Q1. Which situation indicates application-level white listing?

A. Allow everything and deny specific executable files.

B. Allow specific executable files and deny specific executable files.

C. Writing current application attacks on a whiteboard daily.

D. Allow specific files and deny everything else.

View Answer

Q2. Which definition of the IIS Log Parser tool is true?

A. a logging module for IIS that allows you to log to a database

B. a data source control to connect to your data source

C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies

D. a powerful versatile tool that verifies the integrity of the log files

View Answer

Q3. For which reason can HTTPS traffic make security monitoring difficult?

A. encryption

B. large packet headers

C. Signature detection takes longer.

D. SSL interception

View Answer

Q4. A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible explanation of this situation?

A. insufficient network resources

B. failure of full packet capture solution

C. misconfiguration of web filter

D. TCP injection

View Answer

Q5. Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?

A. chain of evidence

B. evidence chronology

C. chain of custody

D. record of safekeeping

View Answer

Q6. Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)

A. Confirm the timing of network connections differentiated by the TCP 5-tuple

B. Audit the applications used within a social networking web site.

C. Determine the user IDs involved in an instant messaging exchange.

D. Map internal private IP addresses to dynamically translated external public IP addresses

E. Identify the malware variant carried by ^n SMTP connection

View Answer

Q7. Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?

A. HTTP/TLS

B. IPv4/IPv6

C. TCP/UDP

D. ATM/ MPLS

View Answer

Q8. Which two actions are valid uses of public key infrastructure? (Choose two )

A. ensuring the privacy of a certificate

B. revoking the validation of a certificate

C. validating the authenticity of a certificate

D. creating duplicate copies of a certificate

E. changing ownership of a certificate

View Answer

Q9. Which identifier is used to describe the application or process that submitted a log message?

A. action

B. selector

C. priority

D. facility

View Answer

Q10. Which two terms are types of cross site scripting attacks? (Choose two )

A. directed

B. encoded

C. stored

D. reflected

E. cascaded

View Answer