Q1. Which type of exploit normally requires the culprit to have prior access to the target system?
A. local exploit
B. denial of service
C. system vulnerability
D. remote exploit
Answer: A
Q2. Which definition of a process in Windows is true?
A. running program
B. unit of execution that must be manually scheduled by the application
C. database that stores low-level settings for the OS and for certain applications
D. basic unit to which the operating system allocates processor time
Answer: C
Q3. Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks?
A. Internet Control Message Protocol
B. Address Resolution Protocol
C. Session Initiation Protocol
D. Transmission Control Protocol/Internet Protocol
Answer: A
Q4. Which option is a purpose of port scanning?
A. Identify the Internet Protocol of the target system.
B. Determine if the network is up or down
C. Identify which ports and services are open on the target host.
D. Identify legitimate users of a system.
Answer: A
Q5. Which two features must a next generation firewall include? (Choose two.)
A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system
Answer: D,E
Q6. A firewall requires deep packet inspection to evaluate which layer?
A. application
B. Internet
C. link
D. transport
Answer: A
Q7. Which definition of the virtual address space for a Windows process is true?
A. actual physical location of an object in memory
B. set of virtual memory addresses that it can use
C. set of pages that are currently resident in physical memory
D. system-level memory protection feature that is built into the operating system
Answer: A
Q8. Which term represents the chronological record of how evidence was collected- analyzed, preserved, and transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
Answer: C
Q9. Which concern is important when monitoring NTP servers for abnormal levels of traffic?
A. Being the cause of a distributed reflection denial of service attack.
B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.
Answer: C
Q10. DRAG DROP
Drag the technology on the left to the data type the technology provides on the right.
Answer:
Explanation: Tcpdump = transaction data netflow = session data
Traditional stateful firwall = connection event Web content filtering = full packet capture