have the most current patch applied
D. software that was not approved for installation
Correct Answer: A
Section: (none)
Explanation
Risk
QUESTION 78
Which definition of a process in Windows is true?
A. running program
B. unit of execution that must be manually scheduled by the application
C. database that stores low-level settings for the OS and for certain applications
D. basic unit to which the operating system allocates processor time
Correct Answer: A
Section: (none)
Explanation
8.4 Understanding Windows Operating System Basics
Windows Processes, Threads, and Handles
A Windows application consists of one or more processes. In the simplest terms, a "process" is an
instance of an executing program.
QUESTION 79
According to the attribute-based access control (ABAC) model, what is the subject location considered?
A. Part of the enviromental attributes

B. Part of the object attributes
C. Part of the access control attributes
D. None of the adove
Correct Answer: A
Section: (none)
Explanation
https://en.wikipedia.org/wiki/Attribute-based_access_control
Attributes can be about anything and anyone. They tend to fall into 4 different categories or functions (as in
grammatical function)
Subject attributes: attributes that describe the user attempting the access e.g. age, clearance,
department, role, job title...
Action attributes: attributes that describe the action being attempted e.g. read, delete, view,
approve...
Resource (or object) attributes: attributes that describe the object being accessed e.g. the object type
(medical record, bank account...), the department, the classification or sensitivity, the location...
Contextual (environment) attributes: attributes that deal with time, location or dynamic aspects of the
access control scenario
QUESTION 80
Which term represents a potential danger that could take advantage of a weakness in a system?
A. vulnerability
B. risk
C. threat
D. exploit
Correct Answer: B
Section: (none)
Explanation
Risk
QUESTION 81
You get an alert on your desktop computer showing that an attack was successful on the host but up on
investigation you see that occurred duration the attack. Which reason is true?
A. The computer has HIDS installed on it

B. The computer has NIDS installed on it
C. The computer has HIPS installed on it
D. The computer has NIPS installed on it
Correct Answer: A
Section: (none)
Explanation
QUESTION 82
which international standard is for general risk management, including the principles and guidelines for
managing risk?
A. ISO 27001
B. ISO 27005
C. ISP 31000
D. ISO 27002
Correct Answer: C
Section: (none)
Explanation
QUESTION 83
which process continues to be recorded in the process table after it has ended and the status is returned to
the parent?
A. daemon
B. zombie
C. orphan
D. child
Correct Answer: B
Section: (none)
Explanation
QUESTION 84
For which kind of attack does an attacker use known information in encrypted files to break the encryption
scheme for the rest of
A. known-plaintext
B. known-ciphertext
C. unknown key
D. man in the middle
Correct Answer: A
Section: (none)
Explanation
QUESTION 85
in which technology is network level encrypted not natively incorporated?
A. Kerberos
B. ssl
C. tls
D. IPsec
Correct Answer: A
Section: (none)
Explanation
QUESTION 86
which purpose of command and control for network aware malware is true?
A. It helps the malware to profile the host

B. It takes over the user account
C. It contacts a remote server for command and updates
D. It controls and down services on the infected host
Correct Answer: C
Section: (none)
Explanation
QUESTION 87
Which action is an attacker taking when they attempt to gain root access on the victims system?
A. privilege escalation
B. command injections
C. root kit
D. command and control
Correct Answer: A
Section: (none)
Explanation
QUESTION 88
Which vulnerability is an example of Shellshock?
A. SQL injection
B. heap Overflow
C. cross site scripting
D. command injection
Correct Answer: D
Section: (none)
Explanation
QUESTION 89
which statement about the difference between a denial-of-service attack and a distributed denial-of service
attack is true?
A. dos attacks only use flooding to compromise a network, and DDOS attacks m=only use other
methods?
B. Dos attacks are lunched from one host, and DDOS attacks are lunched from multiple hosts
C. DDos attacks are lunched from one host, and DOS attacks are lunched from multiple hosts
D. Dos attacks and DDOS attacks have no differences?
Correct Answer: B
Section: (none)
Explanation
QUESTION 90
A foreign government attacks your defense weapons contractor and stole intellectual property, that foreign
government is defined as what?
A. Defense Weapons Contractor who stole intellectual property

