The Secret of Cisco 600-199 pdf

Q1. Which attack exploits incorrect boundary checking in network software? 

A. Slowloris 

B. buffer overflow 

C. man-in-the-middle 

D. Smurf 

View Answer

Q2. Refer to the exhibit. 

Based on the traffic captured in the tcpdump, what is occurring? 

A. The device is powered down and is not on the network. 

B. The device is reachable and a TCP connection was established on port 23. 

C. The device is up but is not responding on port 23. 

D. The device is up but is not responding on port 51305. 

E. The resend flag is requesting the connection again. 

View Answer

Q3. If an alert that pertains to a remote code execution attempt is seen on your network, which step is unlikely to help? 

A. looking for anomalous traffic 

B. looking for reconnaissance activity 

C. restoring the machine to a known good backup 

D. clearing the event store to see if future events indicate malicious activity 

View Answer

Q4. Which two measures would you recommend to reduce the likelihood of a successfully executed network attack from the Internet? (Choose two.) 

A. Completely disconnect the network from the Internet. 

B. Deploy a stateful edge firewall. 

C. Buy an insurance policy against attack-related business losses. 

D. Implement a password management policy for remote users. 

View Answer

Q5. Based on the tcpdump output, which two statements are true? (Choose two.) 

A. The reply is sent via unicast. 

B. All devices in the same subnet on a switched network will see the reply because it was broadcast. 

C. The device is coming up for the first time and is requesting an IP address. 

D. The ARP request is being sent as a broadcast. 

E. The device is requesting an ARP. 

F. Host 192.168.10.7 is requesting the operational status of host 192.168.10.8. 

View Answer

Q6. Which two types of data are relevant to investigating network security issues? 

(Choose two.) 

A. NetFlow 

B. device model numbers 

C. syslog 

D. routing tables 

E. private IP addresses 

View Answer

Q7. Refer to the exhibit. 

What does the tcpdump command do? 

A. Capture all packets sourced from TCP port 1514, resolve DNS names, print all TCP packets with the SYN flag not equaling 0, and print the Ethernet header and all version information. 

B. Capture all packets sourced from TCP port 1514, resolve DNS names, print all TCP packets except those containing the SYN flag, and print the Ethernet header and all version information. 

C. Capture up to 1514 bytes, do not resolve DNS names, print all TCP packets except for those containing the SYN flag, and print the Ethernet header and be very verbose. 

D. Capture up to 1514 bytes, do not resolve DNS names, print only TCP packets containing the SYN flag, and print the Ethernet header and be very verbose. 

View Answer

Q8. Which describes the best method for preserving the chain of evidence? 

A. Shut down the machine that is infected, remove the hard drive, and contact the local authorities. 

B. Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities. 

C. Identify the infected machine, disconnect from the network, and contact the local authorities. 

D. Allow user(s)  to perform any  business-critical  tasks  while waiting for  local authorities. 

View Answer

Q9. A server administrator tells you that the server network is potentially under attack. 

Which piece of information is critical to begin your network investigation? 

A. cabinet location of the servers 

B. administrator password for the servers 

C. OS that is used on the servers 

D. IP addresses/subnets used for the servers 

View Answer

Q10. Refer to the exhibit. 

Which two personal administrators should be involved to investigate further? (Choose two.) 

A. email administrator 

B. IPS administrator 

C. DNS administrator 

D. desktop administrator 

E. security administrator 

View Answer