Q1. Which situation indicates application-level white listing?
A. Allow everything and deny specific executable files.
B. Allow specific executable files and deny specific executable files.
C. Writing current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.
Answer: C
Q2. Which definition of the IIS Log Parser tool is true?
A. a logging module for IIS that allows you to log to a database
B. a data source control to connect to your data source
C. a powerful, versatile tool that makes it possible to run SQL-like queries against log flies
D. a powerful versatile tool that verifies the integrity of the log files
Answer: A
Q3. For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
Answer: D
Q4. A user reports difficulties accessing certain external web pages, When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible explanation of this situation?
A. insufficient network resources
B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection
Answer: A
Q5. Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
Answer: C
Q6. Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple
B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP addresses
E. Identify the malware variant carried by ^n SMTP connection
Answer: B,E
Q7. Which protocol is primarily supported by the third layer of the Open Systems Interconnection reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS
Answer: D
Q8. Which two actions are valid uses of public key infrastructure? (Choose two )
A. ensuring the privacy of a certificate
B. revoking the validation of a certificate
C. validating the authenticity of a certificate
D. creating duplicate copies of a certificate
E. changing ownership of a certificate
Answer: A,C
Q9. Which identifier is used to describe the application or process that submitted a log message?
A. action
B. selector
C. priority
D. facility
Answer: D
Q10. Which two terms are types of cross site scripting attacks? (Choose two )
A. directed
B. encoded
C. stored
D. reflected
E. cascaded
Answer: C,D