B. Foreign government who conduct attack
C. Intellectual property got stolen
D. method used by foreign government to hack
Correct Answer: B
Section: (none)
Explanation
QUESTION 91
Which identifier is used to describe the application or process that submitted a log message?
A. action
B. selector
C. priority
D. facility
Correct Answer: D
Section: (none)
Explanation
QUESTION 92
Which NTP command configures the local device as an NTP reference clock source?
A. ntp peer
B. ntp broadcast
C. ntp master
D. ntp server
Correct Answer: C
Section: (none)
Explanation
QUESTION 93
Which three options are types of Layer 2 network attack? (Choose three.)
A. ARP attacks
B. brute force attacks
C. spoofing attacks
D. DDOS attacks
E. VLAN hopping
F. botnet attacks
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 94
Where does routing occur within the DoD TCP/IP reference model?
A. application
B. internet
C. network
D. transport
Correct Answer: B
Section: (none)
Explanation
QUESTION 95
Which two features must a next generation firewall include? (Choose two.)
A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system
Correct Answer: CE
Section: (none)
Explanation
QUESTION 96
Which definition of the IIS Log Parser tool is true?
A. a logging module for IIS that allows you to log to a database

B. a data source control to connect to your data source
C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
D. a powerful versatile tool that verifies the integrity of the log files
Correct Answer: C
Section: (none)
Explanation
QUESTION 97
Which of the following access control models use security labels to make access decisions?
A. Mandatory access control (MAC)

B. Role-based access control (RBAC)
C. Identity-based access control (IBAC)
D. Discretionary access control (DAC)
Correct Answer: A
Section: (none)
Explanation
QUESTION 98
Which of the following is true about heuristic-based algorithms?
A. Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize
the possibility of false positives.
B. Heuristic-based algorithms do not require fine tuning.
C. Heuristic-based algorithms support advanced malware protection
D. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and
tuning.
Correct Answer: A
Section: (none)
Explanation
QUESTION 99
According to the attribute-based access control (ABAC) model, what is the subject location
considered?
A. Part of the environmental attributes

B. Part of the object attributes
C. Part of the access control attributes
D. None of the above
Correct Answer: A
Section: (none)
Explanation
QUESTION 100
What type of algorithm uses the same key to encryp and decrypt data?
A. a symmetric algorithm
B. an asymetric algorithm
C. a Public Key infrastructure algorithm
D. an IP Security algorithm
Correct Answer: A
Section: (none)
Explanation
QUESTION 101
Which actions can a promiscuous IPS take to mitigate an attack?
A. modifying packets
B. requesting connection blocking
C. denying packets
D. resetting the TCP connection
E. requesting host blocking
F. denying frames
Correct Answer: BDE

Section: (none)
Explanation
QUESTION 102
Which Statement about personal firewalls is true?
A. They are resilient against kernal attacks

B. They can protect email messages and private documents in a similar way to a VPN
C. They can protect the network against attacks
D. They can protect a system by denying probing requests
Correct Answer: D
Section: (none)
Explanation
QUESTION 103
Which three statements about host-based IPS are true? (Choose three)
A. It can view encrypted files

B. It can be deployed at the perimeter
C. It uses signature-based policies
D. It can have more restrictive policies than network-based IP
E. It works with deployed firewalls
F. It can generate alerts based on behavior at the desktop level.
Correct Answer: ADF

Section: (none)
Explanation
QUESTION 104
An attacker installs a rogue switch that sends superior BPDUs on your network.
What is a possible result of this activity?
A. The switch could offer fake DHCP addresses

B. The switch could become the root bridge.
C. The switch could be allowed to join the VTP domain
D. The switch could become a transparent bridge.
Correct Answer: B
Section: (none)
Explanation
QUESTION 105
Which definition describes the main purpose of a Security Information and Event Management solution ?
A. a database that collects and categorizes indicators of compromise to evaluate and search for potential
security threats
B. a monitoring interface that manages firewall access control lists for duplicate firewall filtering
C. a relay server or device that collects then forwards event logs to another log collection device
D. a security product that collects, normalizes, and correlates event log data to provide holistic views of
the security posture
Correct Answer: D
Section: (none)
Explanation
QUESTION 106
which definition of common event format is terms of a security information and event management solution
is true?
A. a type of event log used to identify a successful user login.

B. a TCP network media protocol.
C. Event log analysis certificate that stands for certified event forensics.
D. a standard log event format that is used for log collection.
Correct Answer: D
Section: (none)
Explanation
QUESTION 107
a standard log event format that is used for log collection.
A. It is the sum of all paths for data/commands into and out of the application
B. It is an exploitable weakness in a system or design
C. It is the individual who perform an attack.
D. It is any potential danger to an asset.
Correct Answer: A
Section: (none)
Explanation
QUESTION 108
For which purpose can Windows management instrumentation be used?
A. Remote viewing of a computer

B. Remote blocking of malware on a computer
C. Remote reboot of a computer
D. Remote start of a computer
Correct Answer: C
Section: (none)
Explanation
QUESTION 109
According to the common vulnerability scoring system, which term is associated with scoring multiple
vulnerabilities that are exploit in the course of a single attack?
A. chained score
B. risk analysis
C. Vulnerability chaining
D. confidentiality
Correct Answer: C
Section: (none)
Explanation
QUESTION 110
You discover that a foreign government hacked one of the defense contractors in your country and stole
intellectual property. in this situation, which option is considered the threat agent?
A. Threat Actor
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 111
RC4 is stream cipher, what attacks is it vulnerable to when the same key is used twice.
A. Cipher-text-only Attack, when an attacker uses cipher text from several messages and tries to deduce
the plaintext or key from just that information, using statistical analysis
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 112
There was a question asking what is an example of Whaling.
A. The answer was a malicious email sent to the companies CEO.

B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 113
Netflow Format (ASCII most probabaly/check hexadecimal)
A.
B.
C.
D.
Correct Answer:
Section: (none)
Explanation
QUESTION 114
Question about SIEM provide HTML, PDF and CSV format and asked what is it (Instrusion)
A.
B.
C.
D.
Correct Answer:
Section: (none)
Explanation
QUESTION 115
The other one was, something similar to, what cryptography is used on Digital Certificates? The answers
included:
A. SHA-256
B. SHA-512
C. RSA 4096
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 116
After a large influx of network traffic to externally facing devices, you begin investigating what appear to be
a denial of service attack. when you review packets capture data, you notice that the traffic is a single SYN
packet to each port. which kind of attack is this?
A. SYN flood.
B. Host porfiling.
C. traffic fragmentation.
D. port scanning.
Correct Answer: A
Section: (none)
Explanation
QUESTION 117
You get an alert on your desktop computer showing that an attack was successful on the host but up on
investigation you see that occurred duration the attack. Which reason is true?
A. The computer has HIDS installed on it

B. The computer has NIDS installed on it
C. The computer has HIPS installed on it
D. The computer has NIPS installed on it
Correct Answer: A
Section: (none)
Explanation
QUESTION 118
6-which purpose of command and control for network aware malware is true?
A. It helps the malware to profile the host

B. It takes over the user account
C. It contacts a remote server for command and updates
D. It controls and down services on the infected host
Correct Answer: C
Section: (none)
Explanation
QUESTION 119
C. root kit
Correct Answer: A
Section: (none)
Explanation
QUESTION 120
Which vulnerability is an example of Shellshock?
A. SQL injection
B. heap Overflow
C. cross site scripting
D. command injection
Correct Answer: D
Section: (none)
Explanation
QUESTION 121
is true?
Correct Answer: D
Section: (none)
Explanation
QUESTION 122
Which definition of a Linux daemon is true?
A. Process that is causing harm to the system by either using up system resources or causing a critical
crash.
B. Long – running process that is the child at the init process
C. process that has no parent process
D. process that is starved at the CPU.
Correct Answer: B
Section: (none)
Explanation
QUESTION 123
C. root kit
Correct Answer: A
Section: (none)
Explanation
QUESTION 124
What is used to analyze logs and view disks remotely.
A. WMI. I selected that one

B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 125
is true?

Correct Answer: D
Section: (none)
Explanation
QUESTION 126
What is a security Risk in an Application
A. Vulnerability
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 127
which Linux terminal command can be used to display all the processes?
A. ps -m
B. ps -u
C. ps -d
D. ps –ef
Correct Answer: D
Section: (none)
Explanation
QUESTION 128
How does NTP help with monitoring?
A. Using TCP allows you to view HTTP connections between servers and clients.
B. By synchronizing the time of day allows correlation of events from different system logs.
C. To receive system generated emails
D. To look up IP addresses in the system using the FQDN.
Correct Answer: B
Section: (none)
Explanation
QUESTION 129
In what context would it be inappropriate the use a hashing algorithm?
A.
B. SSH login
C. digital certificate
D. Telnet login
Correct Answer: D
Section: (none)
Explanation

210 250

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

210 250

Diunggah oleh

Hak Cipta:

Format Tersedia

Understanding Cisco Cybersecurity Fundamentals

A. Protected HIPAA information

A. To pass multiple virtual LANs

A. Identify the Internet Protocol of the target system.

A. From a Cisco ASA to the CIsco OpenDNS service

A. error check right after the call to fork a process

A. in sufficient network resources

A. a logging module for IIS that allows you to log to a database

A. Each station can transmit and receive at the same time.

A. on a particular end-point as an agent or a dektop application

A. Transmision Control Protocol

The DNS assumes that messages will be transmitted as datagrams or in a

A. Being the cause of a distributed reflection denial of service attack.

A. rules that allow network traffic to go in anda out

A. privete host information

HIPAA ‘Protected Health Information’: What Does PHI Include?

A. The TFTP server cannot obtain an address from a DHCP Server.

To participate in wide-area IP networking, a host needs to be

Select and Place:

Select and Place:

A. full packet capture

A. daemon to execute scheduled commands

A. set of pages that are currently resident in physical memory

A. Confirm the timing of network connections differentiated by the TCP 5-tuple

Types of XSS attacks include:

A. When moving to a different role

Man-in-the-middle attack: An MITM attack intercepts a communication between two systems.

A. Allow everithing and deny specific executable files.

12.5 Understanding Endpoint Security Technologies

11.18 Understanding Network Security Technologies

A. Mean time to repair (MTTR)

A. Mandatory access control (MAC)

A. Confidentiality, Integrity, and Availability.

Parece incompleta la pregunta pero sin ningún contexto tiene logica.

A. ensuring the privacy of a certificate

A. Internet Control Message Protocol

A. discretion of the system administrator

A. actual physical location of an object in memory

A. Conduct vulnerability scans on the network.

5.9 Describing Information Security Concepts

A. Stricter control over the information access.

Mandatory access control: MAC is the strictest control.

A. an exploitable unpatched and unmitigated weakness in software

A. Part of the enviromental attributes

A. The computer has HIDS installed on it

A. It helps the malware to profile the host

A. Defense Weapons Contractor who stole intellectual property

Correct Answer: ACE

A. a logging module for IIS that allows you to log to a database

A. Mandatory access control (MAC)

A. Part of the environmental attributes

Correct Answer: BDE

A. They are resilient against kernal attacks

A. It can view encrypted files

Correct Answer: ADF

A. The switch could offer fake DHCP addresses

A. a type of event log used to identify a successful user login.

A. Remote viewing of a computer

A. The answer was a malicious email sent to the companies CEO.

A. The computer has HIDS installed on it

A. It helps the malware to profile the host

A. WMI. I selected that one

A. a type of event log used to identify a successful user login.